add more checks to confirm if target is ASA

milo2012 · Jun 27, 2018 · 58967db · 58967db
1 parent 13eb64c
commit 58967db
Showing 1 changed file with 79 additions and 2 deletions.
diff --git a/CVE-2018-0296.go b/CVE-2018-0296.go
@@ -34,6 +34,79 @@ func stringInSlice(str string, list []string) bool {
  	return false
 }
 
+func checkWebsite(newUrl string, Sockshost string, Socksport string) (bool) {
+	var timeoutSec = 5
+	var userAgent = "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/60.0.3112.113 Safari/537.36"
+	client := http.Client{
+		Timeout: time.Duration(timeoutSec),
+		CheckRedirect: func(req *http.Request, via []*http.Request) error {
+				return http.ErrUseLastResponse
+			},		
+	}
+	if len(Sockshost)>0 && len(Socksport)>0 {
+		dialer, err := proxy.SOCKS5("tcp", Sockshost+":"+Socksport, nil, &net.Dialer{
+			Timeout:   time.Duration(timeoutSec) * time.Second,
+			KeepAlive: time.Duration(timeoutSec) * time.Second,
+		})
+		if err != nil {
+			fmt.Fprintln(os.Stderr, "can't connect to the proxy:", err)
+			os.Exit(1)
+		} else {
+			httpTransport := &http.Transport{
+				TLSClientConfig: &tls.Config{InsecureSkipVerify: true},
+			}			
+			httpTransport.Dial = dialer.Dial
+			req, err := http.NewRequest("GET", newUrl, nil)
+			if err==nil {
+				req.Header.Add("User-Agent", userAgent)
+				resp, err := client.Do(req)			
+				if resp!=nil{					
+					defer resp.Body.Close()
+				}
+				if err==nil{	
+					if resp.StatusCode==200 {
+						return true
+					} else {
+						return false
+					}
+				} 
+				_=resp
+			} else {
+				return false
+			}
+		}
+	} else {
+		timeout := time.Duration(time.Duration(timeoutSec) * time.Second)
+		client := http.Client{
+			Timeout: timeout,
+			CheckRedirect: func(req *http.Request, via []*http.Request) error {
+					return http.ErrUseLastResponse
+				},		
+		}
+		http.DefaultTransport.(*http.Transport).TLSClientConfig = &tls.Config{InsecureSkipVerify: true}
+		req, err := http.NewRequest("GET", newUrl, nil)
+		if err==nil {
+			req.Header.Add("User-Agent", userAgent)
+			resp, err := client.Do(req)			
+			if resp!=nil{					
+				defer resp.Body.Close()
+			}
+			if err==nil{	
+				if resp.StatusCode==200 {
+					return true
+				} else {
+					return false
+				}
+			} 
+			_=resp
+		} else {
+			return false
+		}
+		return false
+	}
+	return false
+}
+
 func main() {
 	cli.Run(new(argT), func(ctx *cli.Context) error {
 		argv := ctx.Argv().(*argT)
@@ -87,7 +160,9 @@ func main() {
 							for _, h := range headers {
 								if name=="Set-Cookie" {
 									if strings.Contains(h,"webvpnlogin") {
-										verified=true
+										if checkWebsite(newUrl+"/+CSCOE+/logon.html",argv.Sockshost,argv.Socksport)==true {	
+											verified=true
+										}
 									}
 								}
 							}
@@ -356,7 +431,9 @@ func main() {
 						for _, h := range headers {
 							if name=="Set-Cookie" {
 								if strings.Contains(h,"webvpnlogin") {
-									verified=true
+									if checkWebsite(newUrl+"/+CSCOE+/logon.html","","")==true {	
+										verified=true
+									}
 								}
 							}
 						}