Metasploitable/TorsHammer: Difference between revisions
From charlesreid1
(Redirected page to Tors Hammer) |
|||
| (7 intermediate revisions by the same user not shown) | |||
| Line 1: | Line 1: | ||
#REDIRECT [[Tors Hammer]] | |||
<!-- | |||
=Tor's Hammer Slow Body DoS Attack= | =Tor's Hammer Slow Body DoS Attack= | ||
Tor's Hammer (https://sourceforge.net/projects/torshammer/) is a tool that uses the slow body attack to swamp Apache servers and cause a denial of service (DoS). It does this by sending a POST request with a large declared content-length, then | Tor's Hammer (https://sourceforge.net/projects/torshammer/) is a tool that uses the slow body attack to swamp Apache servers and cause a denial of service (DoS). It does this by sending a POST request with a large declared content-length (like 1000 MB), then performing the following, ad infinitum: send one letter through the open connection; take a nap. | ||
Tor's Hammer, in particular, provides a Python script that enables running the slow body attack through a web proxy like Tor, to provide anonymity. It also implements other disguising elements like a slew of User Agent headers. | Tor's Hammer, in particular, provides a Python script that enables running the slow body attack through a web proxy like Tor, to provide anonymity. It also implements other disguising elements like a slew of User Agent headers. | ||
We'll test this tool out on the [[Metasploitable]] machine, which is running Apache 2.2.8, and see if it is vulnerable to the Tor's Hammer DoS attack. If so, we'll mount the attack. | We'll test this tool out on the [[Metasploitable]] machine, which is running Apache 2.2.8, and see if it is vulnerable to the Tor's Hammer DoS attack. If so, we'll mount the attack. | ||
<font size="+3">NOTE: This will completely knock out the target server.</font> The web server will run out of memory and will begin to drop packets from the device. It must be rebooted to fix. Use wisely. | |||
==Python Script== | ==Python Script== | ||
| Line 77: | Line 83: | ||
However, these don't seem to affect the attack, as the web server is inaccessible even while the error messages are being printed out. | However, these don't seem to affect the attack, as the web server is inaccessible even while the error messages are being printed out. | ||
==Bringing Down Ping== | ==Bringing Down The Server== | ||
===Ping Down=== | |||
At some point during the attack, the machine stopped responding to ping: | At some point during the attack, the machine stopped responding to ping: | ||
| Line 137: | Line 145: | ||
</pre> | </pre> | ||
This attack completely knocked the server offline. | ===Memory Squeeze=== | ||
Turns out, the machine ran out of memory, and the network device began dropping packets: | |||
This attack '''completely''' knocked the server offline, and it had to be rebooted. | |||
[[Image:TorsHammer_OfflineMemSqueeze.png|500px]] | |||
=pwn= | |||
To be sure: this attack can pwn a server. | |||
=Flags= | =Flags= | ||
==DoS== | |||
{{DoSFlag}} | |||
==Metasploitable== | |||
{{MSFlag}} | {{MSFlag}} | ||
--> | |||
Latest revision as of 04:40, 29 August 2016
Redirect to: