exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 18 of 18 RSS Feed

Files from Laurent Butti

Email address0x9090 at gmail.com
First Active2005-10-18
Last Active2014-05-30
Wireshark CAPWAP Dissector Denial Of Service
Posted May 30, 2014
Authored by Laurent Butti, j0sm1 | Site metasploit.com

This Metasploit module injects a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.

tags | exploit, denial of service, udp
advisories | CVE-2013-4074, OSVDB-94091
SHA-256 | f45824d8ae8f2f2ded6c62979f4a3f1eca4605da3e5dba3170672adc46202f24
Wireshark Dissector Denial Of Service
Posted May 24, 2012
Authored by Laurent Butti

Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
systems | linux
SHA-256 | e3de518339a43d0a5f512990af923fedfb53c8e45b810e538dc48e45374c8f12
Atheros Driver Reserved Frame Vulnerability
Posted Nov 17, 2009
Authored by Laurent Butti

The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Netgear WNDAP330) do not correctly parse malformed reserved management frames.

tags | advisory
advisories | CVE-2009-0052
SHA-256 | f6fc1bda3a0c5dffe082b5ca1d4a671c6e65ff573fec7141a069a46e37ab49da
Marvell Driver Element Overflows
Posted Nov 17, 2009
Authored by Laurent Butti

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse information elements included in association requests.

tags | advisory, overflow
advisories | CVE-2007-5475
SHA-256 | f726b07e5df156d18db6d87b24879cea10a4c642f89c60083faaa78b0fa2ed0f
Madwifi SIOCGIWSCAN Buffer Overflow
Posted Oct 27, 2009
Authored by Laurent Butti, Julien Tinnes

This Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.

tags | exploit, overflow
advisories | CVE-2006-6332
SHA-256 | 0754c28ffae1c6acf4d1bb93d5f0ef0b22f7d54c1e399116520b529c45ac5417
Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability
Posted Jan 15, 2009
Authored by Laurent Butti, Gabriel Campana

The Cisco Unified IP Phone 7960G and 7940G (SIP) do not correctly parse some malformed RTP headers leading to a deterministic denial of service.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2008-4444
SHA-256 | 00372e28c3e7b41b85a1d67580955f2b158b3cbd709e06747aa677141b355c44
marvell-association.txt
Posted Oct 13, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse some malformed 802.11 frames, allowing for denial of service and possible code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-4441
SHA-256 | 1a181ff342a3f2e4a532d4f63245f3886efc056a407e5ba031eaab9f54c9e7ff
atheros-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-5474
SHA-256 | 65bd74141ad942f7b06d4dba223152dea500c38738174396183436ef7ee12619
marvell-null.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-1197
SHA-256 | ccb13de54f066e877156a14ba07fa1ac4f865e9ef7de15ecd8de515a0d4f33f9
marvell-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets.

tags | advisory, overflow
advisories | CVE-2008-1144
SHA-256 | 38d2065be0b8a4aeb8224079f08d4c79ba5ac17ce0b4e9162721a30007efe569
cisco-acs.txt
Posted Sep 3, 2008
Authored by Laurent Butti, Gabriel Campana

Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.

tags | advisory, remote, denial of service, arbitrary
systems | cisco
advisories | CVE-2008-2441
SHA-256 | 319147cb46911ef704c63fc39bf9d0a5a41748f5c8eed7579cf3a521ef71ba93
madwifi.txt
Posted Dec 8, 2006
Authored by Laurent Butti, Jerome RAZNIEWSKI, Julien Tinnes

There is a buffer overflow in the Madwifi Atheros driver in some functions called by SIOCSIWSCAN ioctl.

tags | advisory, overflow
advisories | CVE-2006-6332
SHA-256 | ae78388667ab3deb4319d8f83bc674032a7c7b8df47d26ab5490c18a34bceb0c
wifi-advanced-stealth-patches.tar.gz
Posted Oct 4, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

wifi-advanced-stealth-patches are a set of basic patches for the madwifi-ng driver in order to achieve good stealth at low cost! It can be useful in protecting your own network from wardrivers and attacks (denial-of-service, wep cracking...) as your modified access point and client are the only ones that understand themselves! Some embedded access point like the Netgear WG634U have an Atheros chipset (OpenWRT + madwifi) and thus may be modified to support stealth at low cost. These patches are only a proof-of-concept and may be improved in many ways as possibilities are quite infinite... These patches were released at BlackHat US 2006.

tags | tool, wireless
SHA-256 | eb1c82d15aa2a2817a8f3510a77fa9d8aef7363d7ebb0cc1b2a5206f49b973fd
pyrawcovert-0.1.tar.gz
Posted Oct 4, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

pyrawcovert is an enhancement of the Raw Covert tool that was released at ShmooCon2006. It is a covert channel over the 802.11 protocol. It uses valid control frames (ACK) for carrying the communication protocol. These frames are usually considered as non malicious and thus are not analyzed by most wireless IDS. This tool enables a full-duplex communication between two pyrawcovert and thus make it possible to perform some interactive communications (ssh...) or file transfers (scp...) thru this covert channel. This version was released at BlackHat US 2006.

tags | tool, protocol, wireless
SHA-256 | 5a623757ddedb3d7b32645a8c8d4e3cf4628b3ccffb931316cc7e12bfe244b6f
rcovert-0.1.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Covert is a program that initiates a covert channel over IEEE 802.11 networks thanks to wireless raw injection. It aims at encoding a covert channel in valid ACK frames in the RA address field. This program is a basic proof-of-concept code.

Changes: Public release.
tags | tool, wireless
SHA-256 | c5841ce4e81f8eb059f35f0253eb832ea09516d507b38ba7301dd6b8f12bd765
rglueap-0.1.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Glue AP is a program that catches wireless stations searching for preferred SSIDs. This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any SSID. All this stuff is done in monitor mode and uses raw injection which seems to be required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). This program is a basic proof-of-concept code.

Changes: Public release.
tags | tool, wireless
SHA-256 | 13cce714959056d41627ec9442342d46072f9d72ef57554b9d03ebfb353ed2d1
rfakeap-0.2.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.

Changes: Aded a probe response mode.
tags | tool, wireless
SHA-256 | 4e5f63d8488b0fbd1a709429feb797c8c679de48f47ef93ab4741f8506830667
rfakeap-0.1.tar.gz
Posted Oct 18, 2005
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.

tags | tool, wireless
SHA-256 | 9e4755e10859803427684f739877b9269934518fdc21233cc9616a6e38bfee03
Page 1 of 1
Back1Next

File Archive:

June 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    19 Files
  • 2
    Jun 2nd
    16 Files
  • 3
    Jun 3rd
    28 Files
  • 4
    Jun 4th
    0 Files
  • 5
    Jun 5th
    0 Files
  • 6
    Jun 6th
    19 Files
  • 7
    Jun 7th
    23 Files
  • 8
    Jun 8th
    11 Files
  • 9
    Jun 9th
    10 Files
  • 10
    Jun 10th
    4 Files
  • 11
    Jun 11th
    0 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    27 Files
  • 20
    Jun 20th
    65 Files
  • 21
    Jun 21st
    10 Files
  • 22
    Jun 22nd
    8 Files
  • 23
    Jun 23rd
    6 Files
  • 24
    Jun 24th
    6 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    15 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close