http://www.rootshell.com/archive-Rbf4ahcmxzw5qn2S/199801/bonk.c
/*
[ http://www.rootshell.com/ ]
==bendi - 1998==
bonk.c - 5/01/1998
Based On: teardrop.c by route|daemon9 & klepto
Crashes *patched* win95/(NT?) machines.
Basically, we set the frag offset > header length (teardrop
reversed). There are many theories as to why this works,
however i do not have the resources to perform extensive testing.
I make no warranties. Use this code at your own risk.
Rip it if you like, i've had my fun.
*/
#include stdio.h
#include string.h
#include netdb.h
#include sys/socket.h
#include sys/types.h
#include netinet/in.h
#include netinet/ip.h
#include netinet/ip_udp.h
#include netinet/protocols.h
#include arpa/inet.h
#define FRG_CONST 0x3
#define PADDING 0x1c
[snip...]
void usage(void)
{
fprintf(stderr, "Usage: ./bonk [num]\n");
exit(0);
}
[snip...]
=-=
/*
boink.c - a modified bonk.c
[ http://www.rootshell.com/ ]
==bendi - 1998==
bonk.c - 5/01/1998
Based On: teardrop.c by route|daemon9 & klepto
Crashes *patched* win95/(NT?) machines.
Basically, we set the frag offset > header length (teardrop
reversed). There are many theories as to why this works,
however i do not have the resources to perform extensive testing.
I make no warranties. Use this code at your own risk.
Rip it if you like, i've had my fun.
Modified by defile(efnet) [9/01/98]
As it stood before, bonk.c just simply attacked port 55.
Upon scanning my associates, I've noticed port 55 isn't
always open. It varies in fact, while other ports remain
open and vulnerable to this attack. I realized that Microsoft
just might fix this by blocking port 55 off or something
completely lame like that, and that is unacceptable.
As of this modification, you provide both a "start" and a
"stop" port to test for the weakness, in the attempt to catch
a possibly open port. (I've noticed port 55 seemed to come open
more frequently on machines that were running IE though)
Hopefully this will encourage Microsoft to write a REAL fix
instead of just make lackey fixes as they've had in the past.
Please only use this to test your own systems for vulnerability,
and if it is, bitch at Microsoft for a fix. I am not responsible
for any damage that may come and as stated above by the
author, this might not even work. I make no claims
to the ownership to any portions of this source in any way.
*/
[snip...]
/* fprintf(stderr, "Usage: ./bonk [num]\n"); */
fprintf (stderr, "Usage: ./boink [num]\n");
exit(0);
[snip...]
|