Skip to content

Commit 0244172

Browse files
jiushilljiushill
authored
Add files via upload
1 parent 6c151e7 commit 0244172

6 files changed

Lines changed: 2580 additions & 0 deletions

File tree

MS_17010/MS17_010scan.py

Lines changed: 64 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,64 @@
1+
import socket
2+
import binascii
3+
import struct
4+
import sys
5+
import threading
6+
7+
user=input('IP:')
8+
def scan():
9+
payload0 = binascii.unhexlify('00000085ff534d4272000000001853c00000000000000000000000000000fffe00004000006200025043204e4554574f524b2050524f4752414d20312e3000024c414e4d414e312e30000257696e646f777320666f7220576f726b67726f75707320332e316100024c4d312e325830303200024c414e4d414e322e3100024e54204c4d20302e313200')
10+
payload1 = binascii.unhexlify('00000088ff534d4273000000001807c00000000000000000000000000000fffe000040000dff00880004110a000000000000000100000000000000d40000004b000000000000570069006e0064006f007700730020003200300030003000200032003100390035000000570069006e0064006f007700730020003200300030003000200035002e0030000000')
11+
payload2 = binascii.unhexlify('00000060ff534d4275000000001807c00000000000000000000000000000fffe0008400004ff006000080001003500005c005c003100390032002e003100360038002e003100370035002e003100320038005c00490050004300240000003f3f3f3f3f00')
12+
payload3 = binascii.unhexlify('0000004eff534d4232000000001807c00000000000000000000000000008fffe000841000f0c0000000100000000000000a6d9a40000000c00420000004e0001000e000d0000000000000000000000000000')
13+
14+
s=socket.socket(socket.AF_INET,socket.SOCK_STREAM)
15+
s.settimeout(5)
16+
host=user
17+
port=445
18+
19+
s.connect((host,port))
20+
21+
print('[+]{}Ready to send'.format(host))
22+
s.send(payload0)
23+
s.recv(1024)
24+
25+
print('[+]{}Setting request'.format(host))
26+
s.send(payload1)
27+
session_setup_response=s.recv(1024)
28+
29+
user_id=session_setup_response[32:34]
30+
print(host,'User ID=%s'%struct.unpack('<H',user_id)[0])
31+
32+
modified_tree_connect_request=list(payload2)
33+
modified_tree_connect_request[32]=user_id[0]
34+
modified_tree_connect_request[33]=user_id[1]
35+
modified_tree_connect_request="".join('%s'%ld for ld in modified_tree_connect_request)
36+
37+
print('[+]{}Send connection'.format(host))
38+
s.send(payload2)
39+
tree_connect_response=s.recv(1024)
40+
41+
tree_id=tree_connect_response[28:30]
42+
print('[+]{}'.format(host),'Tree ID=%s'%struct.unpack('<H',tree_id)[0])
43+
44+
modified_trans2_session_setup=list(payload3)
45+
modified_trans2_session_setup[28]=tree_id[0]
46+
modified_trans2_session_setup[29]=tree_id[1]
47+
modified_trans2_session_setup[32]=user_id[0]
48+
modified_trans2_session_setup[33]=user_id[1]
49+
modified_trans2_session_setup="".join('{}'.format(li for li in modified_trans2_session_setup))
50+
51+
print('[+]{}Sending success is actually returning.'.format(host))
52+
s.send(payload3)
53+
final_respone=s.recv(1024)
54+
55+
s.close()
56+
57+
if final_respone[32]=="\x51":
58+
print('[*]existence MS17-010')
59+
else:
60+
print('[-]Not existence MS17-010')
61+
62+
def run():
63+
scan()
64+
run()

wdcp爆破/pass.txt

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
admin
2+
admins
3+
admin888

wdcp爆破/user.txt

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1 @@
1+
admin

0 commit comments

Comments
 (0)