Jump to content

How To Ddos Attack ?


Kabel Optic

Recommended Posts

A DDoS attack on other people/websites without explicit permission is illegal.

Just thought I should warn you.

But from my understanding (Im a beginner pentester mind you, Stuck to Virtual Box environments on my server), you have to gather a great number of computers which you've exploited/breached,

installed the software to DDoS. (I personally don't know what software, I think you can just ping, don't quote me on it!)

Find out the ip of the target you wish to DDoS be it a website or computer server.

If it is a computer make sure the port your going to DDoS is open or you will fail.

Then simultaneously launch all the clients at the same time to cause a massive use of bandwidth/computing power.

That usually disconnects the client, crashes the computer, or causes the computer to go real slow.

If it is a webpage it can cause it to crash.

Understand that I personally have never looked into learning how to DDoS, so my knowledge is limited to wikipedia and mostly guess work.

But if your are just starting in the Computer Security I suggest starting smaller and in a controlled environment to avoid legal issues.

Try out and familiarize yourself with a Linux operating system there are many to choose from but i suggest you start with ubuntu,

and work your way out from there.

Next try setting up a virtual environment using virtual box or something to that equivalent and attempt pentesting the machines you set up.

(Backtrack is a great operating system for pentesting.)

Knowledge of a programming language is also a plus, C++ is great in my opinion, but I hear Pearl, Ruby, and Python are especially great for exploiting. (Correct me if I am wrong guys.))

If you have any questions post em here on the forum, and we'll help you out.

Link to comment
Share on other sites

I would warn you not to engage in any illegal activities especially DDOSing websites. Seriously if you get caught you will pay serious time. If you want to learn how DDOS works, do a search in Google you will find plenty of information, even articles walking through the process.

Did a simple Google search and found these articles. Read through them to understand it better.

http://en.wikipedia.org/wiki/Denial-of-service_attack

http://www.us-cert.gov/cas/tips/ST04-015.html

Link to comment
Share on other sites

Got to agree with the guys above, if your completely new a DDoS is not really the place to be starting :) Ofc course if it's all running nicely on an internal network you own.........well thats different!

Remotesh is right on with learning Python - it's so nom nom :D

Have fun oh and Welcome to the fourms I guess :P

Link to comment
Share on other sites

Its been so long since I've seen a Let Me Google That For You link.

Use to do it to my buddies all the time when they asked me a question.

Good times, good times.

Anyway check out some of the pinned stickies.

Some of them still hold some decent info so it would be a great read and tutorial.

Have Fun,

-Remotesh

Link to comment
Share on other sites

  • 2 weeks later...

I originally left this place years ago because of all the silly moral posturing and general ass-hattery present, so I will give you straight answer, or at least a good push in the right direction:

Check out low orbit ion cannon Teh Wikipedias source code available right hurr. Back in the day, syn flooding (repeatedly sending the first part of a TCP handshake from spoofed IP addresses was all the rage, but this hasn't worked for quite a few years now. Hope that helps. I'm happy to answer any other questions.

Link to comment
Share on other sites

  • 2 weeks later...

Hello,

DDoS to harm people's network, or to down websites is illegal and you can get in huge troubles.

First for all I'd like to seriously recommend you to don't use this for such as things like these.

A DDoS is an attack from multiple computers, So you will need more computers.

Also its important you have a quite good internet connection urself (Else you might crash yourself).

I recommend to use a server for this too cause a server has a quite more better internet connection(VPS servers are already available from like €8 p/m).

Also make sure if you use a server your host isn't blocking DoS attacks.

First you need the target's IP address ofcourse and make sure you are flooding an open port.

Do a port scan to check which ports are open.

There are different tools already made for DoS attacks.

Hping3 has a flood mode built-in which send quite alot packets to the destination.

There are quite alot more tools for DoSing. Backtrack 5 has some already (Applications -> Stress Testing).

I know this cause I've been testing my servers firewall for being DoS proof.

You should use it for these purposes too, and not for crashing people's internet connection or downing websites

Link to comment
Share on other sites

@Flex, I hope he doesn't use the information you gave him to commit any illegal crimes.

Link to comment
Share on other sites

If he would use this for DoSing people or website's, then hes acting illegal and he can get in huge troubles (with police).

All the DoS attempts are mostly logged and easy to get the IP address from the person who is DoSing.

So Kabel Optic, please only use these things for testing your servers firewall from being secure against DoS attacks.

Link to comment
Share on other sites

  • 7 months later...

Correct me if I'm wrong but... If you're using backtrack or any other Linux based OS with programs, that would make you a script kiddie as well? Just because he didn't make it doesn't give you a right to insult him. You didn't write half the programs you use I'm sure. I went to school for diesel mechanics just because I wanted to learn how to do it... Does that make me a diesel mechanic? nope not at all but I know a few things. If everyone hates script kiddies why do you have open source programs? They are there for free download and use, if you don't want to help someone learn them stfu & let someone else do it.

Link to comment
Share on other sites

Correct me if I'm wrong but... If you're using backtrack or any other Linux based OS with programs, that would make you a script kiddie as well? Just because he didn't make it doesn't give you a right to insult him. You didn't write half the programs you use I'm sure. I went to school for diesel mechanics just because I wanted to learn how to do it... Does that make me a diesel mechanic? nope not at all but I know a few things. If everyone hates script kiddies why do you have open source programs? They are there for free download and use, if you don't want to help someone learn them stfu & let someone else do it.

Well no, we wouldn't be sript kiddies for the fact that we don't just use the times and go bam you've been haxxed. We try to understand the underlying principles to why the tool or script works and then we attempt to modify it or make our own. Of course it also helps that like previously said above, hes probaly just doing this to show off to his friends or appear cool. Where as we either do this for a living or we devote years of our time to understanding how to do this. So no we would not be script kiddie for example I still currently consider myself a script kiddie. For the fact that I can't modify or completely undertsand the code behind the tools I use. I on the other hand am attempting to learn the principles behind it before I use it.

Link to comment
Share on other sites

For fun, you can also read up on the new Hash collisions. If you can understand that, then you'll probably be able to get DDOS's in general. Plus, it'll get you a bit more into code development. There has also been some DNS based DoS work you could look at.

You might also want to specify what you are looking to do. I imagine that you might be trying to get into something and not coming at it in the best direction.

I would advise a lot of caution though. Plenty of people who thought they were good are in jails right now for not being smart enough about what illegal things seemed like fun.

Link to comment
Share on other sites

I don't understand why people say "harm", "cause damage", etc when referring to DDoS attacks.

1. Since when does the network equipment itself get harmed?

2. Since when is a computer on the network "frying"?

3. "Taking down a website" is no more complicated than getting a bunch of friends together to call a senator and fill up his phone lines with calls. There are no differences in between the two, except there's a double standard about DDoS because "all hackers are evil because we don't understand anything".

If it's not causing physical damage, saying this is illegal is a violation of Freedom of Speech on the internet, and the 1st Amendment needs Amending to protect us all from the scourge of imbeciles...

Link to comment
Share on other sites

  • 7 months later...

A DDoS attack on other people/websites without explicit permission is illegal.

Just thought I should warn you.

But from my understanding (Im a beginner pentester mind you, Stuck to Virtual Box environments on my server), you have to gather a great number of computers which you've exploited/breached,

installed the software to DDoS. (I personally don't know what software, I think you can just ping, don't quote me on it!)

Find out the ip of the target you wish to DDoS be it a website or computer server.

If it is a computer make sure the port your going to DDoS is open or you will fail.

Then simultaneously launch all the clients at the same time to cause a massive use of bandwidth/computing power.

That usually disconnects the client, crashes the computer, or causes the computer to go real slow.

If it is a webpage it can cause it to crash.

Understand that I personally have never looked into learning how to DDoS, so my knowledge is limited to wikipedia and mostly guess work.

But if your are just starting in the Computer Security I suggest starting smaller and in a controlled environment to avoid legal issues.

Try out and familiarize yourself with a Linux operating system there are many to choose from but i suggest you start with ubuntu,

and work your way out from there.

Next try setting up a virtual environment using virtual box or something to that equivalent and attempt pentesting the machines you set up.

(Backtrack is a great operating system for pentesting.)

Knowledge of a programming language is also a plus, C++ is great in my opinion, but I hear Pearl, Ruby, and Python are especially great for exploiting. (Correct me if I am wrong guys.))

If you have any questions post em here on the forum, and we'll help you out.

You do not need to download anything to ddos it`s and easy 3 step instrcuctions

1. gotot star>run>type cmd

2. a window should pop up asking for a command ill give an example like google so type ping www.google.com

3.it will then send reply``s along with numbers/ ip adress well say its 234.12 so type ping 234.12 -t -l 700

there shoud be an endless ammount of reply`s coming back leave it like that for a couple of hours and the site willl begin to slow to slow down hell i left a ddos going for 23 hours before and i have one going right now.

Link to comment
Share on other sites

Sorry to say, but that isn't a "DDoS". By definition a DDoS is a "Distributed Denial of Service". One PC is not a distributed attack. Not only that, pings are little bandwidth and would not slow any server down.

Malicious attacks of this nature are childish and does not impress anyone. We are a community that is above such behavior.

Also this is a 7 month old last activity thread you just redeemed from the dead. Keep that in mind.

Link to comment
Share on other sites

I wrote an article on the anatomy of DOS and DDOS attacks with some examples of older attacks that should not work anymore, you can learn from that without breaking the law ...

http://www.ihackforfun.eu/index.php?title=anatomy-and-mitigation-of-different

If you want to read it in full you need to purchase a magazine ;-)

Link to comment
Share on other sites

using ddos ive seen it happen in my FreetoPlay Game Warrock and nubs would constantly dos people in game off the server so they could pwn the other team my point is he just wants to show off that he can do something to other players ( not saying that it is what he wants but could possibly)and if truely he was interested he should have used everyone's best friend google and learned a thing or two before coming as a last resort here im not a pro nor do i claim to be but as someone young who love's technology for what it has become and is becoming i wouldn't offer or encourage anyone to do so unless they truely have a network to secure and in this case clearly they dont because they dont even understand the ddos concept let alone know what it is. Ethier way good luck with what your goal is and hope this isnt some illegal plan of yours theres tons of great minds who've been caught up you'd be no match.

Just speaking my two cents whether it was needed or not my thought on it .

-lmgonza

Link to comment
Share on other sites

Hi Kabel,

I don't believe it's logical or helpful for hackers on a hacking board to try to pass ethical judgements on attack vectors or the people who ask about them, so I'm just going to give you a straightforward answer.

To DDOS you cause a large amount of traffic from multiple (i.e. distributed) sources to be directed to a target. The target could be an individual, a website, a production server, whatever.

You usually identify the target with its IP address. Most websites' IP address can be obtained with a ping. For example in Windows cmd prompt, OS X terminal, or a Linux command shell just type "ping hak5.org" to get the IP of this site. Some sites try to hide their IP addresses, but you can still sometimes get them with special "resolvers". In the case of an individual, you might send them a link to your website, then check the logs for their IP after they visit.

There are mutliple forms of traffic you might send -- UDP, SSYN, GET, POST, Slowaris, etc. Your options will depend on the software you're using to co-ordinate your DDOS attack and which one is best will probably depend on the set up of your target's computer/server.

So now the questions are where do you get your distributed sources and what software do you use to co-ordinate the attacks. The sources could be your own servers/computers, a bunch of friends, or computers that you control because they are infected with a trojan/virus that gives you control. The software that is used to control them is usually called a "booter" by the younger generation of hackers. It's extremely commonplace that kids own, rent, and trade these booters on other popular hacking forums.

Now, having answered your question as directly as I could, I will throw in a few editorial comments here at the end. DDOSing is an extremely easy, yet powerful, form of hacking (it's so basic it's almost hard for pen tester's to consider it hacking). There are only very limited ethical uses by most people's standards -- you could use it to test the security of your website, you could use it to kick your buddy offline during a multiplayer game bc you're both kids and you know that he has a sense of humor, or you could use it to stop some evil power such as if radical fundementalists had an anti-American website that had to go.

It's caught a lot of negative attention from the public over the past 3-5 years though, due to groups like Anonymous having DDOS'ed various government websites in such a way that could encourage the enemies of America to think that we are weak. You don't want to do that and as a result law enforcement, particularlly the FBI, have been cracking down on lots of kids who use booters. They can trace the source of the traffic very easily and from there find the IRC channel used by your booter to "command and control" the sources of traffic, then from there they find your IP address, show up at your house, slam you on the ground, break your ribs, put their knees in your back, take you to a dirty prison, let you become the sex slave of an STD-infected prison gang, and ruin your future by giving you a criminal background.

That amount of paternalist government intolerance is all absolutely horrifying, aborant, anti-American, anti-Internet, and sickening. But it's the way it is and things are just getting worse, so if you experiment with DDOS do so safely. Use it on yourself and your buddies, but don't use it in such a way that will get you into trouble.

Cheers!

Link to comment
Share on other sites

Sorry to say, but that isn't a "DDoS". By definition a DDoS is a "Distributed Denial of Service". One PC is not a distributed attack.

I actually didn't catch who you're replying to, but I've seen a lot of people say this when someone confuses DOS with DDOS. I wonder though...isn't it fair to say that single computers/servers can do DDoS by distributing it over a range of spoofed IP's? I think this is how server/"shell" based booters work as opposed to "bot" based ones, but I've never actually used a booter and am just catching up on all these new terms. Back when I was a kid they called it DOS even if it was distributed and you mainly read about it in the context of rival computer clubs doing it to one another.

Not only that, pings are little bandwidth and would not slow any server down.

Yea, most peeps wouldn't use ICMP on a server and if they did it can be easily disabled. However I will say that I have seen some people use ICMP floods sucessfully for stress testing servers, it's definitely a major vector for IRC/gamer flooding, and it's a part of a SSYN attack.

I just disable it on my servers tho.

Edited by 0062
Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...