lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date: Fri, 26 Aug 2011 13:19:08 +1000
From: "-= Glowing Sex =-" <doomxd@...il.com>
To: Ulises2k <ulises2k@...il.com>, Xianuro GL <xianur0.null@...il.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: HTTPKiller - (Global HTTP DoS)

Same here, but i tried with a rather large html file... had no effect, in
fact, it got blocked, here is the log:


root@...10-170-103-253:~# perl mn.pl http://www.****.com/news/articles.html
30 30 190.1.1.1
URL: http://www.****.com/news/articles.html
[!] Launching 30 threads!
Target: www.****.com:80
Path: /news/articles.html

[-] Launched!
                                               <------------------------
here is where it paused abit... caused the site to lag abit, but not
drop,had no affect but getting itself blocked,very ineffective.
[x] Unable to connect...
[x] Unable to connect...
[x] Unable to connect...
[x] Unable to connect...
[x] Unable to connect...

////and whala we are blocked by the target machine, wich is not even running
any real firewall just a large bw box but, was infact vuln to the byte/range
attack vector...

^C

Id like to see this abit better, and the fake-ip setting, to be implemnted
so it works maybe, then even some form of spoof wich cannot b seen by
webserver... then might have more chances of attack lasting long enough to
soak the sockets,.....well, it should be doing that aspart of this.
cheers and, great coded tool but, just alittle tricky maybe to use it....and
no automatic d0s. and lag lasted like seconds..
regards, and, i always say, never stop improving the code, nomatter if the
comliments are pos or neg,take all in and use it to majke your work better.
thankyou for sharing the code, i like to read code wich is coded well :)
cheers,
xd



PSS
As a total sidenopte, I really do like immunitysec.com, but i really dont
want to fork out however much it would cost for the complete pro opacks, atm
it is very stable deployment.. I have only got an older v6 of the canvas,
but i am interested in anyone who could get me the set... i mean every item
that is deployed to plugin, all the packs by gleg etc... wich i know exists
on private forums. Id be happy to swap something as equally as valuable for
it anyhow...
ops.
xd



On 26 August 2011 12:19, Ulises2k <ulises2k@...il.com> wrote:

> I have tried with Apache 2.2.9 and a simple file php and does not
> cause DoS Apache Server.
>
>
>
> On Thu, Aug 25, 2011 at 19:21, Xianuro GL <xianur0.null@...il.com> wrote:
> >
> > linux-7nli:/home/xianur0/fhttp-v1.3/DoS # perl mn.pl http://[domain]/[file]
> 30 100 190.1.1.1
> >
> > Where "file" have to consume processing in the server (i.e. index.php for
> Joomla! CMS).
> >
> > Remember the "http://" :P
> >
> > 2011/8/25 -= Glowing Sex =- <doomxd@...il.com>
> >>
> >> Ummm ok, lets see, i tried to use this, it keeps giving me 'usage' abit
> to much :P , even when i have read thru the code and seen an example/would
> make example.... but seems it is not being nice, unless i have perhaps made
> the error.. or it is not pasted in correctly,... i will try again but, i
> sofar see no threat here, because it doesnt work to well, to start with...
> btw, it looks alot like a slowloris like attack, wich would be blocked by
> most servers... still, please show me some examples.. this is NOT a
> happening script atm!
> >> and also, maybe adjust encoding, so when copy and paste, it doesnt bork
> up.. incase it is maybe that.... altho, it seems to exec fine... i am using
> perl script.pl blah.com 10 10 ip.fake.here.ofc
> >> nothing but usage...
> >> cheers in advance
> >> xd
> >>
> >>
> >>
> >> On 26 August 2011 06:42, Xianuro GL <xianur0.null@...il.com> wrote:
> >>>
> >>> Connection Keep-Alive + Pipelining + Close the connection before the
> response + Something... = DoS
> >>> Apache, IIS, Squid, NetCache, What else?
> >>>
> >>> _______________________________________________
> >>> Full-Disclosure - We believe in it.
> >>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> >>> Hosted and sponsored by Secunia - http://secunia.com/
> >>
> >
> >
> > _______________________________________________
> > Full-Disclosure - We believe in it.
> > Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> > Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists