Metasploitable/TorsHammer: Difference between revisions

Latest revision as of 04:40, 29 August 2016

Redirect to:

Tors Hammer

@@ Line 1: / Line 1: @@
+#REDIRECT [[Tors Hammer]]
+<!--
 =Tor's Hammer Slow Body DoS Attack=
-Tor's Hammer (https://sourceforge.net/projects/torshammer/) is a tool that uses the slow body attack to swamp Apache servers and cause a denial of service (DoS). It does this by sending a POST request with a large declared content-length, then sending data one bit at a time.
+Tor's Hammer (https://sourceforge.net/projects/torshammer/) is a tool that uses the slow body attack to swamp Apache servers and cause a denial of service (DoS). It does this by sending a POST request with a large declared content-length (like 1000 MB), then performing the following, ad infinitum: send one letter through the open connection; take a nap.
 Tor's Hammer, in particular, provides a Python script that enables running the slow body attack through a web proxy like Tor, to provide anonymity. It also implements other disguising elements like a slew of User Agent headers.
 We'll test this tool out on the [[Metasploitable]] machine, which is running Apache 2.2.8, and see if it is vulnerable to the Tor's Hammer DoS attack. If so, we'll mount the attack.
+<font size="+3">NOTE: This will completely knock out the target server.</font> The web server will run out of memory and will begin to drop packets from the device. It must be rebooted to fix. Use wisely.
 ==Python Script==
@@ Line 76: / Line 82: @@
 However, these don't seem to affect the attack, as the web server is inaccessible even while the error messages are being printed out.
+==Bringing Down The Server==
+===Ping Down===
+At some point during the attack, the machine stopped responding to ping:
+<pre>
+ping: sendto: Host is down
+Request timeout for icmp_seq 874
+ping: sendto: Host is down
+Request timeout for icmp_seq 875
+ping: sendto: Host is down
+Request timeout for icmp_seq 876
+ping: sendto: Host is down
+Request timeout for icmp_seq 877
+ping: sendto: Host is down
+Request timeout for icmp_seq 878
+ping: sendto: Host is down
+Request timeout for icmp_seq 879
+ping: sendto: Host is down
+Request timeout for icmp_seq 880
+ping: sendto: Host is down
+Request timeout for icmp_seq 881
+ping: sendto: Host is down
+Request timeout for icmp_seq 882
+ping: sendto: Host is down
+Request timeout for icmp_seq 883
+ping: sendto: Host is down
+Request timeout for icmp_seq 884
+ping: sendto: Host is down
+Request timeout for icmp_seq 885
+ping: sendto: Host is down
+Request timeout for icmp_seq 886
+ping: sendto: Host is down
+Request timeout for icmp_seq 887
+ping: sendto: Host is down
+Request timeout for icmp_seq 888
+ping: sendto: Host is down
+Request timeout for icmp_seq 889
+ping: sendto: Host is down
+Request timeout for icmp_seq 890
+ping: sendto: Host is down
+Request timeout for icmp_seq 891
+ping: sendto: Host is down
+Request timeout for icmp_seq 892
+Request timeout for icmp_seq 893
+Request timeout for icmp_seq 894
+Request timeout for icmp_seq 895
+Request timeout for icmp_seq 896
+Request timeout for icmp_seq 897
+Request timeout for icmp_seq 898
+Request timeout for icmp_seq 899
+Request timeout for icmp_seq 900
+Request timeout for icmp_seq 901
+Request timeout for icmp_seq 902
+Request timeout for icmp_seq 903
+Request timeout for icmp_seq 904
+Request timeout for icmp_seq 905
+Request timeout for icmp_seq 906
+Request timeout for icmp_seq 907
+</pre>
+===Memory Squeeze===
+Turns out, the machine ran out of memory, and the network device began dropping packets:
+This attack '''completely''' knocked the server offline, and it had to be rebooted.
+[[Image:TorsHammer_OfflineMemSqueeze.png|500px]]
+=pwn=
+To be sure: this attack can pwn a server.
 =Flags=
+==DoS==
+{{DoSFlag}}
+==Metasploitable==
 {{MSFlag}}
+-->

Metasploitable/TorsHammer: Difference between revisions

From charlesreid1

Latest revision as of 04:40, 29 August 2016