Full Disclosure mailing list archives
RE: Win32 Cisco Exploit
From: amilabs <amilabs () optonline net>
Date: Thu, 24 Jul 2003 09:57:20 -0400
According to protocol trace file analysis it does generate the correct
types of packets to cause the exploit. Both the gui and the cmd line
send the packets out with ttl 128 and with 0 as the next protocol in the
IP header. This is what the app spits out. I did not test against a
router just took a quick peek with a protocol analyzer and it does not
look like it will work based on the packet trace. Can someone tell me
otherwise?
------------ ETHER Header ------------
Destination: 00-03-A3-43-78-6B
Source: This Network Analyzer (00-04-55-2D-F8-A7)
Protocol: IP
FCS: E67BCBFA
------------ IP Header ------------
Version = 4
Header length = 20
Differentiated Services (DS) Field = 0x00
0000 00.. DS Codepoint = Default PHB (0)
.... ..00 Unused
Packet length = 40
Id = 1ed4
Fragmentation Info = 0x0000
.0.. .... .... .... Don't Fragment Bit = FALSE
..0. .... .... .... More Fragments Bit = FALSE
...0 0000 0000 0000 Fragment offset = 0
Time to live = 128
Protocol = 0 (0)
Header checksum = 04EB (Verified 04EB)
Source address = 10.1.1.28
Destination address = 10.1.1.250
20 bytes of data
Record #22 (From Node To Hub) Captured on 7/24/2003 at
09:50:56.437327771 Length = 64
Frame Data: (Length = 64)
0: 00 08 A3 4D 78 6B 00 02 55 5D F8 A7 08 00 45 00 ...Mxk..
U]....E.
16: 00 28 1E D4 00 00 80 00 04 EB 0A 01 01 1C 0A 01 .(......
........
32: 01 FA 45 10 00 14 2E 31 40 00 00 37 C1 76 7F 00 ..E....1
@..7.v..
48: 00 01 0A 01 01 FA 00 00 00 00 00 00 E6 7B CB FA ........
.....{..
-----Original Message-----
From: full-disclosure-admin () lists netsys com
[mailto:full-disclosure-admin () lists netsys com] On Behalf Of
koec () hush com
Sent: Wednesday, July 23, 2003 5:18 PM
To: full-disclosure () lists netsys com
Subject: [Full-disclosure] Win32 Cisco Exploit
Attached is a win32 version of the Cisco Exploit with a nice GUI.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- Win32 Cisco Exploit koec (Jul 23)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- Re: MS03-031 rollup missing a patch? Jensenne Roculan (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- Re: Win32 Cisco Exploit Joel R. Helgeson (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- MS03-031 rollup missing a patch? Geo. (Jul 24)
- RE: Win32 Cisco Exploit amilabs (Jul 24)
- <Possible follow-ups>
- RE: Win32 Cisco Exploit Leif Sawyer (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- RE: Win32 Cisco Exploit Bojan Zdrnja (Jul 24)
- Re: Win32 Cisco Exploit Michael Scheidell (Jul 24)
- Re: Win32 Cisco Exploit olafandjasper (Jul 24)