private static MachineScanResult.VulnerabilityStatus IsVulnerableDebug(string ip, out string statusMessage)
{
Random random = new Random();
Thread.Sleep(random.Next(1000));
MachineScanResult.VulnerabilityStatus vulnerabilityStatus = (MachineScanResult.VulnerabilityStatus)random.Next(5);
statusMessage = ip + " is " + ((vulnerabilityStatus == MachineScanResult.VulnerabilityStatus.YES) ? "" : "NOT ") + "vulnerable";
return(vulnerabilityStatus);
}
public void SearchAndDestroy(Form1 main, String StartingAddress, String EndingAddress)
{
uint current = StartingAddress.ToUInt(), last = EndingAddress.ToUInt();
while (current <= last)
{
IPAddress Address = current++.ToIPAddress();
UpdateTitle(main, "EternalBlue Scanner - " + Address.ToString());
String Message = "";
MachineScanResult.VulnerabilityStatus AddressStatus = new MachineScanResult.VulnerabilityStatus();
EternalBlueToolkit eternalBlueToolkit = new EternalBlueToolkit();
AddressStatus = EternalBlueToolkit.IsVulnerableStub(Address.ToString(), out Message);
ListViewItem lvi = new ListViewItem();
lvi.Text = Address.ToString();
lvi.SubItems.Add(AddressStatus.ToString());
UpdateList(main, lvi);
}
UpdateTitle(main, "EternalBlue Scanner");
}
private static MachineScanResult.VulnerabilityStatus IsVulnerable(string ip, out string statusMessage)
{
SmbPayloadStatus smbPayloadStatus = SmbPayloadStatus.Connect;
MachineScanResult.VulnerabilityStatus vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_RESPONSE_FROM_HOST;
try
{
IPEndPoint iPEndPoint = new IPEndPoint(IPAddress.Parse(ip), 445);
Socket socket = new Socket(iPEndPoint.AddressFamily, SocketType.Stream, ProtocolType.Tcp);
socket.SendTimeout = SEND_TIMEOUT_IN_MILLISECONDS;
socket.ReceiveTimeout = RECEIVE_TIMEOUT_IN_MILLISECONDS;
socket.ReceiveBufferSize = 1024;
socket.Connect(iPEndPoint);
if (!socket.Connected)
{
throw new Exception("Connect failed");
}
vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_SMB1_DISABLED;
smbPayloadStatus = SmbPayloadStatus.Neogtiate;
byte[] array = new byte[socket.ReceiveBufferSize];
byte[] buffer = negotiateProtoRequest();
socket.Send(buffer);
int receivedBytes = socket.Receive(array);
CheckSmbStatus(array, receivedBytes);
vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.NO_SMB1_ENABLED;
smbPayloadStatus = SmbPayloadStatus.SessionSetup;
buffer = sessionSetupAndxRequest();
socket.Send(buffer);
Array.Clear(array, 0, socket.ReceiveBufferSize);
receivedBytes = socket.Receive(array);
SMBHeader sMBHeader = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: true);
smbPayloadStatus = SmbPayloadStatus.TreeConnect;
buffer = treeConnectAndxRequest(ip, sMBHeader.user_id);
socket.Send(buffer);
Array.Clear(array, 0, socket.ReceiveBufferSize);
receivedBytes = socket.Receive(array);
SMBHeader sMBHeader2 = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: true);
smbPayloadStatus = SmbPayloadStatus.PeekNamedPipe;
buffer = peekNamedPipeRequest(sMBHeader2.tree_id, sMBHeader2.process_id, sMBHeader2.user_id, sMBHeader2.multiplex_id);
socket.Send(buffer);
Array.Clear(array, 0, socket.ReceiveBufferSize);
receivedBytes = socket.Receive(array);
SMBHeader sMBHeader3 = DataToSmbHeader(array, receivedBytes, allowSuccessfulStatusOnly: false);
smbPayloadStatus = SmbPayloadStatus.ReturnCodesCheck;
if (sMBHeader3.smb_status != STATUS_INSUFF_SERVER_RESOURCES)
{
if (sMBHeader3.smb_status != STATUS_INVALID_HANDLE && sMBHeader3.smb_status != STATUS_ACCESS_DENIED)
{
vulnerabilityStatus = MachineScanResult.VulnerabilityStatus.UNKNOWN;
}
throw new Exception(SmbStatusToMessage(sMBHeader3));
}
statusMessage = ip.ToString() + " is VULNERABLE!!!!!!";
return(MachineScanResult.VulnerabilityStatus.YES);
}
catch (Exception ex)
{
statusMessage = ip.ToString() + " ; Check Status = " + smbPayloadStatus + " ; Vulnerability Status = " + vulnerabilityStatus + " ; Message = " + ex.ToString();
return(vulnerabilityStatus);
}
}
