(self)
| 10 | |
| 11 | class DshellPlugin(HTTPPlugin): |
| 12 | def __init__(self): |
| 13 | super().__init__( |
| 14 | name="ms15-034", |
| 15 | author="bg", |
| 16 | description='detect attempts to enumerate MS15-034 vulnerable IIS servers', |
| 17 | bpf='tcp and (port 80 or port 8080 or port 8000)', |
| 18 | output=AlertOutput(label=__name__), |
| 19 | longdescription=''' |
| 20 | Proof-of-concept code to detect attempts to enumerate MS15-034 vulnerable |
| 21 | IIS servers and/or cause a denial of service. Each event will generate an |
| 22 | alert that prints out the HTTP Request method and the range value contained |
| 23 | with the HTTP stream. |
| 24 | |
| 25 | Usage: |
| 26 | decode -d ms15-034 -q *.pcap |
| 27 | decode -d ms15-034 -i <interface> -q |
| 28 | |
| 29 | References: |
| 30 | https://technet.microsoft.com/library/security/ms15-034 |
| 31 | https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/ |
| 32 | ''', |
| 33 | ) |
| 34 | |
| 35 | |
| 36 | def http_handler(self, conn, request, response): |
nothing calls this directly
no test coverage detected