The Hacker News Logo
Subscribe to Newsletter

DDoS Attack Using Google Plus Servers

DDoS Attack Using Google Plus Servers
A Security expert at Italian security firm AIR Sicurezza Informatica has claimed that Google's servers vulnerability allows a hacker to exploit the search giant's bandwidth to launch a distributed denial-of-service (DDoS) attack on any targeted server.

On the IHTeam Security Blog, Simone Quatrini, demonstrates how users can make Google's servers act as a proxy to fetch content on their behalf. 

Quatrini has written a shell script that will repeatedly prompt Google's servers to make requests to a site of the attacker's choice, effectively using Google's bandwidth rather than their own, in an effort to prevent it from functioning.

The advantage of using Google and make requests through their servers, is to be even more anonymous when you attack some site (TOR+This method) and the funny thing is that apache will log Google IP addresses.

But beware: gadgets/proxy? will send your ip in apache log, if you want to attack, you'll need to use /_/sharebox/linkpreview/.

WORKING
Using vulnerable pages i.e. “/_/sharebox/linkpreview/“ and “gadgets/proxy?“, it is possible to request any file type from the external source, and Google Plus servers will download it to show the content. So, if you parallelize so many requests at same time, it will be possible to perform a significant DDoS attack against any website with Google's bandwidth.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.
SHARE
Comments
Latest Stories
Best Deals

Newsletter — Subscribe for Free

Join over 500,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.