• No results found

Background (

N/A
N/A
Info
Download
Protected

Academic year: 2021

Share "Background ("

Copied!
5
0
0

Loading.... (view fulltext now)

Download now ( 5 Page )

Full text

(1)

5 Deny Of Service (DOS): Apache HTTP web server DOS attack using PERL script

Background (

http://ha.ckers.org/slowloris

)

The ideal situation for many denial of service (DOS) attacks is where all other services remain intact but the webserver itself is completely inaccessible. The concept emerged that would allow a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services, and it is called Slowloris. It is relatively very stealthy compared to most flooding tools as it performs a slow denial of service attack against particular services, rather than flooding networks, by exhausting the number of simultaneous connections allowed on a web server.

Slowloris holds connections open by sending partial HTTP requests (think fragmented, but at the segment layer not the network layer). It continues to send subsequent headers at regular intervals to keep the sockets from closing. In this way the webserverbecomes quickly tied up waiting for the remaining packets. In particular, servers that have

threading will tend to be vulnerable, by virtue of the fact that they attempt to limit the

amount of threading they'll allow. Slowloris must wait for all the sockets to become

available before it's successful at consuming them, so if it's a high traffic website, it may

take a while for the site to free up it's sockets. So while you may be unable to see the website from your vantage point, others may still be able to see it until all sockets are freed by them and consumed by Slowloris. This is because other users of the system must finish their requests before the sockets become available for Slowloris to consume. If others re-initiate their connections in that brief time-period they'll still be able to see the site. So it's a bit of a race condition, but one that Slowloris will eventually always win - and sooner than later.

Overview

Using your remote KALI Linux host, you will download and run “slowloris.pl” perl script against windows 2008 servers running apache 2.2.25 (a fairly recent version).

Remote Connection

See the previous lab (01-NPS00 Introduction to the Lab) and log onto your remote windows host and after that open VNC to your KALI Linux.

(2)

5

Preparation Procedures:

This lab will need to be done on Linux, so we will be downloading and running

“slowloris.pl” perl script on our KALI Linux remote VM. In parallel we will run remote desktop session to our target to see impact of the attack to the server resources.

Steps:

1. First log on to csview.nps.edu via the VMWare View client

2. From your Remote Windows host, use VNC Viewer to get into your KALI Linux host 3. Now open a new shell (terminal window) within KALI Linux.

4. Change directory to Desktop and ftp to ftpv8.hackers.net with the anonymous account (user account: ftp and password: ftp)

5. Get the slowloris.pl file from the /uploads/ directory. 6. Finish ftp session with the bye command.

(3)

5 7. Now From your remote Windows host click on start button, type mstsc and hit

“Enter” in order to open up Remote Desktop Connection.

In Remote Desktop Connection window enter IP address of your victim server and click connect.

Your attack host will be based upon your user account! If your account (CS3695-# or M6-109-#) ends in:

0 or 5 you will be monitoring and attacking 192.168.201.100 1 or 6 you will be monitoring and attacking 192.168.201.101 2 or 7 you will be monitoring and attacking 192.168.201.102 3 or 8 you will be monitoring and attacking 192.168.201.103 4 or 9 you will be monitoring and attacking 192.168.201.104

Username: .\Administrator Password: Password1

8. Now inside of the Windows 2008 server click start button, type resmon and hit “Enter” to open Resource Monitor.

9. In Resource Monitor open Network tab and show Network Activity and TCP Connections by clicking on the triangles shown on the picture above.

Ensure no one else is performing this lab be done against this machine by seeing the TCP connections at a low state!! If it’s at a high state, you may need to wait.

This may take a minute or two

(4)

5 10. Switch to the KALI Linux machine and open IceWeasle

a. Type in address of the Windows/Apache server from above b. Verify that it works

Lab Procedures:

11. Back on your Kali vm, in a terminal window confirm that you are in Desktop directory and execute the slowloris script by typing:

perl slowloris.pl –dns 192.168.201.

{Your Attack IP Address goes here

ñ}

(5)

5 12. Refresh the webpage in IceWeasle to see effect (to be sure you can close it and

open once more – remember that the web page may be in the cache)

Notice the spinning wheel and cancel button, showing it is trying to connect… 13. Switch to the Remote Desktop of the victim Apache server and:

a. Observe the Network Activity and TCP Connections in Resource monitor

14. From your remote windows 7 host, try to connect to the web server, it should fail as well…

15. Switch back to the KALI Linux and stop the script with ctrl+c

16. Now see if you can get to the web site on Kali and your Remote Windows 7 host… You should be able to now.

If you are curious hacker you can play with the parameters that are in the script. Remember that the bottleneck of the server used to make DOS attack is the limited number of threads/sockets that is allowed to be created on the server.

IMPORTANT: If the web page is still working in the browser that means you have still session active. This you can verify in the Resource Monitor -> TCP Connections on the server.

References

Download now ( PDF - 5 Page - 1.12 MB )

Related documents

Using WS_FTP. This tutorial explains how to use WS_FTP, a File Transfer Program for Microsoft Windows. INFORMATION SYSTEMS SERVICES.

You can both download files from the remote site and upload files from your computer to the remote site using FTP.. Many sites run anonymous

Table of Contents. Safety Warnings..3. Introduction.. 4. Host-side Remote Desktop Connection.. 5. Setting Date and Time... 7

To connect to an eXMP running Windows XP Embedded from a host PC, use Microsoft’s “Remote Desktop Connection” application, which comes with Windows XP.. If you are not using

Remote Administration of Windows Servers Using Remote Desktop for Administration

In addition to the two virtual sessions that are available in Windows 2000 Terminal Services Remote Administration mode, an administrator can also remotely connect to the real

Exam : TS: Upgrading Your MCSE on Windows Server 2003 to Windows Server 2008, Technology Specialist. Title : Version : DEMO

The network contains a Remote Desktop Session Host Server that runs Windows Server 2008 R2, and client computers that run Windows 7.. All computers are members of

Scalable Secure Remote Access Solutions

Remote Desktop Client Remote Desktop Firewall: Secure RDP Session Host Remote Desktop Client Remote Desktop MS 2008 R2 Secure RDP Session Host Option 1 Option

Working with Administrative Tools

If you are connecting to a remote computer running Vista or Windows Server 2008 from a computer running Vista or Windows Server 2008, you need to enable the Remote Scheduled

Six Trends in Sales Performance Management. Observations for organizations investigating Sales Performance Management Systems.

While the majority of organizations still manage incentive compensation with homegrown solutions, or complicated Excel spreadsheets, more organizations are retiring

ANNUAL STUDY OF MEDICAL MALPRACTICE INSURANCE MARKET IN ARKANSAS

§ 23-67-502 requires that rates shall not be excessive, inadequate or unfairly discriminatory; however, the Commissioner may approve an excessive rate if failure to approve the