This module performs profile-driven HTTP/2 HPACK bomb denial-of-service attacks against vulnerable servers. The module selects the requested profile and applies its default attack parameters unless PORT, CONNECTIONS or STREAMS are overridden. It verifies target reachability and, when required, records a pre-attack TCP or TLS latency baseline. It then establishes HTTP/2 sessions by negotiating h2, sending the client preface, and completing the initial SETTINGS exchange. After setup, it sends profile-specific HPACK bomb payloads through HEADERS and CONTINUATION frames across multiple streams. These payloads force the server to expand small compressed header blocks into much larger in-memory header state or repeated header reconstruction work. The attacked streams are held open for a profile-specific interval, optionally using WINDOW_UPDATE drips to keep server-side state active. Finally, the module determines success from post-attack liveness, latency degradation, or recovery behavior, depending on the selected profile. Blank parameters inherit the selected profile defaults. Most profiles require TLS plus ALPN h2 support in the runtime SSL stack. Pingora can be used over cleartext h2c by disabling USE TLS.
NGINX Plus and NGINX Open Source have a heap overflow vulnerability in the ngx_http_rewrite_module module. This vulnerability exists when the "rewrite" directive with a query string is followed (in the same location) by the "if" or "set" directive with an unnamed Perl-Compatible Regular Expression (PCRE) capture. An unauthenticated attacker along with conditions beyond its control can exploit this vulnerability by sending crafted HTTP requests. This may cause a heap buffer overflow in the NGINX worker process leading to a restart. Additionally, attackers can execute code on systems with Address Space Layout Randomization (ASLR) disabled or when the attacker can bypass ASLR. This module will first check if the endpoint given in the ENDPOINT parameter is present. If no parameter is provided, the module will use "/api" as the default value. Then it will send a HTTP request to the endpoint to cause the DoS and try to determine if the attack was successful.
This module exploits an authentication bypass vulnerability combined and a buffer overflow in Cisco Secure ASA to cause a denial of service effect. First, the module will check if the target is vulnerable to the authentication bypass. If the target is vulnerable, it will proceed to cause the denial of service.
A memory corruption vulnerability in the Windows IPv6 stack allows remote Denial of Service via maliciously crafted IPv6 Fragment Header packets. Exploitation requires no authentication or user interaction. Attackers need only send specially designed packets to vulnerable hosts. Impacts all Windows versions with IPv6 enabled (default since Windows 10). This exploit performs the following steps: Obtains the data needed to launch the attack, such as local device ID and target MAC address. sets the IPv6 headers. Builds specially crafted packets affecting the IPv6 stack (tcpip.sys driver) Sends packets to the target causing a denial of service. Check if the remote machine is down due to Blue Screen of Death (BSOD)
This module triggers a denial-of-service flaw in the Windows Local Session Manager (LSM). It was found to exist in Windows 11 but not in Windows 10. The vulnerability allows an authenticated, low-privileged user to crash the LSM service by making a simple Remote Procedure Call (RPC) to the RpcGetSessionIds function. The impact of this vulnerability is significant, as a crash of the LSM service can prevent users from logging in or out and affects services that depend on LSM, such as Remote Desktop Protocol (RDP) and Microsoft Defender. The vulnerability can be exploited remotely by an authenticated user with low privileges, especially on a domain controller.
This module triggers a memory corruption vulnerability in the Event Log Service by sending a malformed packet. It can be used by a remote attacker to stop recording events of important software so will left no traces. For example, if an attacker installs an agent on a domain-joined workstation. He can remotely stop the domain controller's Event Log service.
This module triggers a heap-based buffer overflow vulnerability in the DHCP service by sending a malformed DHCPv6 Relay-forward message.
This module crashes the MSMQ service by sending a malformed UserMessage packet which triggers an integer overflow vulnerability.
This module produces an out of bounds and generate a Denial of Service
This module crashes the target machine producing a blue screen by sending a malformed HTTP packet.
Pagination
- Page 1
- Next page