What are Denial of Service Attacks?
Cyber attacks have become a fact of life, with data breaches of high-profile businesses and organizations making headline news practically on a daily basis. One common type of cyber threat is a denial of service (DoS) that as its name implies renders websites and other online resources unavailable to intended users.
DoS threats come in many varieties with some directly targeting the underlying server infrastructure. Others exploit vulnerabilities in application and communication protocols.
Unlike other kind of cyber attacks, which are typically launched to establish a long-term foothold and hijack sensitive information, denial of service assaults do not attempt to breach your security perimeter. Rather, they attempt to make your website and servers unavailable to legitimate users.
A successful DoS attack is a highly noticeable event impacting the entire online user base. This makes it a popular weapon of choice for hacktivists, cyber vandals, extortionists and anyone else looking to make a point or champion a cause.
DoS assaults often last for days, weeks and even months at a time, making them extremely destructive to any online organization. They can cause loss of revenues, erode consumer trust, force businesses to spend fortunes in compensations and cause you to suffer long-term reputation damage..
In a typical DDoS attack, the assailant begins by exploiting a vulnerability in one computer system and making it the DDoS master. The attack master, also known as the botmaster, identifies and infects other vulnerable systems with malware. Eventually, the assailant instructs the controlled machines to launch an attack against a specified target.
There are two types of DDoS attacks: a network-centric attack which overloads a service by using up bandwidth and an application-layer attack which overloads a service or database with application calls. The inundation of packets to the target causes a denial of service. While the media tends to focus on the target of a DDoS attack as the victim, in reality there are many victims in a DDoS attack , the final target and as well the systems controlled by the intruder. Although the owners of co-opted computers are typically unaware that their computers have been compromised, they are nevertheless likely to suffer a degradation of service and not work well.
A computer under the control of an intruder is known as a zombie or bot. A group of co-opted computers is known as a botnet or a zombie army. Both Kaspersky Labs and Symantec have identified botnets – not spam, viruses, or worms – as the biggest threat to Internet security.
(The information below is only based for educational purposes and not for actual DDOSING. Take the required permissions from the owners of a small site operator or your institutions site before performing a DOS Attack)
(The Authors will not be responsible for the misuse of Information's published on this blog)
To perform this attack you need two things:
1. The python Engine (v2.x) – To run and compile the hulk script. You can get it here :http://www.python.org/getit/
NOTE : Download the 2nd version only (for example the current one is 2.7.6), this script does not work with the 3.x version of python.
2. Hulk.py script – This will run like a normal cmd.exe window. It’s a small zip file,Get it here : http://packetstormsecurity.com/files/download/112856/hulk.zip
For technical details, The official website is :http://www.sectorix.com/2012/05/17/hulk-web-server-dos-tool/
When all is done, you should have python installed, and hulk.py file extracted. It would be easier if you installed Python to a root directory, for example : C:\\PYTHON27.
Also, put the hulk.py file which you just extracted in the same root directory alongside the PYTHON27 folder.
(In my case, I put the hulk.py file in the C:\ directory).Again, both python folder and the hulk.py file are now in the C:\ ). With all that done, let’s launch our DOS attack !
1. Open Run, type cmd to start cmd.exe window.
2. Change directory to where you installed PYTHON and put hulk.py , Type ‘cd’ then the directory (Case sensitive) (cd= change directory) cd C:\\PYTHON27
3. Now start up the hulk.py script as follows :
C:\\hulk.py http://www.google.com
C:\\hulk.py http://www.google.com
(Write the directory of the hulk.py file followed by a space followed by the website you want to attack.
(Don’t actually try this with google, since they tend to block IPs with weird requests like the ones we are sending. You may be blocked from google for some time. If you want to try it out, consider setting up a small website on your own, or ask someone’s permission.)
You should now see something like:
HULK ATTACK STARTED
Give it a few seconds then it will show how many requests it has sent. A few more seconds and if the attack was succesfull you will see something like: ‘Response Code 500′
As soon as you spot this, try opening the website which may say : ‘Resource Limit Reached’ or ‘Service Unavailable’ meaning you have successfully brought down the website.
As soon as you spot this, try opening the website which may say : ‘Resource Limit Reached’ or ‘Service Unavailable’ meaning you have successfully brought down the website.
Sign up here with your email
ConversionConversion EmoticonEmoticon