Web Application Security
Re: pentest tool for dos Jun 14 2011 05:48AM
ShiYih Lye (shiyih lye my offgamers com) (2 replies)
Re: pentest tool for dos Jun 14 2011 03:34PM
Jeremiah Cornelius (jeremiah nur net) (1 replies)
Re: pentest tool for dos Jun 14 2011 09:40PM
anthony cicalla gmail com (1 replies)
Re: pentest tool for dos Jun 15 2011 03:04PM
hkm (hkm hakim ws)
You can try the FHTTP "The HTTP Fucker". It is quite very effective.
http://hackingtelevision.blogspot.com/2011/05/fhttp-v12.html

hkm

On Tue, 2011-06-14 at 21:40 +0000, anthony.cicalla (at) gmail (dot) com [email concealed] wrote:
> If you have been doing pen testing for any real length of time your already on watch lists. However dos and ddos testing isn't part of a pen test because you can always take something offline with enough traffic.
> Sent via BlackBerry from T-Mobile
>
> -----Original Message-----
> From: Jeremiah Cornelius <jeremiah (at) nur (dot) net [email concealed]>
> Sender: listbounce (at) securityfocus (dot) com [email concealed]
> Date: Tue, 14 Jun 2011 08:34:10
> To: <webappsec (at) securityfocus (dot) com [email concealed]>
> Reply-To: jeremiah (at) nur (dot) net [email concealed]
> Subject: Re: pentest tool for dos
>
> There's a Java version of LOIC.
>
> You might want to DL through a proxy , and doing so might still get you
> on a watchlist. ;-)
>
> Also, the SourceForge page for JavaLOIC has disappeared. There are
> links to different archives on the 'net. Proceed with caution (sandbox,
> etc.)
>
> http://www.mediafire.com/?u3pn398d5w6sixg
> http://www.mediafire.com/?9rfblvej3ycd8dt
>
> -- JC
>
>
>
> On 06/13/2011 10:48 PM, ShiYih Lye wrote:
> > hi guys,
> >
> > Appreciated a lot with the feedback. I have tested HOIC and LOIC, they
> > are both windows, so might not that suitable for my pentest
> > environment, as I'm using a datacenter linux server as the attacker to
> > dos my webserver.
> >
> > We are still testing Slowloris and RUDY. Siege so far able to trigger
> > more concurrent connection to the victim with 1000+, which ab maximum
> > connection is only around 100+. After those threshold, we will be
> > getting error from the attacker. We are using a Centos 5.5 for the
> > attacker.
> >
> >
> >
> > On Tue, Jun 14, 2011 at 1:47 PM, ShiYih Lye<shiyih.lye (at) my.offgamers (dot) com [email concealed]> wrote:
> >> hi guys,
> >>
> >> Appreciated a lot with the feedback. I have tested HOIC and LOIC, they are both windows, so might not that suitable for my pentest environment, as I'm using a datacenter linux server as the attacker to dos my webserver.
> >>
> >> We are still testing Slowloris and RUDY. Siege so far able to trigger more concurrent connection to the victim with 1000+, which ab maximum connection is only around 100+. After those threshold, we will be getting error from the attacker. We are using a Centos 5.5 for the attacker.
> >>
> >>
> >>
> >>
> >> On Mon, Jun 13, 2011 at 5:46 AM, amar wakharkar<amarsuhas (at) hotmail (dot) com [email concealed]> wrote:
> >>> Dear Lye,
> >>>
> >>> You can use Low Orbit Ion Cannon Tool for DOS.
> >>>
> >>> Regards,
> >>>
> >>> Amar Wakharkar.
> >>>
> >>>
> >>>
> >>>
> >>>> From: shiyih.lye (at) my.offgamers (dot) com [email concealed]
> >>>> Date: Wed, 8 Jun 2011 11:40:00 +0800
> >>>> Subject: pentest tool for dos
> >>>> To: webappsec (at) securityfocus (dot) com [email concealed]; pen-test (at) securityfocus (dot) com [email concealed]
> >>>>
> >>>> Hi guys,
> >>>>
> >>>> We are testing the dos protection mechanism of our web server, and
> >>>> we're using 'apache benchmark', ab for that purpose (httpd version is
> >>>> 2.2.3 in Centos 5) from the pentest machine. But it is not able to go
> >>>> to a higher concurrent hits, so I'm wonder do you have any better or
> >>>> more comprehensive tools out there that you think is better ?
> >>>>
> >>>> Thanks for any input given.
> >>>>
> >>>> Regards,
> >>>> Lye
> >>>>
> >>>> ------------------------------------------------------------------------

> >>>> This list is sponsored by: Information Assurance Certification Review Board
> >>>>
> >>>> Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.
> >>>>
> >>>> http://www.iacertification.org
> >>>> ------------------------------------------------------------------------

> >>>>
> >
> >
> > This list is sponsored by Cenzic
> > --------------------------------------
> > Let Us Hack You. Before Hackers Do!
> > It's Finally Here - The Cenzic Website HealthCheck. FREE.
> > Request Yours Now!
> > http://www.cenzic.com/2009HClaunch_Securityfocus
> > --------------------------------------
> >
>
>
>
>
>
> This list is sponsored by Cenzic
> --------------------------------------
> Let Us Hack You. Before Hackers Do!
> It's Finally Here - The Cenzic Website HealthCheck. FREE.
> Request Yours Now!
> http://www.cenzic.com/2009HClaunch_Securityfocus
> --------------------------------------
>

This list is sponsored by Cenzic
--------------------------------------
Let Us Hack You. Before Hackers Do!
It's Finally Here - The Cenzic Website HealthCheck. FREE.
Request Yours Now!
http://www.cenzic.com/2009HClaunch_Securityfocus
--------------------------------------

[ reply ]
Re: pentest tool for dos Jun 14 2011 12:16PM
Rafael Correia (rafaelnominato gmail com)


 

Privacy Statement
Copyright 2010, SecurityFocus