Spectre Variant 2 Branch Target Injection

This repository is a proof-of-concept (PoC) exploit chain targeting Cisco routers vulnerable to CVE-2017-6736 (SNMP RCE) and chaining it with a Spectre (CVE-2017-5753, CVE-2017-5715) browser attack. The structure includes a batch script (readyGo.bat) that automates the exploitation process: it runs a Python-based SNMP RCE exploit (from a submodule), then uses Plink to send configuration commands (from ciscoCommands.txt) to the router, setting a new default route to 195.20.52.49 (an attacker-controlled host). The attacker then serves a fake login page (index.html) that loads JavaScript from the spectre-chrome submodule, attempting a Spectre attack in the browser context. The repository is organized with submodules for the main exploit components, a batch script for automation, and HTML/JS files for the phishing/Spectre phase. The exploit requires access to a vulnerable Cisco router and aims to redirect user traffic through a malicious gateway, where further browser-based exploitation can occur.

This repository is a proof-of-concept (PoC) implementation of the Spectre speculative execution attack (CVE-2017-5753, CVE-2017-5715). The main code is in 'src/main.cpp', which demonstrates how an attacker can use branch prediction and cache timing side-channels to read memory contents that should be inaccessible, specifically leaking a hardcoded secret string. The exploit is local and requires the attacker to run code on the target machine. The repository includes build scripts for various platforms (macOS, Linux, Solaris, Windows), but the exploit is only tested on macOS, Linux, and Solaris. The attack does not target a network service or remote endpoint, but rather exploits CPU hardware vulnerabilities. The structure is typical for a C++ project, with CMake build files, shell scripts for building and running, and a single main source file containing the exploit logic. The exploit is not weaponized and serves as a demonstration of the vulnerability.

This repository contains a proof-of-concept (POC) exploit for the Spectre vulnerability (CVE-2017-5753 and CVE-2017-5715), affecting many Intel CPUs. The repository consists of a README.md (with background and references) and a single C source file (source.c) implementing the attack. The exploit demonstrates how speculative execution and cache timing can be abused to leak memory contents from the same process. The code places a secret string in memory and uses a combination of branch misprediction and cache probing to read the secret, printing the results to standard output. There are no network or remote attack vectors; the exploit is purely local and requires the attacker to execute code on the target system. The code is a classic educational POC and does not weaponize the attack for real-world exploitation, but it clearly demonstrates the underlying vulnerability.

This repository is a proof-of-concept implementation of the Spectre attack (CVE-2017-5753 and CVE-2017-5715) in C. The main code is in 'Source.c', which demonstrates how speculative execution and cache timing side-channels can be exploited to leak memory contents from protected areas. The exploit works by training the branch predictor to mispredict, then performing an out-of-bounds read in speculative execution, and finally using cache timing to infer the value of the secret data. The README provides detailed background, build instructions, and usage examples. The exploit is run locally and does not target network endpoints; it is designed to demonstrate the vulnerability on affected CPUs. The repository contains standard build files (.gitignore, Makefile), documentation (README.md), and the exploit code (Source.c).