Jump to content


Photo
- - - - -

How To Ddos Attack ?


  • This topic is locked This topic is locked
22 replies to this topic

#1 Kabel Optic

Kabel Optic

    Newbie

  • Members
  • 1 posts

Posted 23 May 2011 - 06:06 PM

I'm newbie want to learn :( :( :(

#2 Remotesh

Remotesh

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 65 posts
  • Gender:Male
  • Location:Florida
  • Interests:Pentesting
    Hacking
    Programming
    Technology
    Computers
    Modding
    Hak5

Posted 23 May 2011 - 09:21 PM

A DDoS attack on other people/websites without explicit permission is illegal.
Just thought I should warn you.

But from my understanding (Im a beginner pentester mind you, Stuck to Virtual Box environments on my server), you have to gather a great number of computers which you've exploited/breached,
installed the software to DDoS. (I personally don't know what software, I think you can just ping, don't quote me on it!)

Find out the ip of the target you wish to DDoS be it a website or computer server.
If it is a computer make sure the port your going to DDoS is open or you will fail.

Then simultaneously launch all the clients at the same time to cause a massive use of bandwidth/computing power.
That usually disconnects the client, crashes the computer, or causes the computer to go real slow.
If it is a webpage it can cause it to crash.

Understand that I personally have never looked into learning how to DDoS, so my knowledge is limited to wikipedia and mostly guess work.

But if your are just starting in the Computer Security I suggest starting smaller and in a controlled environment to avoid legal issues.
Try out and familiarize yourself with a Linux operating system there are many to choose from but i suggest you start with ubuntu,
and work your way out from there.
Next try setting up a virtual environment using virtual box or something to that equivalent and attempt pentesting the machines you set up.
(Backtrack is a great operating system for pentesting.)
Knowledge of a programming language is also a plus, C++ is great in my opinion, but I hear Pearl, Ruby, and Python are especially great for exploiting. (Correct me if I am wrong guys.))

If you have any questions post em here on the forum, and we'll help you out.
(Insert Witty Saying Here)

#3 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 23 May 2011 - 11:57 PM

I would warn you not to engage in any illegal activities especially DDOSing websites. Seriously if you get caught you will pay serious time. If you want to learn how DDOS works, do a search in Google you will find plenty of information, even articles walking through the process.

Did a simple Google search and found these articles. Read through them to understand it better.

http://en.wikipedia....-service_attack
http://www.us-cert.g...s/ST04-015.html
Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#4 Calianna

Calianna

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 38 posts
  • Gender:Female

Posted 24 May 2011 - 02:03 PM

Got to agree with the guys above, if your completely new a DDoS is not really the place to be starting :) Ofc course if it's all running nicely on an internal network you own.........well thats different!

Remotesh is right on with learning Python - it's so nom nom :D

Have fun oh and Welcome to the fourms I guess :P

#5 digip

digip

    -we're all just neophytes-

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 7,655 posts
  • Gender:Male
  • Location:RnVjayBPZmYh 192.168.100.1

Posted 25 May 2011 - 12:39 AM

I'm newbie want to learn :( :( :(

http://lmgtfy.com/
@xxdigipxx http://www.attack-scanner.com/ | I'm the resident dick around here, or so I am told. Don't take it personally, I just give a shit too much sometimes. respect to all, its the Internet, don't take it to heart.
"Staying quiet doesn't mean I have nothing to say, it means I don't think you're ready to hear my thoughts..."

#6 Remotesh

Remotesh

    Hak5 Fan ++

  • Active Members
  • PipPipPipPip
  • 65 posts
  • Gender:Male
  • Location:Florida
  • Interests:Pentesting
    Hacking
    Programming
    Technology
    Computers
    Modding
    Hak5

Posted 25 May 2011 - 06:12 AM

http://lmgtfy.com/



Its been so long since I've seen a Let Me Google That For You link.

Use to do it to my buddies all the time when they asked me a question.

Good times, good times.

Anyway check out some of the pinned stickies.
Some of them still hold some decent info so it would be a great read and tutorial.


Have Fun,

-Remotesh
(Insert Witty Saying Here)

#7 Calianna

Calianna

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 38 posts
  • Gender:Female

Posted 25 May 2011 - 06:57 AM

http://forums.hak5.o...p?showtopic=913 + Google = Plenty of Knowledge.

What are you looking to achieve btw? Web hacking? General Pen Testing? Application? Networks?

#8 PoyBoy

PoyBoy

    Hak5 Uber fan +++

  • Active Members
  • PipPipPipPipPipPipPipPipPip
  • 1,182 posts
  • Gender:Not Telling
  • Location:Between Keyboard and Chair

Posted 03 June 2011 - 11:04 PM

I originally left this place years ago because of all the silly moral posturing and general ass-hattery present, so I will give you straight answer, or at least a good push in the right direction:

Check out low orbit ion cannon Teh Wikipedias source code available right hurr. Back in the day, syn flooding (repeatedly sending the first part of a TCP handshake from spoofed IP addresses was all the rage, but this hasn't worked for quite a few years now. Hope that helps. I'm happy to answer any other questions.
Damn you, damn the broccoli, and damn the Wright Brothers!


#9 Flex

Flex

    Hackling

  • Active Members
  • Pip
  • 8 posts

Posted 16 June 2011 - 05:17 PM

Hello,

DDoS to harm people's network, or to down websites is illegal and you can get in huge troubles.
First for all I'd like to seriously recommend you to don't use this for such as things like these.


A DDoS is an attack from multiple computers, So you will need more computers.
Also its important you have a quite good internet connection urself (Else you might crash yourself).
I recommend to use a server for this too cause a server has a quite more better internet connection(VPS servers are already available from like 8 p/m).
Also make sure if you use a server your host isn't blocking DoS attacks.

First you need the target's IP address ofcourse and make sure you are flooding an open port.
Do a port scan to check which ports are open.

There are different tools already made for DoS attacks.
Hping3 has a flood mode built-in which send quite alot packets to the destination.
There are quite alot more tools for DoSing. Backtrack 5 has some already (Applications -> Stress Testing).

I know this cause I've been testing my servers firewall for being DoS proof.
You should use it for these purposes too, and not for crashing people's internet connection or downing websites
Regards,
Flex

Posted Image

Posted Image

#10 Infiltrator

Infiltrator

    Gray-Hat Specialist

  • Active Members
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 4,392 posts
  • Gender:Male
  • Location:Over the Atlantic, at a cruising altitude of 70.000 feet.
  • Interests:Wireless and Network Security
    Server Virtualization
    Computer Network Infrastructure
    Server implementation.
    General Aviation
    RC Airplanes and Helicopters
    Scuba Diving
    Sky Diving
    War driving
    Solar battery Systems.
    Pen-Testing
    Command & Conquer

Posted 16 June 2011 - 10:56 PM

@Flex, I hope he doesn't use the information you gave him to commit any illegal crimes.
Regards,
Infiltrator


Posted Image

Currently studying for my CCE.

#11 Flex

Flex

    Hackling

  • Active Members
  • Pip
  • 8 posts

Posted 17 June 2011 - 02:26 AM

If he would use this for DoSing people or website's, then hes acting illegal and he can get in huge troubles (with police).
All the DoS attempts are mostly logged and easy to get the IP address from the person who is DoSing.

So Kabel Optic, please only use these things for testing your servers firewall from being secure against DoS attacks.
Regards,
Flex

Posted Image

Posted Image

#12 pnp

pnp

    Newbie

  • Members
  • 1 posts

Posted 06 February 2012 - 12:49 PM

Correct me if I'm wrong but... If you're using backtrack or any other Linux based OS with programs, that would make you a script kiddie as well? Just because he didn't make it doesn't give you a right to insult him. You didn't write half the programs you use I'm sure. I went to school for diesel mechanics just because I wanted to learn how to do it... Does that make me a diesel mechanic? nope not at all but I know a few things. If everyone hates script kiddies why do you have open source programs? They are there for free download and use, if you don't want to help someone learn them stfu & let someone else do it.

#13 Doctor

Doctor

    Hackling

  • Active Members
  • Pip
  • 10 posts

Posted 06 February 2012 - 01:59 PM

Correct me if I'm wrong but... If you're using backtrack or any other Linux based OS with programs, that would make you a script kiddie as well? Just because he didn't make it doesn't give you a right to insult him. You didn't write half the programs you use I'm sure. I went to school for diesel mechanics just because I wanted to learn how to do it... Does that make me a diesel mechanic? nope not at all but I know a few things. If everyone hates script kiddies why do you have open source programs? They are there for free download and use, if you don't want to help someone learn them stfu & let someone else do it.


Well no, we wouldn't be sript kiddies for the fact that we don't just use the times and go bam you've been haxxed. We try to understand the underlying principles to why the tool or script works and then we attempt to modify it or make our own. Of course it also helps that like previously said above, hes probaly just doing this to show off to his friends or appear cool. Where as we either do this for a living or we devote years of our time to understanding how to do this. So no we would not be script kiddie for example I still currently consider myself a script kiddie. For the fact that I can't modify or completely undertsand the code behind the tools I use. I on the other hand am attempting to learn the principles behind it before I use it.

#14 Diggs

Diggs

    Hak5 Fan +

  • Active Members
  • PipPipPip
  • 36 posts

Posted 06 February 2012 - 03:43 PM

For fun, you can also read up on the new Hash collisions. If you can understand that, then you'll probably be able to get DDOS's in general. Plus, it'll get you a bit more into code development. There has also been some DNS based DoS work you could look at.

You might also want to specify what you are looking to do. I imagine that you might be trying to get into something and not coming at it in the best direction.

I would advise a lot of caution though. Plenty of people who thought they were good are in jails right now for not being smart enough about what illegal things seemed like fun.

#15 General Grievous

General Grievous

    Hak5 Fan

  • Active Members
  • PipPip
  • 18 posts

Posted 09 February 2012 - 01:35 AM

I don't understand why people say "harm", "cause damage", etc when referring to DDoS attacks.

1. Since when does the network equipment itself get harmed?

2. Since when is a computer on the network "frying"?

3. "Taking down a website" is no more complicated than getting a bunch of friends together to call a senator and fill up his phone lines with calls. There are no differences in between the two, except there's a double standard about DDoS because "all hackers are evil because we don't understand anything".

If it's not causing physical damage, saying this is illegal is a violation of Freedom of Speech on the internet, and the 1st Amendment needs Amending to protect us all from the scourge of imbeciles...

#16 David50

David50

    Newbie

  • Members
  • 1 posts

Posted 14 September 2012 - 12:10 AM

A DDoS attack on other people/websites without explicit permission is illegal.
Just thought I should warn you.

But from my understanding (Im a beginner pentester mind you, Stuck to Virtual Box environments on my server), you have to gather a great number of computers which you've exploited/breached,
installed the software to DDoS. (I personally don't know what software, I think you can just ping, don't quote me on it!)

Find out the ip of the target you wish to DDoS be it a website or computer server.
If it is a computer make sure the port your going to DDoS is open or you will fail.

Then simultaneously launch all the clients at the same time to cause a massive use of bandwidth/computing power.
That usually disconnects the client, crashes the computer, or causes the computer to go real slow.
If it is a webpage it can cause it to crash.

Understand that I personally have never looked into learning how to DDoS, so my knowledge is limited to wikipedia and mostly guess work.

But if your are just starting in the Computer Security I suggest starting smaller and in a controlled environment to avoid legal issues.
Try out and familiarize yourself with a Linux operating system there are many to choose from but i suggest you start with ubuntu,
and work your way out from there.
Next try setting up a virtual environment using virtual box or something to that equivalent and attempt pentesting the machines you set up.
(Backtrack is a great operating system for pentesting.)
Knowledge of a programming language is also a plus, C++ is great in my opinion, but I hear Pearl, Ruby, and Python are especially great for exploiting. (Correct me if I am wrong guys.))

If you have any questions post em here on the forum, and we'll help you out.

You do not need to download anything to ddos it`s and easy 3 step instrcuctions
1. gotot star>run>type cmd
2. a window should pop up asking for a command ill give an example like google so type ping www.google.com
3.it will then send reply``s along with numbers/ ip adress well say its 234.12 so type ping 234.12 -t -l 700
there shoud be an endless ammount of reply`s coming back leave it like that for a couple of hours and the site willl begin to slow to slow down hell i left a ddos going for 23 hours before and i have one going right now.

#17 Mr-Protocol

Mr-Protocol

    Hak.5 Packet Ninja

  • Administrators
  • PipPipPipPipPipPipPipPipPipPipPipPip
  • 3,452 posts
  • Gender:Male

Posted 14 September 2012 - 12:22 AM

Sorry to say, but that isn't a "DDoS". By definition a DDoS is a "Distributed Denial of Service". One PC is not a distributed attack. Not only that, pings are little bandwidth and would not slow any server down.

Malicious attacks of this nature are childish and does not impress anyone. We are a community that is above such behavior.

Also this is a 7 month old last activity thread you just redeemed from the dead. Keep that in mind.

Mr-Protocol @ irc.hak5.org #hak5
Mr-Protocol @ chat.freenode.org #hak5
 
https://wifipineapple.com/
 
Im just watching a bad dream I never wake up from. -Spike Spiegel
DerbyCon


#18 ihackforfun

ihackforfun

    Hak5 Fan

  • Active Members
  • PipPip
  • 29 posts
  • Gender:Male
  • Interests:security

Posted 14 September 2012 - 01:14 AM

I wrote an article on the anatomy of DOS and DDOS attacks with some examples of older attacks that should not work anymore, you can learn from that without breaking the law ...

http://www.ihackforf...on-of-different

If you want to read it in full you need to purchase a magazine ;-)
www.ihackforfun.eu

#19 lmgonza

lmgonza

    Hak5 Fan

  • Active Members
  • PipPip
  • 19 posts

Posted 15 September 2012 - 12:59 AM

using ddos ive seen it happen in my FreetoPlay Game Warrock and nubs would constantly dos people in game off the server so they could pwn the other team my point is he just wants to show off that he can do something to other players ( not saying that it is what he wants but could possibly)and if truely he was interested he should have used everyone's best friend google and learned a thing or two before coming as a last resort here im not a pro nor do i claim to be but as someone young who love's technology for what it has become and is becoming i wouldn't offer or encourage anyone to do so unless they truely have a network to secure and in this case clearly they dont because they dont even understand the ddos concept let alone know what it is. Ethier way good luck with what your goal is and hope this isnt some illegal plan of yours theres tons of great minds who've been caught up you'd be no match.
Just speaking my two cents whether it was needed or not my thought on it .
-lmgonza

#20 0062

0062

    Newbie

  • Active Members
  • 4 posts

Posted 16 September 2012 - 07:40 PM

Hi Kabel,

I don't believe it's logical or helpful for hackers on a hacking board to try to pass ethical judgements on attack vectors or the people who ask about them, so I'm just going to give you a straightforward answer.

To DDOS you cause a large amount of traffic from multiple (i.e. distributed) sources to be directed to a target. The target could be an individual, a website, a production server, whatever.

You usually identify the target with its IP address. Most websites' IP address can be obtained with a ping. For example in Windows cmd prompt, OS X terminal, or a Linux command shell just type "ping hak5.org" to get the IP of this site. Some sites try to hide their IP addresses, but you can still sometimes get them with special "resolvers". In the case of an individual, you might send them a link to your website, then check the logs for their IP after they visit.

There are mutliple forms of traffic you might send -- UDP, SSYN, GET, POST, Slowaris, etc. Your options will depend on the software you're using to co-ordinate your DDOS attack and which one is best will probably depend on the set up of your target's computer/server.

So now the questions are where do you get your distributed sources and what software do you use to co-ordinate the attacks. The sources could be your own servers/computers, a bunch of friends, or computers that you control because they are infected with a trojan/virus that gives you control. The software that is used to control them is usually called a "booter" by the younger generation of hackers. It's extremely commonplace that kids own, rent, and trade these booters on other popular hacking forums.

Now, having answered your question as directly as I could, I will throw in a few editorial comments here at the end. DDOSing is an extremely easy, yet powerful, form of hacking (it's so basic it's almost hard for pen tester's to consider it hacking). There are only very limited ethical uses by most people's standards -- you could use it to test the security of your website, you could use it to kick your buddy offline during a multiplayer game bc you're both kids and you know that he has a sense of humor, or you could use it to stop some evil power such as if radical fundementalists had an anti-American website that had to go.

It's caught a lot of negative attention from the public over the past 3-5 years though, due to groups like Anonymous having DDOS'ed various government websites in such a way that could encourage the enemies of America to think that we are weak. You don't want to do that and as a result law enforcement, particularlly the FBI, have been cracking down on lots of kids who use booters. They can trace the source of the traffic very easily and from there find the IRC channel used by your booter to "command and control" the sources of traffic, then from there they find your IP address, show up at your house, slam you on the ground, break your ribs, put their knees in your back, take you to a dirty prison, let you become the sex slave of an STD-infected prison gang, and ruin your future by giving you a criminal background.

That amount of paternalist government intolerance is all absolutely horrifying, aborant, anti-American, anti-Internet, and sickening. But it's the way it is and things are just getting worse, so if you experiment with DDOS do so safely. Use it on yourself and your buddies, but don't use it in such a way that will get you into trouble.

Cheers!




6 user(s) are reading this topic

0 members, 6 guests, 0 anonymous users