ulvis.paste.net

Paste Search Dynamic
Recent pastes
commands
  1. #/usr/bin/env python
  2.  
  3. import socket
  4. import os
  5. import sys
  6. import select
  7. import string
  8. import random
  9.  
  10. COMMANDS = ["STATS", "RTIME", "LTIME", "SRUN", "TRUN", "GMON", "GDOG", "KSTET", "GTER", "HTER", "LTER", "KSTAN"]
  11.  
  12. def is_vulnerable_command(command):
  13.  
  14.     print "[*] fuzzin command", command
  15.     for i in range(100, 7000, 100):
  16.  
  17.         payload = command + " " + ''.join(random.choice(string.ascii_uppercase + string.digits + string.punctuation) for _ in range(i))
  18.         s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  19.         try:
  20.             s.connect(("192.168.56.101", 9999))
  21.         except socket.error, msg:
  22.             print "[!] can't connect: ", msg
  23.             return i
  24.  
  25.         s.setblocking(0)
  26.         ready = select.select([s], [], [], 5)
  27.  
  28.         if ready[0]:
  29.             data = s.recv(1024)
  30.             print "[*] received server banner: ", data
  31.         else:
  32.             print "[!] can't read from socket"
  33.             return i
  34.  
  35.         print "[*] sending evil request with", len(payload), "bytes"
  36.         s.send(payload)
  37.  
  38.         s.setblocking(0)
  39.         ready = select.select([s], [], [], 5)
  40.  
  41.         if ready[0]:
  42.             data = s.recv(1024)
  43.             print "[*] answer is", data
  44.         else:
  45.             print "[!] can't read from socket"
  46.             return i
  47.     return 0
  48.  
  49. if __name__ == "__main__":
  50.     crashes = []
  51.     for i in COMMANDS:
  52.         l = is_vulnerable_command(i)
  53.         if l != 0:
  54.             print "[!] ", i, " command seems to be vulnerable"
  55.             crashes.append({"command":i,"size":l})
  56.             try:
  57.                 input("Please restart the server than press a key to continue")
  58.             except syntaxerror:
  59.                 pass
  60.         else:
  61.             print "[*] ", i, " is safe"
  62.     for i in crashes:
  63.         print "[+] ", i["command"], " - ", i["size"]
Parsed in 0.020 seconds