From 5859c31e8ecf35c5b12ac653e8ab793bc9270604 Mon Sep 17 00:00:00 2001
From: Matt Kelly <mattkelly123@gmail.com>
Date: Wed, 28 Jun 2017 14:09:05 -0500
Subject: [PATCH] Add in check for uptime since March 14th 2017, which could
 indicate the system is vulnerable to MS17-010

Add in check for uptime since March 14th 2017, which could indicate the system is vulnerable to MS17-010 (EternalBlue/dismay style exploit)
---
 tools/FindSMB2UPTime.py | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/tools/FindSMB2UPTime.py b/tools/FindSMB2UPTime.py
index 1b0d787..b5c1682 100755
--- a/tools/FindSMB2UPTime.py
+++ b/tools/FindSMB2UPTime.py
@@ -33,9 +33,13 @@ def GetBootTime(data):
 def IsDCVuln(t):
     Date = datetime.datetime(2014, 11, 17, 0, 30)
     if t[0] < Date:
-       print "DC is up since:", t[1]
-       print "This DC is vulnerable to MS14-068"
-    print "DC is up since:", t[1]
+       print "System is up since:", t[1]
+       print "This system may be vulnerable to MS14-068"
+    Date = datetime.datetime(2017, 03, 14, 0, 30)
+    if t[0] < Date:
+       print "System is up since:", t[1]
+       print "This system may be vulnerable to MS17-010"
+     print "DC is up since:", t[1]
 
 
 def run(host):
@@ -63,6 +67,6 @@ def run(host):
 
 if __name__ == "__main__":
     if len(sys.argv)<=1:
-        sys.exit('Usage: python '+sys.argv[0]+' DC-IP-address')
+        sys.exit('Usage: python '+sys.argv[0]+' System-IP-address')
     host = sys.argv[1],445
     run(host)