4837 Total CVEs
26 Years
GitHub
README.md
Rendering markdown...
POC / server.py PY

import socket
import sys
import threading
import time
import os

HOST = '0.0.0.0'
PORT = 6000

# The specific byte sequence that causes the crash (from POC)
# ASCII: TNMP....TNME....
# Hex: 54 4e 4d 50 04 00 00 00 54 4e 4d 45 00 00 04 00
CRASH_PAYLOAD = b'\x54\x4e\x4d\x50\x04\x00\x00\x00\x54\x4e\x4d\x45\x00\x00\x04\x00'

def handle_client(conn, addr):
    print(f"[+] Connection from {addr}", flush=True)
    try:
        while True:
            data = conn.recv(1024)
            if not data:
                break
            
            # Check if data contains the crash payload
            if CRASH_PAYLOAD in data:
                print(f"[!] CRITICAL: Recevied malicious 'TNMP' packet from {addr}", flush=True)
                print("[!] ImageNow Server Service is crashing...", flush=True)
                # Simulate crash by exiting the process immediately
                os._exit(1)
            
            # Normal behavior: simple echo or silent acceptance
            print(f"[*] Received {len(data)} bytes: {data.hex()}", flush=True)
            
    except ConnectionResetError:
        pass
    except Exception as e:
        print(f"[-] Error: {e}", flush=True)
    finally:
        conn.close()

def main():
    print(f"[*] Starting ImageNow Server Emulator on port {PORT}...", flush=True)
    server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
    
    try:
        server.bind((HOST, PORT))
        server.listen(5)
        print(f"[*] Listening on {HOST}:{PORT}", flush=True)
        
        while True:
            conn, addr = server.accept()
            client_thread = threading.Thread(target=handle_client, args=(conn, addr))
            client_thread.start()
            
    except Exception as e:
        print(f"[-] Server Error: {e}", flush=True)
    finally:
        server.close()

if __name__ == "__main__":
    main()