KEMBAR78
DoS and DDoS Attack Tools Guide | PDF | Denial Of Service Attack | Communications Protocols
Scribd
Upload
181 views30 pages

DoS and DDoS Attack Tools Guide

This document discusses various denial of service (DoS) and distributed denial of service (DDoS) attack tools and methods. It defines DoS and DDoS attacks, and explains tools like LOIC, HOIC, TOR Hammer, UFONet, Zambie, and Hping3 that can be used to conduct such attacks from Kali Linux. It provides examples of using Hping3, Ettercap filters, and the Ettercap Isolator plugin to perform DoS attacks and bring systems offline by overwhelming them with requests. The goal of DoS and DDoS attacks is to deny access to systems or networks by consuming available resources.

Uploaded by

Rana Sajid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
181 views30 pages

DoS and DDoS Attack Tools Guide

This document discusses various denial of service (DoS) and distributed denial of service (DDoS) attack tools and methods. It defines DoS and DDoS attacks, and explains tools like LOIC, HOIC, TOR Hammer, UFONet, Zambie, and Hping3 that can be used to conduct such attacks from Kali Linux. It provides examples of using Hping3, Ettercap filters, and the Ettercap Isolator plugin to perform DoS attacks and bring systems offline by overwhelming them with requests. The goal of DoS and DDoS attacks is to deny access to systems or networks by consuming available resources.

Uploaded by

Rana Sajid
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 30

Denial Of Service

(DOS)
INSTRUCTOR
SAJID HUSSAIN RAZA
Denial Of Service

 A denial-of-service (DoS) attack is a type of cyber attack in which a


malicious actor aims to render a computer or other device
unavailable to its intended users by interrupting the device's normal
functioning. DoS attacks typically function by overwhelming or
flooding a targeted machine with requests until normal traffic is
unable to be processed, resulting in denial-of-service to addition
users.
DDOS vs DOS

 When attack is distributed over a network and many attackers


target the same system, attack is termed as Distributed Denial of
Service (DDOS)
 When a single attacker takes down a particular system, it is Denial of
Service.
Tools for DOS Attack

 Kali Linux has built in tools for DOS attack. Some of them are
 Metasploit
 Hping3
 Ettercap
 Other famous tools are
 LOIC
 HOIC
 TOR’s Hammer
 UFONet
 Zambie
UFONet

 UFONet - is a tool designed to launch Layer 7 (HTTP/Web Abuse) DDoS &


DoS attacks, using 'Open Redirect' vectors on third part web applications.
 It works by calling its botnets,
and targeting a particular victim.
Hping3

 hping3 is a network tool able to send custom TCP/IP packets and to display
target replies like ping program does with ICMP replies. Hping3 handle
fragmentation, arbitrary packets body and size and can be used in order to
transfer files encapsulated under supported protocols
 In the same way, packets can easily be crafted and flooded to the target
thus causing a DOS attack.
Hping3 DOS attack

➢ Hping3 has lots of flags and


modes to increase the
efficiency of the tool.
➢ -d flag sends the bytes of
defined data.
➢ --floods the victim with infinite
number of requests.
➢ -S is the “Syn” attack.
➢ -f sends fragmented packets.
Hping3 result
➢ Network traffic is increased
rapidly at a very high rate.
➢ If the attack is performed on
open port such as 135, after
sometime, memory usage of
the system gets so high that
system cannot handle it
anymore and gets crashed.
Hping3 Attack stop

➢ If the system is not crashed, it


slows down.
➢ As soon as the attack is
interrupted, system comes to its
normal condition.
Nessus, Nmap and Metasploit
Attack
➢ This is my target machine.
Scanning with Nmap

➢ Target 192.168.0.16 is scanned


with Nmap.
➢ Some open ports are found.
➢ Port 3389 is used for Rdesktop.
Nessus Scan

➢ Target is scanned using Nessus.


➢ Many vulnerabilities are found.
➢ Let’s exploit the rdesktop.
Nessus scan

➢ Exploring the rDesktop


vulnerability gives further
information.
➢ Exploit is also given in the detail.
➢ MS12-020 is the required exploit
present in Metasploit.
SearchSploit
Searching the exploit with name
➢ Searchsploit is the built-in Kali
tool.
➢ Use any of the below
➢ Searchsploit ms12
➢ Searchsploit rdesktop
Metasploit Attack

➢ Use the auxiliary as shown in


screenshot.
➢ Set the target.
➢ RPORT is 3389.
➢ Hit exploit.
Result of MS02-020

➢ As soon as the exploit is


executed, server crashed.

➢ This is the one example of


DOS where system crashed,
other effects of DOS could be
➢ System network choking
➢ Denial of internet services
➢ System not responding
Zambie

➢ Zambie contains combination


of different attacks.
➢ TCP flood attacks and HTTP
attacks.
DHCP Starvation using “DHCPig”

 DHCPig initiates an advanced DHCP exhaustion attack. It will consume all


IPs on the LAN, stop new users from obtaining IPs, release any IPs in use, then
for good measure send gratuitous ARP and knock all windows hosts offline.
DHCPig Attack

➢ Left console shows the flags to


use with dhcpig.
➢ Attack is initiated on wlan0
interface using the command
as shown in figure.
DHCPig Attack Result

➢ As a result of attack, any victim is unable to


connect to the desired AP.
Ettercap

 Ettercap is a comprehensive suite for man in the middle attacks. It features


sniffing of live connections, content filtering on the fly and many other
interesting tricks. It supports active and passive dissection of many protocols
and includes many features for network and host analysis. It has active
plugins for advanced attacks i.e.
 Dos_attack
 Isolator
 Dns_spoof
 Interestingly, one can customize filters for personal use. As one of the filter is
modified and complied in this lab.
Ettercap Script

➢ This simple script discards any


packets coming towards and
from the target ip 192.168.0.21.

➢ Save this filter as dos.filter

➢ 192.168.0.21 is the target.


Ettercap filter compiling
➢ Compile the etter.filter with
etterfilter.
➢ Save the output file as dos.ef
Ettercap DOS Attack

➢ Although Ettercap has built in


DOS_attack plugin. But its not
that much effective.
➢ So custom filter as dos.ef is used.
➢ Highlighted command is issued
for the target 192.168.0.21.
Ettercap DOS Attack

➢ 192.168.0.21 is added to target


list.
➢ Any packet with the source or
destination is dropped thus
causing no service to the target
host.
Ettercap attack result

➢ As soon the attack the


launched, target is unable to
use the internet because of
dropped packets.
Ettercap stop

➢ When attack is terminated from


the attacking machine using
ctrl+c , services are resumed on
the victim machine.
Ettercap “Isolator” Plugin

➢ Use Ettercap GUI as


➢ start unified sniffing
➢ Discover hosts
➢ Add target to 1.
➢ Add gateway to target 2.
➢ Start MITM attack using ARP.
➢ Load isolator Plugin.
Ettercap “Isolator” Plugin

➢ As a result of this attack, service


is denied on the target
machine.
Summary of DOS

 Daily hundreds of DOS or DDOS attacks are generated using


different methods.
 The methods discussed here are the base of every attack.

You might also like