Hi.

Sharing one of my scripts. Albeit this is a little late, but nevertheless here is it. This is a small Python script that checks (tries to check) if a target is vulnerable to MS-15-034 (CVE-2015-1635) i.e. "remote code execution vulnerability in the HTTP protocol stack (HTTP.sys)". Here's a little description about this vulnerability from here (https://ma.ttias.be/remote-code-exec...is-on-windows/) -

A remote code execution vulnerability exists in the HTTP protocol stack (HTTP.sys) that is caused when HTTP.sys improperly parses specially crafted HTTP requests. An attacker who successfully exploited this vulnerability could execute arbitrary code in the context of the System account.

To exploit this vulnerability, an attacker would have to send a specially crafted HTTP request to the affected system. The update addresses the vulnerability by modifying how the Windows HTTP stack handles requests.
- MS15-034
Please, understand that just because the script says so, doesn't mean that the target is vulnerable or vice versa. This is based on the things I have read in blogs and articles. Also, many similar scripts also exist, I just wanted to write one too. Enough talk, here's the script:

Code:
#!/usr/bin/env python

""" Just another MS15-034-checker script on the Internet. This can also be used 
for masscanning by importing and calling "scan()" with target as an argument. Results might
be "inclonclusive". Author takes no responsibility.
Details here - http://blog.beyondtrust.com/the-delicate-art-of-remote-checks-a-glance-into-ms15-034
and https://ma.ttias.be/remote-code-execution-via-http-request-in-iis-on-windows/

Author - c0dist
"""

import sys
import requests


def scan(target):
    range_header = {"Range":"bytes=0-18446744073709551615"}
    try:
        head = requests.head(target)
        if "IIS" in head.headers["server"]:
            print "[+] Target is an IIS Server."
            response = requests.get(target, headers=range_header)
            if response.status_code == 416:
                return "Probable"
    except Exception as e:
        print "[-] Error occured. %s" % str(e)
    
    return False

if __name__ == '__main__':
    if len(sys.argv) != 2:
        print "Usage: python %s <target>" % sys.argv[0]
        sys.exit(1)
        
    target = sys.argv[1]
    print "[+] Is target vulnerable? - %s" % scan(target)
Is is fairly easy to use and can be used as a standalone script or by importing as a module. For using as a standalone script use this syntax:

Code:
$ python MS15-034-checker.py <target>
While using as a module, it can used as (assuming you save it as 'vulncheck.py'):
Code:
import vulncheck

target = "example.com"
print "[+] Is target vulnerable? - %s" % vulncheck.scan(target)

That's all folks. the script can be found on Github here - https://github.com/RahulBinjve/scrip...034-checker.py

Hope this helps.

Cheers,
c0dist