Hi all,
Thanks to the clever, yet simple, remark of Thor Larholm on the testing
of the MS02-18 Patch level, I wrote a small, quick-n-dirty perl script
that allows one to check the patch level of MS02-18 in a user-friendly
manner.
Have fun!
</Filip>
#!/usr/bin/perl
########################################################################
# (c) Filip Maertens/CISSP, Simple MS02-18 Patch Level Checker
#
# DISCLAIMER: This tool is only to be used for legitimate purposes only.
# This is considered as an intrusive, so please adhere to the laws and
# regulations applicable in your country. Oh, and honey, there is pizza
# in the fridge...
#
# CREDITS: @stake/KPMG for the advisory
# Thor Larholm for the patch identification remark
#
########################################################################
use Socket;
print "iischeck.pl | Remote MS02-18 Patch Level Checker | <filip\@securax.be>\n---------------------------------------------------------------------\n";
$host= @ARGV[ 0 ];
$method= @ARGV[ 2 ];
my $target = inet_aton($host);
$port = 80;
$requestmethod[0] = "GET";
$requestmethod[1] = "HEAD";
$requestmethod[2] = "POST";
# Initializing strings & vars
$patchedstring = "InsertElementAnchor";
$nonpatchedstring = "document.write";
$bogusurl = "/xxxiischeckxxx";
# Main loop of rotten code
if ($host ne "") {
print " -- Checking hostname: $host\n";
$rawrequest = "$requestmethod[$method] $bogusurl HTTP/1.1\nClient-Agent:iischeck.pl\nHost:$host\r\n\r\n";
@results = sendrequestandgetanswer($rawrequest);
$criticalline = $results[49]; # 49, since HTTP headers are included
if ($results[2] =~ "IIS") {
SWITCH: {
if ($criticalline =~ $nonpatchedstring) { $patched = " -- Status: System vulnerable."; last SWITCH; }
if ($criticalline =~ $patchedstring) { $patched = " -- Status: System MS02-18 patched."; last SWITCH; }
$patched = " -- Status: Cannot identify patch level";
}
print "$patched\n\n";
} else {
print " -- Error: System is not a Windows/IIS host.\n\n";
}
} else {
showusage();
}
exit(0);
#######: Functions used by iischeck.pl :#######
sub showusage
{
print "Usage: iischeck [hostname] -method [method]\n\t-> Method: 1 = HEAD\n\t-> Method: 2 = POST\n\n";
}
sub sendrequestandgetanswer
{
my ($rawrequest)= @_;
@lines = sendrawandgetanswer ($rawrequest);
return @lines;
}
sub sendrawandgetanswer
{
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp') || 0) || die(" -- Error in creating socket\n");
if (connect(S,pack "SnA4x8",2,$port,$target))
{
my @in="";
select(S);
$|=1;
print $pstr;
while(<S>)
{
push @in,$_;
last if ($line=~ /^[\r\n]+$/ );
}
select(STDOUT);
return @in;
}
else
{
die(" -- Error connecting to: $host\n");
}
}
sub sendraw
{
my ($pstr)=@_;
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp') || 0) || die("Socket problems\n");
if (connect(S,pack "SnA4x8",2,$port,$target))
{
my @in="";
select(S);
$|=1;
print $pstr;
}
else
{
die(" -- Connection problems.\n");
}
}
This archive was generated by hypermail 2b30 : Sat Apr 20 2002 - 18:28:40 PDT