dos + apache

glubby · Post by **glubby** » 08 Apr 2008, 07:49

Hi,

I have been looking over the Internet for a tool to make a DoS attack on an apache web server (v 1.3.37 or v 2.0.54). I found lots of things but nothing serious

. Do you have a lead for me ? (sorry for my bad english)

Nerdz · Post by **Nerdz** » 08 Apr 2008, 09:13

You can look on website like milworm or securityfocus...

You can also install one of these version of Apache on your machine and try to find something..

glubby · Post by **glubby** » 08 Apr 2008, 11:10

Right now, I'm working on a test plateform with a backtrak v2 and the 2 versions of Apache that I mentioned earlier. All the tool I used were from milw0rm. I'll look on securityfocus, maybe this time if I'm lucky ....

Nerdz · Post by **Nerdz** » 08 Apr 2008, 11:16

You can also try to google these version and try to find info on forum... try to use other search engine than google... use your imagination!

Also, try to find other version related problem... like

version 1.3 of something is ok but an exploit has been discovered in 1.4 and it affects <= 1.4. So googling the 1.3 version won't give it to you... but searching around will.

Post by **DNR** » 08 Apr 2008, 22:32

remember to consider all the open ports for DoS. Even if a server is patched, you still count on the admin making poor choices of setting access control or using third party apps.

I personally disprove of DoS, it'll light up the logs real quick.

DNR

glubby · Post by **glubby** » 09 Apr 2008, 01:55

That's all good advice. So, I'll look for a better solution because last night I found a "barbaric" perl script (httpd_flood.pl) on packetstorm which does the DoS by creating a large number of tcp connections.
In the mean time, I would like to complete my bench by rerouting the http trafic to my computer in order to display my website to the victim browser. So, I made a little arpspoof but what next .... ?

Post by **bad_brain** » 09 Apr 2008, 05:19

such floods are pretty pointless because it's no problem to limit the max. connections of a single IP, also with a simple netstat -t your attack is identified...together with blocking the IP via firewall it takes about 5 seconds to get rid of such an attack.
to re-route traffic you would have to run a man-in-the-middle attack, but to do this you would first have to hijack a DNS server in the path

the versions 1.3.37 and 2.0.54 might not be the newest ones, but this doesn't mean the newer versions have been released because there were serious flaws, usually they only include minor bugfixes. apache is simply too well maintained, so you picked one one the heaviest opponents.....

glubby · Post by **glubby** » 10 Apr 2008, 04:07

Well, I know this is not easy. After all, Apache represent 60%, if I'm right, of the web server in the world. For the moment, I will use that flood for testing purpose. But like I said earlier, I'm looking for a better solution and I'm pretty confident that I will find something. So, I will keep googling

Post by **bad_brain** » 10 Apr 2008, 08:58

well, ok, here's something that I recommend, it's an official tool that is part of any (at least afaik) Linux distro...so you don't have to deal with poorly coded and malware infected "hacker tools" crap you find on the net:

http://httpd.apache.org/docs/2.0/programs/ab.html

work for remote tests too.
of course this is no "click button to hack" crap, it's a professional tool and so you have to get a little into it first...but this also forces you to learn...

glubby · Post by **glubby** » 14 Apr 2008, 08:07

Well finally, it seems that Apache is pretty tough. So, I will keep my tcp flooder and make a little demonstration with it. It's not terrible but I haven't found anything better so far.

suck-o.com

dos + apache

dos + apache

open ports mean more targets