Saturday, April 18, 2015

MS15-034 Ruby Script

I made one and it is here: https://github.com/secjohn/ms15-034-checker.

When MS15-034 hit earlier this week there was a lot of activity. A few Python scripts came out quickly. Someone used one of those to make a Metasploit module very fast, a bit later a nmap script came out. But other than the Metasploit module no one made a ruby script to check for it. And frankly that bothered me so I made one. Let me explain why it bothered me.

Ruby isn't just a good high level language, it is what Metasploit uses. Metasploit is by far the most useful offensive tool in the InfoSec toolbox. And everyone in InfoSec should know how to use it, defensive people simply must understand how attacks work and how attackers think to defend well. If you don't agree or understand why buy me a drink at a con and I'll talk your ear off until you get it or are out of drink money. I'll be at RSA next week. :-) Anyway, Metasploit is a framework and sometimes you need to tweak a module to get it to work against the computer you are attacking. Knowing Ruby allows you to do that. Not being able to do that can mean the difference between getting in or falsely thinking the computer is secure.

Python is good and all but Ruby is a perfectly fine scripting language and your scripts don't have to look like a Metasploit module or part of a large object oriented program.

So my fellow InfoSec folks with various degrees of Ruby skills, keep the dust off them. Check out the script. Make another one that is better with half the lines of code for fun, or not using the gem I used, or whatever. Keep sharp out there, the skills will come in handy and you don't have to learn Python to do this kind of thing if you already know some Ruby.

No comments:

Post a Comment