exploit the possibilities
Showing 1 - 18 of 18 RSS Feed

Files from Laurent Butti

Email address0x9090 at gmail.com
First Active2005-10-18
Last Active2014-05-30
Wireshark CAPWAP Dissector Denial Of Service
Posted May 30, 2014
Authored by Laurent Butti, j0sm1 | Site metasploit.com

This Metasploit module injects a malicious udp packet to crash Wireshark 1.8.0 to 1.8.7 and 1.6.0 to 1.6.15. The vulnerability exists in the capwap dissector which fails to handle an incomplete packet.

tags | exploit, denial of service, udp
advisories | CVE-2013-4074, OSVDB-94091
MD5 | 95b5a8eb1d95df0bcc04737288bcd492
Wireshark Dissector Denial Of Service
Posted May 24, 2012
Authored by Laurent Butti

Wireshark versions 1.6.0 through 1.6.7 and versions 1.4.0 through 1.4.12 suffer from multiple dissector related denial of service vulnerabilities.

tags | exploit, denial of service, vulnerability
systems | linux
MD5 | b69533c3c9d8a81ed6f166ce32f3088d
Atheros Driver Reserved Frame Vulnerability
Posted Nov 17, 2009
Authored by Laurent Butti

The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Netgear WNDAP330) do not correctly parse malformed reserved management frames.

tags | advisory
advisories | CVE-2009-0052
MD5 | 311eea9fa6a1cd7afe726148b747cbb2
Marvell Driver Element Overflows
Posted Nov 17, 2009
Authored by Laurent Butti

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse information elements included in association requests.

tags | advisory, overflow
advisories | CVE-2007-5475
MD5 | a1914e0f8d8c9be7c7867acdef23d07f
Madwifi SIOCGIWSCAN Buffer Overflow
Posted Oct 27, 2009
Authored by Laurent Butti, Julien Tinnes

This Metasploit module exploits a stack-based buffer overflow in the Madwifi driver.

tags | exploit, overflow
advisories | CVE-2006-6332
MD5 | 08745c6fa50ec188b98852ec2891a8bd
Cisco Unified IP Phone 7960G and 7940G (SIP) RTP Header Vulnerability
Posted Jan 15, 2009
Authored by Laurent Butti, Gabriel Campana

The Cisco Unified IP Phone 7960G and 7940G (SIP) do not correctly parse some malformed RTP headers leading to a deterministic denial of service.

tags | advisory, denial of service
systems | cisco
advisories | CVE-2008-4444
MD5 | 3b4f1637a9f3eb6149974d18fd43b304
marvell-association.txt
Posted Oct 13, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the MARVELL-based Linksys WAP4400N) do not correctly parse some malformed 802.11 frames, allowing for denial of service and possible code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-4441
MD5 | 69916c72e730a607915d3836e3cb6687
atheros-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The wireless drivers in some Wi-Fi access points (such as the ATHEROS-based Linksys WRT350N) do not correctly parse the Atheros vendor specific information element included in association requests allowing for denial of service or possible code execution.

tags | advisory, denial of service, overflow, code execution
advisories | CVE-2007-5474
MD5 | 7230a63128d6e0c50c7cfdd4a27a0bbb
marvell-null.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from a NULL SSID association request vulnerability that allows for denial of service and possibly code execution.

tags | advisory, denial of service, code execution
advisories | CVE-2008-1197
MD5 | 7b4fbf20ade08e1cd70a32238d9e2ba4
marvell-overflow.txt
Posted Sep 4, 2008
Authored by Laurent Butti, Julien Tinnes

The Netgear WN802T (firmware 1.3.16) with the MARVELL 88W8361P-BEM1 chipset suffers from an overflow vulnerability when parsing malformed EAPoL-Key packets.

tags | advisory, overflow
advisories | CVE-2008-1144
MD5 | e9176cad9b5b34f5fbe34dc7d15e0808
cisco-acs.txt
Posted Sep 3, 2008
Authored by Laurent Butti, Gabriel Campana

Cisco Secure ACS does not correctly parse the length of EAP-Response packets which allows remote attackers to cause a denial of service and possibly execute arbitrary code. A remote attacker (acting as a RADIUS client) could send a specially crafted EAP Response packet against a Cisco Secure ACS server in such a way as to cause the CSRadius service to crash (reliable). This bug may be triggered if the length field of an EAP-Response packet has a certain big value, greater than the real packet length.

tags | advisory, remote, denial of service, arbitrary
systems | cisco
advisories | CVE-2008-2441
MD5 | af42d10de51f46d9fd8a6bf7ca0cf4ad
madwifi.txt
Posted Dec 8, 2006
Authored by Laurent Butti, Jerome RAZNIEWSKI, Julien Tinnes

There is a buffer overflow in the Madwifi Atheros driver in some functions called by SIOCSIWSCAN ioctl.

tags | advisory, overflow
advisories | CVE-2006-6332
MD5 | 85ad9569cc390f3940ea36572456c226
wifi-advanced-stealth-patches.tar.gz
Posted Oct 4, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

wifi-advanced-stealth-patches are a set of basic patches for the madwifi-ng driver in order to achieve good stealth at low cost! It can be useful in protecting your own network from wardrivers and attacks (denial-of-service, wep cracking...) as your modified access point and client are the only ones that understand themselves! Some embedded access point like the Netgear WG634U have an Atheros chipset (OpenWRT + madwifi) and thus may be modified to support stealth at low cost. These patches are only a proof-of-concept and may be improved in many ways as possibilities are quite infinite... These patches were released at BlackHat US 2006.

tags | tool, wireless
MD5 | 914dc0fe0c20477d6fbe2e7b3daecda4
pyrawcovert-0.1.tar.gz
Posted Oct 4, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

pyrawcovert is an enhancement of the Raw Covert tool that was released at ShmooCon2006. It is a covert channel over the 802.11 protocol. It uses valid control frames (ACK) for carrying the communication protocol. These frames are usually considered as non malicious and thus are not analyzed by most wireless IDS. This tool enables a full-duplex communication between two pyrawcovert and thus make it possible to perform some interactive communications (ssh...) or file transfers (scp...) thru this covert channel. This version was released at BlackHat US 2006.

tags | tool, protocol, wireless
MD5 | 531cbc4626a5bc99842dd71d8f88d85d
rcovert-0.1.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Covert is a program that initiates a covert channel over IEEE 802.11 networks thanks to wireless raw injection. It aims at encoding a covert channel in valid ACK frames in the RA address field. This program is a basic proof-of-concept code.

Changes: Public release.
tags | tool, wireless
MD5 | 4a98eb790309a80be2ee3bff41671fb5
rglueap-0.1.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Glue AP is a program that catches wireless stations searching for preferred SSIDs. This tool catches probe requests, send back appropriate probe responses and then tries to catch authentication and association requests. This is a kind of Glue AP which purpose is to catch clients that are actively scanning for any SSID. All this stuff is done in monitor mode and uses raw injection which seems to be required if this method may be implemented in a Wireless IDS (that usually perform detection in monitor mode). This program is a basic proof-of-concept code.

Changes: Public release.
tags | tool, wireless
MD5 | 61b724a4e1a48d0735fb18d4f68c0506
rfakeap-0.2.tar.gz
Posted Feb 9, 2006
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.

Changes: Aded a probe response mode.
tags | tool, wireless
MD5 | 38f159681196b566f20bf837aff1e8f8
rfakeap-0.1.tar.gz
Posted Oct 18, 2005
Authored by Laurent Butti | Site rfakeap.tuxfamily.org

Raw Fake AP is a program that emulates IEEE 802.11 access points thanks to wireless raw injection. It aims at creating/injecting both beacon and probe response frames in order to emulate valid IEEE 802.11 access points. This program is a basic proof-of-concept code.

tags | tool, wireless
MD5 | e710a7eea2a110022e92b176bce2bf8d
Page 1 of 1
Back1Next

File Archive:

April 2020

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    60 Files
  • 2
    Apr 2nd
    18 Files
  • 3
    Apr 3rd
    0 Files
  • 4
    Apr 4th
    0 Files
  • 5
    Apr 5th
    0 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    0 Files
  • 9
    Apr 9th
    0 Files
  • 10
    Apr 10th
    0 Files
  • 11
    Apr 11th
    0 Files
  • 12
    Apr 12th
    0 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2016 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close