Full Disclosure mailing list archives
Re: Arbitrary DDoS PoC
From: Sanguinarious Rose <SanguineRose () occultusterra com>
Date: Tue, 14 Feb 2012 16:46:09 -0700
Now, I had to do it. I took a look at his other projects (I know, I know..., it has begun) https://github.com/lfamorim/IntensiveDoS If you thought the python code was bad... It doesn't even do anything remotely effective. Now, pthreads has a cap of around 200 max threads (depends on compile options, platform, etc.) a single process can do. If this was even remotely "Intensive" it would be using async sockets which you can at least get a few K of connections. Should I even mention it just disconnects after connecting kinda rendering well, I can't think of a polite way to say it, utterly useless. Any properly setup http, apache even, can reflect this like throwing cotton balls but in his case he is claiming the cotton balls are somehow really bowling balls. *http_header = "GET / HTTP/1.1\r\n\r\n"; This HTTP request doesn't include a "Host" field hence breaking the HTTP 1.1 standard before we even begin. I also noticed he doesn't believe in functions with variables instead relying on globals. Sections of the code sometimes use { } for a single if/while/else/for/etc. statement and some don't which makes me wonder if it's copy/paste. In my experience and in my own programming they usually don't dash their code with such style irregularities. Now inside his Makefile: rm -rf IntensiveDoS IntensiveDoS.o Do you seriously need to recursively deleted two files forcefully? Now on this: https://github.com/lfamorim/Connect-Back-Win32-Trojan All I can really say is it's not a very good trojan if it leaves a big black console screen and if you click the 'X' it goes away / terminates the reverse shell. The standard reverse shell code can be found on google with many more improvements and there is nothing really innovative or interesting here. Now This: https://github.com/lfamorim/rebreaker All I can say is 12 lines of code being called "Extremely advanced algorithm to remove distortions from recaptcha images, allowing OCR." using http://projects.scipy.org/scipy/milestone/0.10.0 is rather well. Just take a look (the main 2 lines of the program that do anything). for i in WordSlice(imread(argv[1], True)).get_words(): Hough(i).find_ellipses(lambda img: imresize(img, 0.4, 'bilinear')) I don't think I have to say anything else for those two lines of "Extremely advanced algorithm" besides this single line. lfamorim pushed to master at lfamorim/rebreaker February 14, 2012 => 40369be making things more efficient. Combine the above with his "proxy botnet" using curl I have to ask.... why would anyone respond to this guy in a logical fashion when it is obvious he does not know what he is doing. He is as bad as Steve Gibson ranting about raw socket support in WindowsXP and how it's going to end the entire internet, only in this case he is referring to open proxies. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Arbitrary DDoS PoC Lucas Fernando Amorim (Feb 13)
- Re: Arbitrary DDoS PoC Gage Bystrom (Feb 13)
- Re: Arbitrary DDoS PoC adam (Feb 13)
- Re: Arbitrary DDoS PoC Gage Bystrom (Feb 13)
- Re: Arbitrary DDoS PoC Terrence (Feb 14)
- Re: Arbitrary DDoS PoC Lucas Fernando Amorim (Feb 14)
- Re: Arbitrary DDoS PoC Gage Bystrom (Feb 14)
- Re: Arbitrary DDoS PoC Sanguinarious Rose (Feb 14)
- Re: Arbitrary DDoS PoC Laurelai (Feb 14)
- Re: Arbitrary DDoS PoC Sanguinarious Rose (Feb 14)
- Re: Arbitrary DDoS PoC adam (Feb 13)
- Re: Arbitrary DDoS PoC Gage Bystrom (Feb 13)
- Re: Arbitrary DDoS PoC Lucas Fernando Amorim (Feb 15)
- Re: Arbitrary DDoS PoC Sanguinarious Rose (Feb 15)
- Re: Arbitrary DDoS PoC Grandma Eubanks (Feb 15)
- Re: Arbitrary DDoS PoC Lucas Fernando Amorim (Feb 16)
- Re: Arbitrary DDoS PoC Terrence (Feb 14)