Share
## https://sploitus.com/exploit?id=EA82FE6C-FD6D-57A7-891E-258F9C0FE7E0
# CVE-2024-38063 Research Tool

This tool has been developed to provide valuable insights and information related to CVE-2024-38063. The research tool offers capabilities that are beneficial for learners, including dynamic payload generation and real-time research functionality.

## Documentation

### Research Tool Document
For an in-depth understanding of the tool, refer to the [CVE-2024-38063 Research Tool Documentation](https://cyberzeus.pk/researchpapers/research-tool-poc-for-cve-2024-38063.pdf).

### Root Cause Analysis Document
For a detailed analysis of the root cause, consult the [CVE-2024-38063 Root Cause Analysis](https://cyberzeus.pk/researchpapers/RCA-CVE-2024-38063.pdf).

## IPv6 Memory Allocation and Manipulation Exploit PoC

This project serves as a Proof of Concept (PoC) for exploiting vulnerabilities in IPv6 packet handling, specifically focusing on memory allocation and integer underflows.

### IPv6 Packet Crafting

The script allocates memory for IPv6 packets and carefully crafts payloads designed to exploit known vulnerabilities. By manipulating packet headers and payload data, it targets specific weaknesses, potentially leading to memory corruption or other unintended behaviors.

### Specially Crafted Fragments

Functions within the script create IPv6 fragments tailored to trigger vulnerabilities in packet handling, further supporting the testing and demonstration of these weaknesses.

### Dynamic Payload Generation

The script dynamically generates payloads and adapts them based on target responses (using the `autoevade` option). This mimics real-world exploitation techniques where payloads are refined based on feedback from the target system.

### Command Injection

The `autorce` option allows the injection of command payloads into the crafted packets, simulating an attacker’s attempt to execute commands on a vulnerable system.

### Denial-of-Service (DoS)

The script includes functionality to create flooding attacks, overwhelming the target with traffic to disrupt its operations.

### Memory Corruption Testing

It also provides mechanisms to create memory corruption, testing how the target system responds to deliberately malformed packets.

### Low-Level Operations

The use of C code within Perl allows for low-level socket operations and direct manipulation of memory, ensuring precise control over packet creation and timing. This approach offers capabilities that are not possible with Perl, Python, or other high-level languages.

### Script Options

This script can be tailored for highly customizable attack scenarios. Below are the available options:

```bash
--target <target_ip>: Specifies the target IPv6 address.
--header_length <length>: Sets the header length for packet crafting.
--exploit: Initiates the exploitation process.
--attempts <number>: Defines the number of exploit attempts (default is 1000).
--autoevade: Enables adaptive changes to payloads based on target responses.
--flood: Initiates a flooding attack for a specified duration.
--duration <seconds>: Sets the duration for the flooding attack (default is 60 seconds).
--autodos: Activates an automated denial-of-service attack.
--memcorrupt: Triggers memory corruption.
--autorce: Enables command injection within the payload.
--payload <command>: Specifies the command to inject when using --autorce.
--no-ipv6-verify: Skips IPv6 validation checks.
--interface <interface>: Specifies the network interface to use.
--autointerface: Automatically detects the network interface when using a link-local address.
--help: Displays the usage information and exits.
```