Home page logo

bugtraq logo Bugtraq mailing list archives

From: Dave Aitel <dave () immunitysec com>
Date: 01 Oct 2002 11:18:36 -0400

For those of you who have a desire to crash Microsoft's PPTP stack, I
have a pptp .spk script linked off of

It would probably be good to run against other PPTP stacks as well.
(Likewise, SPIKE's msrpcfuzzer takes down free software dce-rpc stacks
just as fast as it takes down the non-free stacks.)

It's not a bad demonstration of how to use SPIKE scripts either, if
you're inclined to learn. Finding this bug took less than thirty

To run it:
# first enable the shared library fun
bash$ . ./ls.sh 
# now run the script against after setting up PPTP on that
machine. It's a good idea to set up SoftIce as well.
bash$ ./generic_send_tcp 1723 ./pptp.spk 0 0 
#wait for crash. It's in the second packet, I believe.

Dave Aitel
Immunity, Inc.


   [1] phion Information Technologies


   phion Information Technologies will not provide an exploit for this


Attachment: signature.asc
Description: This is a digitally signed message part

  By Date           By Thread  

Current thread:
  • PPTP Dave Aitel (Oct 01)
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]