HashDoS PoC
I was at the CCC (28C3) congress in Berlin recently.
Where the two researchers Alexander 'alech' Klink and Julian 'zeri' Wälde disclosed a DoS vulnerability affecting about all programming languages in the way they utilize hashtables.
Funny thing is, most server technologies, PHP, ASP (.NET), Java variants, Pyhon (django) etc, all appear to be vulnerable to different variants of the attack.
It consists of abusing the hashtable datastructure(s) in a way which all forces the keys to generate the same hash (checksum), and by doing so placing all data in the same bucket(s).
Basically, you trigger the hashtable(s) worst case scenario(s).
...That takes CPU...
You may download their presentation here, in order to get a more in-depth explanation about their findings.
My fellow mates 'sasha' and 'swestres' started generating collisions for various languages and I took part of their research and made this PoC affecting the hashing algorithm DJBX33A used in PHP5.
So here you go folks, no license, play with the PoC as you wish!
(It's supposed to work with SSL and over Mono!)
Thats it!
Take care & happy new years!
Cheers!
4 Comments
-
-
-
-
Fredrik Nordberg Almroth says:
Perhaps, but our PoC was out four days earlier!
Hey, I'm Fredrik. I'm from Sweden, born 1990, and I got a huge interest for information technology and information security. So far, I've been studying for three years at the Internation IT College of Sweden and one year at the Royal Institute of Technology (Kista, Sweden). I'm currently working at Young / Skilled and as a shareholder of Arctic Security. If you wish to contact me, please email me at h@ackack.net or follow me at twitter @Almroot.