fliper4o's forumotion

Моля регистрирайте се smiling

Предишната темаGo downСледващата тема
Bulgaria Male
Възраст : 23
Мнения : 219


on Декември 19th 2012, 01:22

Source gzipped tarball can be found here (use command "tar -xzvf CGIstress.tgz" to extract)

CGIstress is a DoS tool that uses multiprocessing to exploit inefficient server side scripts. Given a fairly resource hungry script (a search bar, for example), CGIstress can take down most normal shared servers. Almost any blog or site that isn't megacorporate funded will not be able to withstand it. Although the tool was developed and tested exclusively on 64bit Ubuntu with Python 2.7, it should theoretically work on Windows as well.

It helps to know something about HTTP. You call the script from the command like like so: python cgi_stress.py -h [host name] -p [path to script] -v [POST/GET variable values]. There are also additional optional values that will be documented below. As I describe the options I will give an example of a practical target and after listing the options, there is a real use case that in my tests brought the website discussed down.

-h : Host name. This is the domain name or IP address of the target. For example, esr.ibiblio.org
-p : Path to the script. For example /index.php
-v : POST/GET variables. In this example, ?s=e (which assigns the GET variable s to the letter 'e'). This calls the blog's search function and searches all posts for the letter 'e'.

Given the above information we could attack esr.ibiblio.org via the following command:
python cgi_stress.py -h esr.ibiblio.org -p /index.php -v ?s=e

Optional Arguments:
-m : Method. Either GET or POST (GET is default).
-c : Process Count. This program works by opening dozens of processes all requesting the same resource, thus overloading the server. Default is 30.
-t : Test mode. This times how long a given request would take. Useful for determining how inefficient a given script is.
cgi_stress.zip You don't have permission to download attachments.(2 Kb) Downloaded 0 times

~ от Шефа
Предишната темаВърнете се в началотоСледващата тема
Permissions in this forum:
Не Можете да отговаряте на темите