private static MachineScanResult.VulnerabilityStatus IsVulnerableDebug(string ip, out string statusMessage) { Random random = new Random(); Thread.Sleep(random.Next(1000)); MachineScanResult.VulnerabilityStatus vulnerabilityStatus = (MachineScanResult.VulnerabilityStatus)random.Next(5); statusMessage = ip + " is " + ((vulnerabilityStatus == MachineScanResult.VulnerabilityStatus.YES) ? "" : "NOT ") + "vulnerable"; return(vulnerabilityStatus); }
public void SearchAndDestroy(Form1 main, String StartingAddress, String EndingAddress) { uint current = StartingAddress.ToUInt(), last = EndingAddress.ToUInt(); while (current <= last) { IPAddress Address = current++.ToIPAddress(); UpdateTitle(main, "EternalBlue Scanner - " + Address.ToString()); String Message = ""; MachineScanResult.VulnerabilityStatus AddressStatus = new MachineScanResult.VulnerabilityStatus(); EternalBlueToolkit eternalBlueToolkit = new EternalBlueToolkit(); AddressStatus = EternalBlueToolkit.IsVulnerableStub(Address.ToString(), out Message); ListViewItem lvi = new ListViewItem(); lvi.Text = Address.ToString(); lvi.SubItems.Add(AddressStatus.ToString()); UpdateList(main, lvi); } UpdateTitle(main, "EternalBlue Scanner"); }
private static MachineScanResult.VulnerabilityStatus IsVulnerable(string ip, out string statusMessage) { SmbPayloadStatus smbPayloadStatus = SmbPayloadStatus.Connect; MachineScanResult.VulnerabilityStatus vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_RESPONSE_FROM_HOST; try { IPEndPoint iPEndPoint = new IPEndPoint(IPAddress.Parse(ip), 445); Socket socket = new Socket(iPEndPoint.AddressFamily, SocketType.Stream, ProtocolType.Tcp); socket.SendTimeout = SEND_TIMEOUT_IN_MILLISECONDS; socket.ReceiveTimeout = RECEIVE_TIMEOUT_IN_MILLISECONDS; socket.ReceiveBufferSize = 1024; socket.Connect(iPEndPoint); if (!socket.Connected) { throw new Exception("Connect failed"); } vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_SMB1_DISABLED; smbPayloadStatus = SmbPayloadStatus.Neogtiate; byte[] array = new byte[socket.ReceiveBufferSize]; byte[] buffer = negotiateProtoRequest(); socket.Send(buffer); int receivedBytes = socket.Receive(array); CheckSmbStatus(array, receivedBytes); vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_SMB1_ENABLED; smbPayloadStatus = SmbPayloadStatus.SessionSetup; buffer = sessionSetupAndxRequest(); socket.Send(buffer); Array.Clear(array, 0, socket.ReceiveBufferSize); receivedBytes = socket.Receive(array); SMBHeader sMBHeader = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: true); smbPayloadStatus = SmbPayloadStatus.TreeConnect; buffer = treeConnectAndxRequest(ip, sMBHeader.user_id); socket.Send(buffer); Array.Clear(array, 0, socket.ReceiveBufferSize); receivedBytes = socket.Receive(array); SMBHeader sMBHeader2 = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: true); smbPayloadStatus = SmbPayloadStatus.PeekNamedPipe; buffer = peekNamedPipeRequest(sMBHeader2.tree_id, sMBHeader2.process_id, sMBHeader2.user_id, sMBHeader2.multiplex_id); socket.Send(buffer); Array.Clear(array, 0, socket.ReceiveBufferSize); receivedBytes = socket.Receive(array); SMBHeader sMBHeader3 = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: false); smbPayloadStatus = SmbPayloadStatus.ReturnCodesCheck; if (sMBHeader3.smb_status != STATUS_INSUFF_SERVER_RESOURCES) { if (sMBHeader3.smb_status != STATUS_INVALID_HANDLE && sMBHeader3.smb_status != STATUS_ACCESS_DENIED) { vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.UNKNOWN; } throw new Exception(SmbStatusToMessage(sMBHeader3)); } statusMessage = ip.ToString() + " is VULNERABLE!!!!!!"; return(MachineScanResult.VulnerabilityStatus.YES); } catch (Exception ex) { statusMessage = ip.ToString() + " ; Check Status = " + smbPayloadStatus + " ; Vulnerability Status = " + vulnerabilityStatus + " ; Message = " + ex.ToString(); return(vulnerabilityStatus); } }