Full Disclosure mailing list archives
Re: HTTPKiller - (Global HTTP DoS)
From: "-= Glowing Sex =-" <doomxd () gmail com>
Date: Fri, 26 Aug 2011 13:19:08 +1000
Same here, but i tried with a rather large html file... had no effect, in fact, it got blocked, here is the log: root@ip-10-170-103-253:~# perl mn.pl http://www.****.com/news/articles.html 30 30 190.1.1.1 URL: http://www.****.com/news/articles.html [!] Launching 30 threads! Target: www.****.com:80 Path: /news/articles.html [-] Launched! <------------------------ here is where it paused abit... caused the site to lag abit, but not drop,had no affect but getting itself blocked,very ineffective. [x] Unable to connect... [x] Unable to connect... [x] Unable to connect... [x] Unable to connect... [x] Unable to connect... ////and whala we are blocked by the target machine, wich is not even running any real firewall just a large bw box but, was infact vuln to the byte/range attack vector... ^C Id like to see this abit better, and the fake-ip setting, to be implemnted so it works maybe, then even some form of spoof wich cannot b seen by webserver... then might have more chances of attack lasting long enough to soak the sockets,.....well, it should be doing that aspart of this. cheers and, great coded tool but, just alittle tricky maybe to use it....and no automatic d0s. and lag lasted like seconds.. regards, and, i always say, never stop improving the code, nomatter if the comliments are pos or neg,take all in and use it to majke your work better. thankyou for sharing the code, i like to read code wich is coded well :) cheers, xd PSS As a total sidenopte, I really do like immunitysec.com, but i really dont want to fork out however much it would cost for the complete pro opacks, atm it is very stable deployment.. I have only got an older v6 of the canvas, but i am interested in anyone who could get me the set... i mean every item that is deployed to plugin, all the packs by gleg etc... wich i know exists on private forums. Id be happy to swap something as equally as valuable for it anyhow... ops. xd On 26 August 2011 12:19, Ulises2k <ulises2k () gmail com> wrote:
I have tried with Apache 2.2.9 and a simple file php and does not cause DoS Apache Server. On Thu, Aug 25, 2011 at 19:21, Xianuro GL <xianur0.null () gmail com> wrote:linux-7nli:/home/xianur0/fhttp-v1.3/DoS # perl mn.pl http://[domain]/[file]30 100 190.1.1.1Where "file" have to consume processing in the server (i.e. index.php forJoomla! CMS).Remember the "http://" :P 2011/8/25 -= Glowing Sex =- <doomxd () gmail com>Ummm ok, lets see, i tried to use this, it keeps giving me 'usage' abitto much :P , even when i have read thru the code and seen an example/would make example.... but seems it is not being nice, unless i have perhaps made the error.. or it is not pasted in correctly,... i will try again but, i sofar see no threat here, because it doesnt work to well, to start with... btw, it looks alot like a slowloris like attack, wich would be blocked by most servers... still, please show me some examples.. this is NOT a happening script atm!and also, maybe adjust encoding, so when copy and paste, it doesnt borkup.. incase it is maybe that.... altho, it seems to exec fine... i am using perl script.pl blah.com 10 10 ip.fake.here.ofcnothing but usage... cheers in advance xd On 26 August 2011 06:42, Xianuro GL <xianur0.null () gmail com> wrote:Connection Keep-Alive + Pipelining + Close the connection before theresponse + Something... = DoSApache, IIS, Squid, NetCache, What else? _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- HTTPKiller - (Global HTTP DoS) Xianuro GL (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) -= Glowing Sex =- (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) Xianuro GL (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) -= Glowing Sex =- (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) Ulises2k (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) -= Glowing Sex =- (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) Xianuro GL (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) Xianuro GL (Aug 25)
- Re: HTTPKiller - (Global HTTP DoS) -= Glowing Sex =- (Aug 25)