关联漏洞
标题:
Microsoft Windows HTTP.sys 远程执行代码漏洞
(CVE-2015-1635)
描述:Microsoft Windows是美国微软(Microsoft)公司发布的一系列操作系统。Microsoft Internet Information Services(IIS)是一套运行于Microsoft Windows中的互联网基本服务。 使用Microsoft IIS 6.0以上版本的Microsoft Windows的HTTP协议堆栈(HTTP.sys)中存在远程执行代码漏洞,该漏洞源于HTTP.sys文件没有正确分析经特殊设计的HTTP请求。成功利用此漏洞的攻击者可以在系统帐户的上下文中执行
描述
Concurrent network scanner for CVE-2015-1635
介绍
Webbased concurrent scanner for CVE-2015-1635.
[Live implementation running here](http://erlvulnscan.lolware.net/). This demonstration website is used for development of this project and it stability is not guaranteed.
[Information on this project is written here](https://lolware.net/2015/06/15/mass-vulnerability-scanning.html). As the "TODO" list documented there has been completed this code is now in a stable state.
[Code documentation can be found here](https://htmlpreview.github.io/?https://github.com/technion/erlvulnscan/blob/master/doc/index.html).
## Development and deployment
Clone the repository
git clone https://github.com/technion/erlvulnscan.git
Get prerequisiites
./rebar3 get-deps
Compile
./rebar3 compile
Static analysis
./rebar3 built-plt #First time only
./rebar3 dialyzer
Generate release
./rebar3 generate
Create edocs (only necessary after API change as these are synced to git)
./rebar3 doc
Run test harness (EUnit and Common Test both implemented)
./rebar3 eunit
./rebar3 ct
Observing the cache whille attached to running process
ets:match(simple_cache, '$1').
The "logs" directory can be accessed to identify two sources of tests by aliasing it to a URL. Accessing this directory without a subfolder will show the results of the CT test suite. Accessing view.png will show the PhantomJS output from the frontend test.
## Building the frontend
The frontend is built using Webpack plugins. From the frontend/ directory:
Install the requirements:
npm install
To build the frontend:
webpack
### nginx setup
These rules were used for routing:
location /netscan {
proxy_pass http://localhost:8080;
}
文件快照
[4.0K] /data/pocs/d31a057cbdd88fcf5d9b46c8ef36abb1a9a8972a
├── [4.0K] config
│ ├── [ 73] sys.config
│ └── [ 64] vm.args
├── [4.0K] doc
│ ├── [4.5K] cache.html
│ ├── [ 151] edoc-info
│ ├── [2.1K] erlang.png
│ ├── [1.8K] erlvulnscan_app.html
│ ├── [1.8K] erlvulnscan_sup.html
│ ├── [ 490] index.html
│ ├── [3.7K] ipmangle.html
│ ├── [1.0K] modules-frame.html
│ ├── [3.0K] mshttpsys.html
│ ├── [3.5K] netscan.html
│ ├── [1.1K] overview-summary.html
│ ├── [ 346] packages-frame.html
│ ├── [ 869] stylesheet.css
│ └── [2.3K] toppage_handler.html
├── [1.9K] elvis.config
├── [4.0K] frontend
│ ├── [4.0K] assets
│ │ ├── [ 307] erlvulnscan-entry.tsx
│ │ ├── [3.4K] erlvulnscan.tsx
│ │ ├── [2.1K] images.tsx
│ │ ├── [ 71] interfaces.d.ts
│ │ └── [3.3K] netscanform.tsx
│ ├── [4.0K] build
│ │ └── [1.0K] index.html
│ ├── [ 815] package.json
│ ├── [ 366] tsconfig.json
│ ├── [ 219] tslint.json
│ ├── [ 856] webpack.config.js
│ └── [ 564] webpack.debug.js
├── [4.0K] include
│ └── [ 331] defs.hrl
├── [1.0K] LICENSE
├── [1.7K] README.md
├── [767K] rebar3
├── [ 749] rebar.config
├── [ 498] rebar.lock
├── [4.0K] src
│ ├── [2.6K] cache.erl
│ ├── [ 749] erlvulnscan_app.erl
│ ├── [ 458] erlvulnscan.app.src
│ ├── [ 717] erlvulnscan_sup.erl
│ ├── [2.1K] ipmangle.erl
│ ├── [2.1K] mshttpsys.erl
│ ├── [1.4K] netscan.erl
│ ├── [ 857] recaptcha.erl
│ └── [2.1K] toppage_handler.erl
└── [4.0K] test
└── [1.5K] erlvulnscan_SUITE.erl
8 directories, 44 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。