php/overfloo/overfloo.php

   1 #!/usr/bin/php
   2 <?php if(!isset($argv)) die('<pre>[!] FUCK-U-N0-0B!</pre>\n'); //.!.('.').!. No, this isn't a web app!
   3 //Ov3rFl00
   4 //Harvie 2oo7
   5 /* Buffer-OverFlow VulnChecker
   6  * You can make template for any protocol
   7  */
   8
   9 //Settings
  10 $template_dir = './flooz';
  11 $floochar = 'A';
  12 $addrstr = 'BBBB';
  13 $start = 64;
  14 $step = 2;
  15 $max = 1024*1024;
  16 $floostr = '%FLOOD%';
  17 $lenstr = '%LENGHT%';
  18 $host = 'stdout';
  19 $port = 80;
  20 $timeout = 3;
  21
  22 //C0DE
  23 if($argc < 2) die(
  24         "[!] OverFloo".
  25         "Usage: overfloo template [host] [port] [max-len(^2)] [char] [addr]\n".
  26         "By: <--Harvie 2oo7 ;D\n"
  27 );
  28
  29 if(isset($argv[1])) $template = $argv[1];
  30 if(isset($argv[2])) $host = $argv[2];
  31 if(isset($argv[3])) $port = $argv[3];
  32 if(isset($argv[4])) $max = pow($argv[4],2);
  33
  34
  35 function flood_make($len='64', $char='A', $end='BBBB') {
  36         for(;$len > 0;$len--) $str.=$char;
  37         return $str.$end;
  38 }
  39
  40 //Init
  41 $template = $template_dir.'/'.$template.'.floo';
  42 echo(
  43         "[i] Testing: $host:$port\n".
  44         "[i] Using template: $template\n".
  45         "[i] Using range $start - $max B\n\n"
  46 );
  47 $template = @file_get_contents($template);
  48 if(!$template) die("[!] Template not found!\n");
  49 $tcp = ($host == 'stdout' || $host == '-');
  50 //Loop
  51 $len = $start;
  52 while($len <= $max) {
  53         $data = str_replace($lenstr, $len, $template);
  54         $data = str_replace($floostr, flood_make($len, $floochar, $addrstr), $data);
  55
  56         echo("[>] Sending: $len -> ");
  57
  58         if($tcp) die("\n".$data);
  59         else {
  60                 $fp = @fsockopen($host, $port, $errno, $err, $timeout);
  61                 if(!$fp) die("\n[!] $host:$port DOWN ;D\n");
  62                 fwrite($fp, $data); fflush($fp);
  63
  64                 if(!fwrite($fp, ';P')) {
  65                         echo("Connection closed! ;D\n");
  66                 } else {
  67                         echo("OK!\n");
  68                 }
  69                 @fclose($fp);
  70         }
  71
  72         $len *= 2;
  73 }
  74
  75 if($tcp) {
  76         $fp = @pfsockopen($host, $port, $errno, $err, $timeout);
  77         if(!$fp) die("[!] $host:$port DOWN ;D\n");
  78 }
  79
  80 echo("\n[X] Script exited succesfully!\n");
  81