osakaaa
/ http_sys_pseudo.c
Created
November 1, 2018 12:07
— forked from worawit/http_sys_pseudo.c
MS15-034 (CVE-2015-1635) PoCs
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| /* | |
| Pseudo code in HTTP.sys to understand flow related to MS15-034 | |
| All pseudo code are reversed from vulnerable HTTP.sys on Windows 7 SP1 x86 | |
| For anyone want to know what function are patched. | |
| Just open patched version and find all functions reference to RtlULongLongAdd(). | |
| */ |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/python3 | |
| # -*- coding: utf-8 -*- | |
| from email.mime.multipart import MIMEMultipart | |
| from email.mime.text import MIMEText | |
| import time | |
| import sys | |
| import argparse | |
| import smtplib | |
| from pathlib import Path | |
| import json |
osakaaa
/ httpsys.py
Last active
January 28, 2016 18:26
some http.sys experiments based on http://www.securitysift.com/an-analysis-of-ms15-034/
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| import socket | |
| from socket import error as SocketError | |
| import errno | |
| import time | |
| import sys | |
| import os | |
| try: | |
| request_host = sys.argv[1] | |
| request_file = sys.argv[2] |