This Metasploit module retrieves the setup record from Lantronix serial-to-ethernet devices via the config port (30718/udp, enabled by default) and extracts the telnet password. It has been tested successfully on a Lantronix Device Server with software version V5.8.0.1.
774029efa2fb513cbd66b5dcfba4523e04a8ee3ca0b2443ec30d09c92aba2529The Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. A discovery packet compels a Moxa device to respond to the sender with some basic device information that is needed for more advanced functions. The discovery data is 8 bytes in length and is the most basic example of the Moxa protocol. It may be sent out as a broadcast (destination 255.255.255.255) or to an individual device. Devices that respond to this query may be vulnerable to serious information disclosure vulnerabilities, such as CVE-2016-9361. The module is the work of Patrick DeSantis of Cisco Talos and is derived from original work by K. Reid Wightman. Tested and validated on a Moxa NPort 6250 with firmware versions 1.13 and 1.15.
98b6bc9ac986f9cabba0156932ffefd60159a96b8107e1d9b3448bedd300ff36This Metasploit module can be used to discover Memcached servers which expose the unrestricted UDP port 11211. A basic "stats" request is executed to check if an amplification attack is possible against a third party.
cb5539054159e5bd7eb5991e8ba1abaed61e1b1644670a36b4815d24c61a9cabDetect UDP endpoints with UDP amplification vulnerabilities.
4b266aac321033bf9bd912f59c5fbdf160afa5b657e7351b0616cbfb0a87e10bThis Metasploit module uses the Kademlia BOOTSTRAP and PING messages to identify and extract information from Kademlia speaking UDP endpoints, typically belonging to eMule/eDonkey/BitTorrent servers or other P2P applications.
eba8248b7c5e0ccdd26ca05535b352545a47360c55fc0541e56ac36a0e461848This Metasploit module forges NetBIOS Name Service (NBNS) responses. It will listen for NBNS requests sent to the local subnets broadcast address and spoof a response, redirecting the querying machine to an IP of the attackers choosing. Combined with auxiliary/server/capture/smb or auxiliary/server/capture/http_ntlm it is a highly effective means of collecting crackable hashes on common networks. This Metasploit module must be run as root and will bind to udp/137 on all interfaces.
ff6e3182c34b77e4130a88264f526ca39f573748ca673f54fe46407ea6bf712aThis Metasploit module targets ZDI-20-704 (aka CVE-2020-10924), a buffer overflow vulnerability in the UPNP daemon (/usr/sbin/upnpd), on Netgear R6700v3 routers running firmware versions from V1.0.2.62 up to but not including V1.0.4.94, to reset the password for the admin user back to its factory default of password. Authentication is bypassed by using ZDI-20-703 (aka CVE-2020-10923), an authentication bypass that occurs when network adjacent computers send SOAPAction UPnP messages to a vulnerable Netgear R6700v3 router. Currently this module only supports exploiting Netgear R6700v3 routers running either the V1.0.0.4.82_10.0.57 or V1.0.0.4.84_10.0.58 firmware, however support for other firmware versions may be added in the future. Once the password has been reset, attackers can use the exploit/linux/telnet/netgear_telnetenable module to send a special packet to port 23/udp of the router to enable a telnet server on port 23/tcp. The attacker can then log into this telnet server using the new password, and obtain a shell as the "root" user. These last two steps have to be done manually, as the authors did not reverse the communication with the web interface. It should be noted that successful exploitation will result in the upnpd binary crashing on the target router. As the upnpd binary will not restart until the router is rebooted, this means that attackers can only exploit this vulnerability once per reboot of the router. This vulnerability was discovered and exploited at Pwn2Own Tokyo 2019 by the Flashback team (Pedro Ribeiro + Radek Domanski).
9761d8c2da4ee95f5c6b4cfd77d3759b606692ed519993f3da76a637e562671bThe Moxa protocol listens on 4800/UDP and will respond to broadcast or direct traffic. The service is known to be used on Moxa devices in the NPort, OnCell, and MGate product lines. Many devices with firmware versions older than 2017 or late 2016 allow admin credentials and SNMP read and read/write community strings to be retrieved without authentication. This Metasploit module is the work of Patrick DeSantis of Cisco Talos and K. Reid Wightman. Tested on: Moxa NPort 6250 firmware v1.13, MGate MB3170 firmware 2.5, and NPort 5110 firmware 2.6.
993fe76383658c80bcdb06cee32dc9d065dae5ecbd2b15061a1c670b3fa96e6dThis Metasploit module allows remote attackers to cause a denial of service (DoS) in MiniUPnP 1.0 server via a specifically crafted UDP request.
ae95c1cc86778001a1fb62a7b55dfa5b18cd92ec1effb4c0c6c39cb0dab75bd7This Metasploit module allows remote attackers to cause a denial of service (DoS) in Mirage firewall for QubesOS 0.8.0-0.8.3 via a specifically crafted UDP request.
2e49151f0bab4b89e2ac18ff83d1ad11489dfd6f54b04fa9c225a07019f25493This Metasploit module causes infinite recursion to occur within the CLDAP dissector by sending a specially crafted UDP packet.
568ad7595459e481f0c75d26d5fcb1a38e0afde404c8592524a0292daf4d8f48This Metasploit module injects a malformed UDP packet to crash Wireshark and TShark 1.8.0 to 1.8.7, as well as 1.6.0 to 1.6.15. The vulnerability exists in the CAPWAP dissector which fails to handle a packet correctly when an incorrect length is given.
cec94847adc64618aa31611cb0487ee9eec527cbaa3d2516f2ba91a164efcdedThis Metasploit module sends a specially crafted packet to port 50000/UDP causing a denial of service of the affected (Siemens SIPROTEC 4 and SIPROTEC Compact prior to version 4.25) devices. A manual reboot is required to return the device to service.
2fbe8502afeff81c2e18f83d6d097f74872981a84592aeb940ec680bdb3f3e01Beckhoff TwinCAT versions 2.11.0.2004 and below can be brought down by sending a crafted UDP packet to port 48899 (TCATSysSrv.exe).
47a8fbcae615cfd77bd78922f54ca50e6c686e7627deeb269b32a102f239001eGNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
3263e6bd50751dadccfae19ff8c3d5cd91022890218bd95f0dd6aae993ea8926An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device uses a custom UDP protocol to start and control video and audio services. The protocol has been partially reverse engineered. Based upon the reverse engineering, no password or username is ever transferred over this protocol. Thus, one can set up the camera connection feed with only the encoded UID. It is possible to set up sessions with the camera over the Internet by using the encoded UID and the custom UDP protocol, because authentication happens at the client side.
30be5b3d8a4c41b0bd80dbb9c3ff49c1407c5db44ff864668aaab8728b0c851dAn issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. A crash and reboot can be triggered by crafted IP traffic, as demonstrated by the Nikto vulnerability scanner. For example, sending the 111111 string to UDP port 20188 causes a reboot. To deny service for a long time period, the crafted IP traffic may be sent periodically.
6ec2dd61152dfc79f755826cd417ef76f9308483fefb98de18929d3fc231ad62An issue was discovered on Sannce Smart HD Wifi Security Camera EAN 2 950004 595317 devices. By default, a mobile application is used to stream over UDP. However, the device offers many more services that also enable streaming. Although the service used by the mobile application requires a password, the other streaming services do not. By initiating communication on the RTSP port, an attacker can obtain access to the video feed without authenticating.
850c930ab6136aac773a8e8414bf0c0de76c080804cb4d19d853a1e3a6ae67e2GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
8c2351268e9b8ba2ad288b8b337ce399f79c18e3ffd960803f4ed5de7dda9fa1Sippts is a set of tools to audit VoIP servers and devices using SIP protocol. It is programmed in Python script and it allows us to check the security of a VoIP server using SIP protocol, over UDP, TCP and TLS protocols.
c39fa34d085c0c332acd12f54b5016ced5d9dfc4d1687a6d231fee23f51a101eUbuntu Security Notice 6657-2 - USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS. Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered that Dnsmasq incorrectly handled validating DNSSEC messages. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly handled preparing an NSEC3 closest encloser proof. A remote attacker could possibly use this issue to cause Dnsmasq to consume resources, leading to a denial of service. It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP packet size as required by DNS Flag Day 2020. This issue only affected Ubuntu 23.10.
1fe74e528f9c677caecbbdfcd678431e4752e4565e8a9eb7cd614192a3dcc6e0Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
e14ab530e47b5afd88f1c8a2bac7f89cd8fe6b478e22d255c5b9bddb7a1c5778GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
2faf30a7c965ee27488aa615351736f44a121eeb9316eea19a0fa4904265c2c5Simple Packet Sender (SPS) is a Linux packet crafting tool. It supports IPv4, IPv6 (but not extension headers yet), and tunneling IPv6 over IPv4. Written in C on Linux with GUI built using GTK+. Both source and binaries are included. Features include packet crafting and sending one, multiple, or flooding packets of type TCP, ICMP, or UDP. All values within ethernet frame can be modified arbitrarily. Supports TCP, ICMP and UDP data as well, with input from either keyboard as UTF-8/ASCII, keyboard as hexadecimal, or from file. Various other features exist as well.
27655eb9a3a11f0253a3989eedbe5dd12a1cb92bbb5594ec4c58e5663a454db3GNUnet is a peer-to-peer framework with focus on providing security. All peer-to-peer messages in the network are confidential and authenticated. The framework provides a transport abstraction layer and can currently encapsulate the network traffic in UDP (IPv4 and IPv6), TCP (IPv4 and IPv6), HTTP, or SMTP messages. GNUnet supports accounting to provide contributing nodes with better service. The primary service build on top of the framework is anonymous file sharing.
56029e78a99c04d52b1358094ae5074e4cd8ea9b98cf6855f57ad9af27ac9518
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed