Vulnerability Development mailing list archives

Re: Using php to bounce scan


From: m-rae () HOME COM (Matt Rae)
Date: Mon, 30 Apr 2001 15:14:14 -0700


DDOS with php might be something to look at also.  If it were even possible
to make a somewhat effective DDOS programs with php, it sure would be easier
for kidz to rack up the nodes.

matt

Thiebaut wrote:

Hi,

This is my first post so I'm not 100% sure it's the right place to do it
and if this is interesting enough to be posted, but still ...

The problem :

Nowadays few free-web-page hosting companies are providing an access to
publish your pages with PHP enabled. That's the problem ;-)

So why not use PHP for security purpose ?
Let's say you write a PHP network scanner and use it to scan a host.
Guess where would the source scan come from. The computer hosting the
script, and that is actually not you.

Chain proxies between you and the computer hosting the script and you'll
appear as the anonymous Php3 network scanning  guy.

So network scanning is fun (still don't dream about -sS with php), but
vulnerability scanning might also be fun. So I though to be a little
more complete a simple cgi scanner would also be interesting.
It's a very bad example of code optimisation  ;-)  but I thought the
idea was not so bad so...

You got both files there :
http://persoweb.francenet.fr/~tbilger/linux/

Don't hesitate to mail for comments.

Thiebaut Devergranne


Current thread: