I've used Impacket to craft raw packets of all kinds. Then again I don't know if that counts - used to work at Core at the time, so it was pretty much the only choice due to licensing issues with other libraries.
I don't mean to say it's a bad tool to work with, not at all. I happen to prefer the newer Scapy, but it's just a matter of personal taste. :) On Sat, Nov 12, 2011 at 6:53 AM, Antony widmal <antony.wid...@gmail.com>wrote: > Dear Dan, > > Impacket was at first a Pysmb copy/update from Core Security in order to > play with RPC. (look at the source) > They've done some work on pysmb library in order to implement DCE/RPC > functionality in this dinosaurus lib. > Saying that we should use Impacket in order to craft *raw* UDP packet > is definitively the dumbest thing I've heard today. Seriously. Anyone can > confirm that ? Mario ? Carlos ? .... > > Anyways, This guy doesn't understand shit, talks a lot about shit he > doesn't know about, why would you even spend time reading his shit ? > > This vulnerability is about sending a *huge fucking* stream of UDP packets > on a closed port in order to trigger a int overflow via a ref count. > Most of the people here didn't even understand what we are talking > about/dealing with. > > Anyways, it's probably time for you to unsubscribe since you don't follow > and S-K's like sec...@gmail.com are trying to act like they know. > > Yeah right, a UDP int overflow triggered via a refcount UDP overflow that > you can trigger with 1 single TCP (with the right ACK) packet is the way to > go. > > This mailing list is getting gay, seriously. > > Cheers, > Antony. > > > > > > On Fri, Nov 11, 2011 at 3:10 PM, Dan Ballance <tzewang.do...@gmail.com>wrote: > >> Okay, now I'm confused! From >> http://oss.coresecurity.com/projects/impacket.html >> >> "Impacket is a collection of Python classes focused on providing access >> to network packets. Impacket allows Python developers to craft and decode >> network packets in simple and consistent manner. It includes support for >> low-level protocols such as IP, UDP and TCP, as well as higher-level >> protocols such as NMB and SMB. Impacket is highly effective when used in >> conjunction with a packet capture utility or package such as >> Pcapy<http://oss.coresecurity.com/projects/pcapy.html>. >> Packets can be constructed from scratch, as well as parsed from raw data. >> Furthermore, the object oriented API makes it simple to work with deep >> protocol hierarchies." >> >> Thanks for your input Antony. Can you explain why impacket has nothing >> to do with crafting UDP packets? >> >> Fascinating thread this. Thanks to all!! >> >> dan :) >> >> On 11 November 2011 22:42, Antony widmal <antony.wid...@gmail.com>wrote: >> >>> You are definitely a lamer secn3t. >>> Also for you little brain, impacket has nothing to do with crafting UDP >>> packets.. >>> >>> Thanks for proving this again and again. >>> >>> On Fri, Nov 11, 2011 at 2:36 PM, xD 0x41 <sec...@gmail.com> wrote: >>> >>>> well look at that :P >>>> not same author but , nice coding predelka! good one, i will add you >>>> to crazycoders.com coderslist... i guess there is a few codes you have >>>> now done wich might be useful... cheers. >>>> xd >>>> >>>> >>>> >>>> On 12 November 2011 05:43, Ryan Dewhurst <ryandewhu...@gmail.com> >>>> wrote: >>>> > An attempt at a possible MS11-083 DoS/PoC exploit, by >>>> @hackerfantastic: >>>> > >>>> > http://pastebin.com/fjZ1k0fi >>>> > >>>> > On Fri, Nov 11, 2011 at 5:08 PM, Thor (Hammer of God) >>>> > <t...@hammerofgod.com> wrote: >>>> >> Yeah, I gotta say, I’m going to use it at some point ;) >>>> >> >>>> >> >>>> >> >>>> >> From: full-disclosure-boun...@lists.grok.org.uk >>>> >> [mailto:full-disclosure-boun...@lists.grok.org.uk] On Behalf Of >>>> Mario Vilas >>>> >> Sent: Friday, November 11, 2011 9:02 AM >>>> >> To: Ryan Dewhurst >>>> >> >>>> >> Cc: full-disclosure@lists.grok.org.uk >>>> >> Subject: Re: [Full-disclosure] Microsoft Windows vulnerability in >>>> TCP/IP >>>> >> Could Allow Remote Code Execution (2588516) >>>> >> >>>> >> >>>> >> >>>> >> I liked the "heavy breather in the perv closet" bit. >>>> >> >>>> >> On Fri, Nov 11, 2011 at 5:43 PM, Ryan Dewhurst < >>>> ryandewhu...@gmail.com> >>>> >> wrote: >>>> >> >>>> >> I think Jon just said what everyone else was thinking, he said what I >>>> >> was thinking at least. >>>> >> >>>> >> On Fri, Nov 11, 2011 at 1:54 PM, Jon Kertz <jon.ke...@gmail.com> >>>> wrote: >>>> >>> On Thu, Nov 10, 2011 at 2:59 PM, xD 0x41 <sec...@gmail.com> wrote: >>>> >>>> About the PPS, i think thats a very bad summary of the exploit, >>>> 49days >>>> >>>> to send a packet, my butt. >>>> >>>> There is many people assuming wrong things, when it can be done >>>> with >>>> >>>> seconds, syscanner would scan a -b class in minutes, remember it >>>> only >>>> >>>> has to find the vulns, gather, then it would break scan, and >>>> trigger >>>> >>>> vuln... so in real world botnet, yes then, with tcpip patchers, >>>> like >>>> >>>> somany ppl i know myself, even use (tcpipz)patcher ) , wich >>>> rocks... >>>> >>>> and it is ONLY one wich actually works, when you maybe modify the >>>> src >>>> >>>> so the sys file, is dropped from within a .cpp file, well thats up >>>> to >>>> >>>> you but thats better way to make it work, this will open >>>> >>>> sockets/threads, as i could, easily proove with one exe, but, the >>>> goal >>>> >>>> is, to trigger the vuln then exploit it, less than 49days :P , so , >>>> >>>> iguess if this exploit, in real form, gathered 2 million hosts >>>> over 3 >>>> >>>> nights.. i guessing that the exploit, could possibly be triggered >>>> with >>>> >>>> ONE properly setup packet.. people forget that, a packet is one >>>> thing, >>>> >>>> and a crafted UDP packet, is quite another.. >>>> >>> >>>> >>> I'd really like to see you actually explain this bug with code. >>>> Either >>>> >>> with a poc or with the disassembly. You seem to act like you know >>>> >>> what's going on, but so far your description has been off base (from >>>> >>> what I can make of your writing). >>>> >>> >>>> >>> No one cares about paragraphs of speculation and bragging, code or >>>> you >>>> >>> are just another heavy breather in the perv closet of FD. >>>> >>> >>>> >>> _______________________________________________ >>>> >>> Full-Disclosure - We believe in it. >>>> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> >>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>>> >> >>>> >> _______________________________________________ >>>> >> Full-Disclosure - We believe in it. >>>> >> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> >> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >> >>>> >> >>>> >> >>>> >> -- >>>> >> “There's a reason we separate military and the police: one fights >>>> the enemy >>>> >> of the state, the other serves and protects the people. When >>>> the military >>>> >> becomes both, then the enemies of the state tend to become the >>>> people.” >>>> > >>>> > _______________________________________________ >>>> > Full-Disclosure - We believe in it. >>>> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> > Hosted and sponsored by Secunia - http://secunia.com/ >>>> > >>>> >>>> _______________________________________________ >>>> Full-Disclosure - We believe in it. >>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>>> Hosted and sponsored by Secunia - http://secunia.com/ >>>> >>> >>> >>> _______________________________________________ >>> Full-Disclosure - We believe in it. >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html >>> Hosted and sponsored by Secunia - http://secunia.com/ >>> >> >> > > _______________________________________________ > Full-Disclosure - We believe in it. > Charter: http://lists.grok.org.uk/full-disclosure-charter.html > Hosted and sponsored by Secunia - http://secunia.com/ > -- “There's a reason we separate military and the police: one fights the enemy of the state, the other serves and protects the people. When the military becomes both, then the enemies of the state tend to become the people.”
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/