Nmap Development mailing list archives
Re: [NSE] Script to detect remote code execution in Microsoft Windows systems (MS15-034)
From: Paulino Calderon Pale <paulino () calderonpale com>
Date: Mon, 4 May 2015 11:32:42 -0500
Hi list, Did anyone have a chance to test this? Someone suggested to use the status code to detect more instances: https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-vuln-cve2015-1635.nse <https://github.com/cldrn/nmap-nse-scripts/blob/master/scripts/6.x/http-vuln-cve2015-1635.nse> It worked correctly against the vulnerable instances I had access to but I’d like to wait before committing to see if anyone else have more information that will help the script improve its effectiveness. Cheers.
On Apr 15, 2015, at 3:00 PM, Paulino Calderon Pale <paulino () calderonpale com> wrote: Hi list, I came across this (http://pastebin.com/HeBDTenr <http://pastebin.com/HeBDTenr>) =) -- PORT STATE SERVICE REASON -- 80/tcp open http syn-ack -- | http-vuln-cve2015-1635: -- | VULNERABLE: -- | Remote Code Execution in HTTP.sys (MS15-034) -- | State: VULNERABLE (Exploitable) -- | IDs: CVE:CVE-2015-1635 -- | A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is -- | caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who -- | successfully exploited this vulnerability could execute arbitrary code in the context of the System account. -- | -- | Disclosure date: 2015-04-14 -- | References: -- | https://technet.microsoft.com/en-us/library/security/ms15-034.aspx <https://technet.microsoft.com/en-us/library/security/ms15-034.aspx> -- |_ http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635 <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-1635> Script: https://github.com/cldrn/nmap/blob/master/scripts/http-vuln-cve2015-1635.nse <https://github.com/cldrn/nmap/blob/master/scripts/http-vuln-cve2015-1635.nse>
_______________________________________________ Sent through the dev mailing list https://nmap.org/mailman/listinfo/dev Archived at http://seclists.org/nmap-dev/
Current thread:
- [NSE] Script to detect remote code execution in Microsoft Windows systems (MS15-034) Paulino Calderon Pale (Apr 15)
- Re: [NSE] Script to detect remote code execution in Microsoft Windows systems (MS15-034) Paulino Calderon Pale (May 04)
- Re: [NSE] Script to detect remote code execution in Microsoft Windows systems (MS15-034) Paulino Calderon Pale (May 21)
- Re: [NSE] Script to detect remote code execution in Microsoft Windows systems (MS15-034) Paulino Calderon Pale (May 04)