Year of Python (YOP) – Week Sixteen


Hello Reader!

This weeks script is brought to you by MIcrosoft’s Patch Tuesday, and the MS15-034 fix that came out this month…

So we started looking at what systems we needed to patch for this vulnerability, and I started to think about some of the programs that are on the servers I use that don’t use a standard port 80 web server connection.  Some of the software I use on my systems (both forensic and from the server manufacturer) have some type of web front end, but they use odd numbered ports.  So I was thinking of a quick way that I could figure out which systems might be vulnerable, including ones that I didn’t know there was any type of web service on.

I was reading this SANS Diary post about MS15-034, which included a method of just checking for the vulnerability, and thought it would make a great YOP post for this week.

Now there is a pre-requisite for this script in order for it to run, you’ll need to install the Requests module.  I may re-write this script at a later point to use urllib, but I prefer using Requests for any web based stuff.

Basically you can feed this script a list of servers/IP addresses, and then specify an output file to write your results too.

The first thing I did in this script is define the request I wanted to send, along with a range of ports to check (in this case all of them):

headers = {'host':'ms15034', 'range': 'bytes=0-18446744073709551615'}
tcp_ports = range(1,65536)

But the following code:

with open(args.server_list, "r") as servers_to_check:
    for ms15_034_server in servers_to_check.readlines():
        for ports in tcp_ports:
                url = 'http://' + ms15_034_server.rstrip() + ':' + str(ports)
                print "Checking: {}...".format(url)
                ms15_034_check = http_check.get(url, headers = headers)
                ms15_output[str(ports)] = ms15_034_check.status_code
        for key, value in sorted(ms15_output.iteritems()):
            ms15_output_file.writelines("Server: {}\tPort: {}\tResult: {}".format(ms15_034_server, key, value))

Does most of the heavy lifting.  Here I start by cycling through the ports, informing the user which URL and port I’m checking (I’ll explain why in a bit).  When it finds an open port, it sends the headers I defined to see if it gets a response.  Then, it takes that response and puts it into a dictionary by port and then the HTTP response (if there is one).  When it’s finished cycling through all the ports, it writes the dictionary data to a file, and then moves on to the next server in the list.

Now there is a small bug in the code that I’m still trying to nail down, that’s inconsistent.  In some cases the script will hang on a port, and then only way to get it to continue is to do a Ctrl-C (which makes it move on to the next port).  I’m not quite sure why this is happening yet, because sometimes it will just hang on an open port longer than others.  So sometimes I’m just having to wait for it to move on, otherwise I need to help it along.

Until next week!

(EDIT: Thanks to Willi Ballenthin for suggesting the timeout parameter in the ms15_034_check line.  That appears to have fixed the hanging issue and I’ve updated the code on the site.)


No Responses Yet to “Year of Python (YOP) – Week Sixteen”

  1. Leave a Comment

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: