[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <CAPGeVWME849DTECyeJEy25WNwkkxZBWSAd5mG-Jy37nJs1puDA@mail.gmail.com>
Date: Tue, 14 Feb 2012 16:46:09 -0700
From: Sanguinarious Rose <SanguineRose@...ultusterra.com>
To: full-disclosure@...ts.grok.org.uk
Subject: Re: Arbitrary DDoS PoC
Now, I had to do it. I took a look at his other projects (I know, I
know..., it has begun)
https://github.com/lfamorim/IntensiveDoS
If you thought the python code was bad... It doesn't even do anything
remotely effective. Now, pthreads has a cap of around 200 max threads
(depends on compile options, platform, etc.) a single process can do.
If this was even remotely "Intensive" it would be using async sockets
which you can at least get a few K of connections. Should I even
mention it just disconnects after connecting kinda rendering well, I
can't think of a polite way to say it, utterly useless. Any properly
setup http, apache even, can reflect this like throwing cotton balls
but in his case he is claiming the cotton balls are somehow really
bowling balls.
*http_header = "GET / HTTP/1.1\r\n\r\n";
This HTTP request doesn't include a "Host" field hence breaking the
HTTP 1.1 standard before we even begin.
I also noticed he doesn't believe in functions with variables instead
relying on globals.
Sections of the code sometimes use { } for a single
if/while/else/for/etc. statement and some don't which makes me wonder
if it's copy/paste. In my experience and in my own programming they
usually don't dash their code with such style irregularities.
Now inside his Makefile:
rm -rf IntensiveDoS IntensiveDoS.o
Do you seriously need to recursively deleted two files forcefully?
Now on this: https://github.com/lfamorim/Connect-Back-Win32-Trojan
All I can really say is it's not a very good trojan if it leaves a big
black console screen and if you click the 'X' it goes away /
terminates the reverse shell. The standard reverse shell code can be
found on google with many more improvements and there is nothing
really innovative or interesting here.
Now This: https://github.com/lfamorim/rebreaker
All I can say is 12 lines of code being called "Extremely advanced
algorithm to remove distortions from recaptcha images, allowing OCR."
using http://projects.scipy.org/scipy/milestone/0.10.0 is rather well.
Just take a look (the main 2 lines of the program that do anything).
for i in WordSlice(imread(argv[1], True)).get_words():
Hough(i).find_ellipses(lambda img: imresize(img, 0.4, 'bilinear'))
I don't think I have to say anything else for those two lines of
"Extremely advanced algorithm" besides this single line.
lfamorim pushed to master at lfamorim/rebreaker February 14, 2012 =>
40369be making things more efficient.
Combine the above with his "proxy botnet" using curl I have to ask....
why would anyone respond to this guy in a logical fashion when it is
obvious he does not know what he is doing. He is as bad as Steve
Gibson ranting about raw socket support in WindowsXP and how it's
going to end the entire internet, only in this case he is referring to
open proxies.
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists