coder
Jan 7 2004, 03:28 PM
Hey all, after reading a recent advisory on Track Requests and IIS, i decided to make a lil' DoS client for IIS servers that still adhear to Track Request. Works just like the 'TRACE' request on other servers, but is not well documented and better yet, not logged (except for more recent versions of IIS), if you'd like to read more about this vuln. check out the AQTRONIX Security Advisory AQ-2003-02
Here is the syntax you should use with this client.
will open the client in visible mode
| CODE |
| c:\trackd 0>127.0.0.1 |
will open the client under invisible mode and start the DoS on the specified target (in this case it would be 127.0.0.1)
| CODE |
| c:\trackd 1>127.0.0.1 |
this will open the client in visible mode and start the DoS on target
The reason for this syntax is so that you could easily leave this running on a victim's machine via some startup method...
-----------------------------------------------
I'm still testing, feel free to comment... I will post code after i've cleaned it up a bit
coder
Jan 7 2004, 04:36 PM
ok, the first version doesn't work as well as i'd like it to...
i've fixed some pretty major bugs, and the 2nd version is working quite nicely
adv. error checking should keep it from crashing now
