Does ms15–034 still exist today ?

5 days ago 5

Hi everyone how are you?, I hope you guys are well. I’m RyuuKhagetsu, this is my article in English, sorry if there are any mistakes. I hope you enjoy my article.

Ms15–034 is a vulnerability in HTTP.sys may allow Remote Code Execution, you can read about it here. This bug was reported in 2015 and it’s been 7 years since this year.

Back to the question “ does ms15–034 still exist today? ”… Yes, the bug is still exist today. I found it while doing pentesting on a website, let’s call it www.site.com.

At first I only saw what backend was used on the website using Wapplyzer,

The website used Windows OS and IIS (8.5) as the web server. I’m reminded of an article I’ve read, namely the ms15–034 gap in the IIS web server. After reading on the internet I used metasploit to check this bug…

Open metasploit.Type “ search ms15–034 “ or just “ use auxiliary/dos/http/ms15_034_ulonglongadd “.Type “ show options “ if you want to read it. Find the IP server with ping or dig and type “ set RHOST <ip-server> “.

Use “ check “ to see if the web server is vuln or not.

You can just type “ exploit “ or “ run “ in metasploit to see the result. But I used this script which I found in exploit-db. You can run it with “ python 36776.py <ip-web-server>. I’m not going to demonstrate it but in my case, when the script was running the server from the website www.site.com it restarted. So the website crashed temporarily.

Timeline :

01 May 2022 : I report to www.site.com.01 May 2022 : www.site.com respond my report.01 May 2022 : I got a bounty from this bug.

Maybe that’s all from me, hopefully it can be a reference for you and sorry if there are things that are not clear. I’m RyuuKhagetsu, see you in next article.

Read Entire Article