Last Login: September 18, 2022
adenosine-phosphatase's Latest (3) Contributions
I must be missing something as the PoC script *https://github.com/78ResearchLab/PoC/blob/main/CVE-2022-34721/CVE-2022-34721.py) does not execute any exception/BSOD let alone the RCE.
From what I can see, the script does not carry any RCE payload, but I thought it would at least cause some app/os exception.
When I fire it up against w2k19 VPN server, nothing happens.
I would have expected that at least some kind of unhandled exception/BSOD occurred, but nothing …
I did a small python script that constructs the ICMPv6 Router advertisement as per advisory : advertisement packet (Type 134) followed by Recursive DNS (Type 25) OPTION and made sure the Length field is an even number> 3 (as RFC and exploit advisory suggest). I added one more OPTION field (Route Information , Type 24) just in case. Launched it against Windows 2019 and it did not crash it. Checked that Wireshark showed properly constructed packet. Any other condition that exploit must satisfy as currently I seem to be missing something?
By the way, when Length field in the Recursive DNS OPTION is any even number, Wireshark indicted malformed packet. When the field is an odd number, packet is properly dissected.