Closed martinscheu closed 3 years ago
Hello @martinscheu
Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.
Let me know I will share what I have.
Thanks Vijay
Hello Vijay
Thank you for your reply. The DNS one specificially, as I dont know how such traffic looks like. But of course if you have additional ones regarding the ripple20, it would be very helpfull! So fare jsof released a script but without the DNS part.
Thank you, regards Martin
Get Outlook for Androidhttps://aka.ms/ghei36
From: Vijay Sarvepalli notifications@github.com Sent: Monday, June 29, 2020 4:55:21 PM To: CERTCC/PoC-Exploits PoC-Exploits@noreply.github.com Cc: martinscheu martin.scheu@outlook.com; Mention mention@noreply.github.com Subject: Re: [CERTCC/PoC-Exploits] share malformed_dns.pcap (#3)
Hello @martinscheuhttps://github.com/martinscheu
Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.
Let me know I will share what I have.
Thanks Vijay
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/PoC-Exploits/issues/3#issuecomment-651174252, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJGDR6YNNTKRC4BHN363UPTRZCTNTANCNFSM4OLJFQLA.
Hello Vijay
Not sure if I gave the right answer ;-) Documentation shouldnt be an issue, if sharing is, maybe I could contact you through another channel (I work for the SWITCH CERT in Switzerland)
Thanks, regards Martin
Get Outlook for Androidhttps://aka.ms/ghei36
From: Vijay Sarvepalli notifications@github.com Sent: Monday, June 29, 2020 4:55:21 PM To: CERTCC/PoC-Exploits PoC-Exploits@noreply.github.com Cc: martinscheu martin.scheu@outlook.com; Mention mention@noreply.github.com Subject: Re: [CERTCC/PoC-Exploits] share malformed_dns.pcap (#3)
Hello @martinscheuhttps://github.com/martinscheu
Are you looking for a specific one? The packets were generated using scapy and Python3 on aUbuntu 20 virtual machine. I can share the scripts we developed, they are not very well documented and may need some work! I believe JSOF plans to release a whole PoC suite which will have better coverage for all the CVE's. We did not do anything for the Layer-2 runt frame related attacks.
Let me know I will share what I have.
Thanks Vijay
— You are receiving this because you were mentioned. Reply to this email directly, view it on GitHubhttps://github.com/CERTCC/PoC-Exploits/issues/3#issuecomment-651174252, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AJGDR6YNNTKRC4BHN363UPTRZCTNTANCNFSM4OLJFQLA.
Hello @martinscheu
A malformed DNS PCAP has been added that has some malformed responses that can trigger the various bugs in Treck embedded TCP/IP.
Hello @martinscheu
BTW we are constantly updating our scripts and tools. JSOF's scripts are now publicly available under "scripts" folder https://github.com/CERTCC/PoC-Exploits/tree/master/vu-257161/scripts
You can also see that Forescout has released their discovery scripts to support the ICS community for discussion https://github.com/Forescout/project-memoria-detector/blob/main/README.md
Hello @sei-vsarvepalli Would it be possible to share the pcap you used for testing? Thanks