HashCollision-DOS-POC icon indicating copy to clipboard operation
HashCollision-DOS-POC copied to clipboard

Published 20 hours ago verified publisher icon firefart

Metadata

Proof of Concept for the PHP and JAVA Hashcollision Denial of service attack

This script was written by Christian Mehlmauer [email protected] https://twitter.com/#!/FireFart

Sourcecode online at: https://github.com/FireFart/HashCollision-DOS-POC

Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision

http://www.ocert.org/advisories/ocert-2011-003.html CVE: Apache Geronimo: CVE-2011-5034 Oracle Glassfish: CVE-2011-5035 PHP: CVE-2011-4885 Apache Tomcat: CVE-2011-4858

requires Python 2.7

Examples: -) Make a single Request, wait for the response and save the response to output0.html python HashtablePOC.py -u https://host/index.php -v -c 1 -w -o output -t PHP

-) Take down a PHP server(make 500 requests without waiting for a response): python HashtablePOC.py -u https://host/index.php -v -c 500 -t PHP

-) Take down a JAVA server(tested with Tomcat and Glassfish; make 500 requests without waiting for a response, maximum POST data size 2MB): python HashtablePOC.py -u https://host/index.jsp -v -c 500 -t JAVA -m 2

Changelog: v6.0: Added Javapayloadgenerator v5.0: Define max payload size as parameter v4.0: Get PHP Collision Chars on the fly v3.0: Load Payload from file v2.0: Added Support for https, switched to HTTP 1.1 v1.0: Initial Release

Metadata

98
Stars
26
Forks
Watchers

Owner

verified publisher icon firefart

Metadata

Proof of Concept for the PHP and JAVA Hashcollision Denial of service attack

Back