Skip to content

Fans0n-Fan/Treck20-Related

master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
1 branch 0 tags
Code

Latest commit

 

Git stats

Files

Permalink
Failed to load latest commit information.
Type
Name
Latest commit message
Commit time
treck20
Update exp.py
Sep 3, 2020
README.md
Update README.md
Jul 22, 2020
Treck20-Related Protocol stack inspection

README.md

Treck20-Related

PoC for CVE-2020-11896 Treck TCP/IP stack and device asset investigation

Protocol stack inspection

As many manufacturers adopt the Treck protocol stack, some manufacturers refer to the Treck protocol stack by way of hardware IP cores. It is not enough to identify vulnerabilities through device fingerprints alone. How to detect whether the target device is the Treck protocol stack becomes the key to asset investigation.

Here are the Treck protocol stack fingerprint detection method:

The Treck protocol stack customizes an ICMP packet of type 165 (0xa5), and once it receives a ICMP packet of type 165, it will reply with an ICMP packet response of type 166. First, send an ICMP request packet to the target, where type=0xa5, code=0. Then, receive the icmp response packet data returned by the target, where type = 0xa6, code = 0, and the six bytes after the 9th byte of the ICMP message are 0x01,0x51,0x35,0x28,0x57,0x32 (big endian) or 0x51,0x01,0x28,0x35,0x32,0x57 (little endian).Satisfying the above-mentioned conditions indicates that the target device is the treck protocol stack.

About

PoC for CVE-2020-11896 Treck TCP/IP stack and device asset investigation

Resources

Readme

Stars

7 stars

Watchers

2 watching

Forks

2 forks

Releases

No releases published

Packages

No packages published

Languages