I was working on a system on HTB and noticed that a UDP exploit did not work. Upon further investigation, I have determined that setting a UDP datagram size larger than 4008 bytes only sends 2048 bytes. If I set to 8192, the payload never sends (and sometimes hangs). Regrettably, the exploit has a bit of a timing component, and reducing the datagram to 2048 will send the entire payload, but will not trigger the exploit. I created a small test python script to test and have run on physical and vm’s, and the only distro that seems to have an issue is parrot. I downloaded the 4.11.2 version, and ran live and had the same issue.
Below is my test code and 2 screen shots with a 4008 size dgram and 8192 size dgram.
Any ideas?
#!/usr/bin/python
import socket
target = ('IP_ADDRESS', 9256)
DGRAM_SZ = 8192
payload = "A" * 10240
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
while payload:
bytes_sent = s.sendto(payload[:DGRAM_SZ].encode(), target)
payload = payload[bytes_sent:]
s.close()
-
VERSION=“4.11”
-
Anonsurf running? No
-
Logs/Terminal output (use pastebin or similar services):
-
Screenshots: