I was working on a system on HTB and noticed that a UDP exploit did not work. Upon further investigation, I have determined that setting a UDP datagram size larger than 4008 bytes only sends 2048 bytes. If I set to 8192, the payload never sends (and sometimes hangs). Regrettably, the exploit has a bit of a timing component, and reducing the datagram to 2048 will send the entire payload, but will not trigger the exploit. I created a small test python script to test and have run on physical and vm’s, and the only distro that seems to have an issue is parrot. I downloaded the 4.11.2 version, and ran live and had the same issue.
Below is my test code and 2 screen shots with a 4008 size dgram and 8192 size dgram.
#!/usr/bin/python import socket target = ('IP_ADDRESS', 9256) DGRAM_SZ = 8192 payload = "A" * 10240 s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) while payload: bytes_sent = s.sendto(payload[:DGRAM_SZ].encode(), target) payload = payload[bytes_sent:] s.close()
Anonsurf running? No
Logs/Terminal output (use pastebin or similar services):