[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CALCvwp6+pVXe0x1Q6R+3CHFMDhjvCAfPww6HhK4WTZKYDtB97A@mail.gmail.com>
Date: Fri, 11 Nov 2011 21:41:03 +1100
From: xD 0x41 <secn3t@...il.com>
To: Tillmann Werner <tillmann.werner@....de>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Microsoft Windows vulnerability in TCP/IP
Could Allow Remote Code Execution (2588516)
not my code dude. i just offered it, for anyone who was interested...
again, people bashing the user, who does nothing but inform :s
ghood one.
On 11 November 2011 19:17, Tillmann Werner <tillmann.werner@....de> wrote:
>> def callback(self, hdr, data):
>> # Parse the Ethernet packet
>> decoder = ImpactDecoder.EthDecoder()
>> ether = decoder.decode(data)
>> # Parse the IP packet inside the Ethernet packet, typep
>> iphdr = ether.child()
>> udphdr = iphdr.child()
>>
>> # First check that the packets are not comming from the local host
>> # Then check that it is a UDP packet (incase you changed the BPF) also
>> # Check that the destination port for the packet is a closed
>> port on the host
>> if (iphdr.get_ip_src() != self.ip):
>> self.refresh_portlist()
>> if (iphdr.get_ip_p() == ImpactPacket.UDP.protocol and
>> udphdr.get_uh_dport() not in self.portlist):
>> if self.called == 0:
>> self.callonce()
>> print "Incoming UDP packet from %s"%iphdr.get_ip_src()
>> self.dumper.dump(hdr, data)
>>
>> def refresh_portlist(self):
>> # bash script to get all the open and listening UDP ports
>> # used in the callback function as criteria for logging traffic
>> output = os.popen("./getports.sh")
>> pl = output.readlines()
>> self.portlist = []
>> for p in pl:
>> self.portlist.append(int(p))
>
> Seriously? popen()ing a bash script that calls netstat and awk twice for
> every packet?
>
> Tillmann
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists