What effect does a denial of service attack have
Wireless hacking usually gives you the password of a wireless network. A man in the middle attack lets you spy on network traffic. Exploiting a vulnerability and sending a payload gives you access and control over the target machine. What exactly does a Denial of Service (DOS) attack do? Basically, it robs the legitimate owner of a resource from the right to use it. I mean if I successfully perform a DOS on your machine, you won't be able to use it anymore. In the modern scenario, it is used to disrupt online services. Many hacktivist groups (internet activists who use hacking as a form of active resistance - a name worth mentioning here is Anonymous) do a Distributed Denial of service attack on government and private websites to make them listen to the people's opinion (the legitimacy of this method of dictating your opinion has been a topic of debate, and a lot of hactivists had to suffer jailtime for participating in DDOS). So basically it's just what its name suggests, Denial Of Service.
Basic Concept
It uses the fact that while a service can be more than sufficient to cater to the demands of the desired users, a drastic increase in unwelcome users can make the service go down. Most of us use the words like "This website was down the other day" without any idea what it actually means. Well now you do. To give you a good idea of what is happening, I'll take the example from the movie "We Are Legion".
Scenario One : Multiplayer online game
Now consider you are playing an online multi-player game. There are millions of other people who also play this game. Now there's a pool in the game that everyone likes to visit. Now you and your friends know that they have the power of numbers. There are a lot of you, and together you decide to make identical characters in the game. And then all of you go and block the access to the pool. You just carried out a denial of service attack. The users of the game have now been deprived of a service which they had obtained the right to use when they signed up for the game. This is just what the guys at 4chan (birthplace and residence of Anonymous) did a long time ago. This is the kind of thing that gives you a very basic idea what a denial of service attack can be.
They made a Swastika and blocked access to the pool |
Scenario 2 : Bus stop
Now assume that due to some reason, you want to disrupt the bus service of your city and stop the people from using the service. To stop the legitimate people from utilizing this service, you can call your friends to unnecessarily use it. Basically you can invite millions of friends to come and crowd around all the bus stops and take the buses without any purpose. Practically it is not feasible since you don't have millions of friends, and they are definitely not wasting their time and money riding aimlessly from one place to another.
So while this may seem impossible in the real world, in the virtual world, you can cause as much load as a thousand (or even a million) users alone at the click of a button. There are many tools out there for this purpose, however, you are not recommended to use them as a DOS on someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.
How denial of service attacks are carried out
Basically, when you visit a website, you send them a request to deliver their content to you. What you send is a packet. Basically, it take more than just one packet, you need a lot of them. But still, the bandwidth that you consume in requesting the server to send you some data is very little. In return, the data they send you is huge. This takes up server resources, for which they pay for. A legitimate view can easily earn more than the server costs on account of advertisements, etc. So, companies buy server that can provide enough data transfer for its regular users. However, if the number of users suddenly increases, the server gives up. It goes down. And since the company knows it under DOS, it just turns off the server, so that it does not have to waste its monetary resources on a DOS, and wait till the DOS stops. Now with the modern computers and bandwidth, we alone can easily pretend to be a thousand or even more users at once. While this is not good for the server, it is not something that can make it succumb (your computer is not the only thing that gets better with time, the servers do too). However, if a lot of people like you do a DOS attack, it becomes a distributed denial of service attack. This can easily be fatal for a server. It's just like you go to a page, and start refreshing it very fast, maybe a thousand times every second. And you are not the only one. There are thousand others that are doing the same thing. So basically you guys are equivalent to more than a million users using the site simultaneously, and that's not something the server can take. Sites like Google and Facebook have stronger servers, and algorithms that can easily identify a DOS and block the traffic from that IP. But it's not just the websites that get better, and the black hat hackers too are improving every day. This leaves a huge scope for understanding DOS attacks and becoming an asset to one of these sides ( the good, the bad and the ugly).
A Live DOS on your Kali Machine
If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you.
We are going to execute a command in the Kali linux terminal that will cripple the operating system and make it hand. It will most probably work on other linux distributions too.
Warning : This code will freeze Kali linux, and most probably it will not recover from the shock. You'll lose any unsaved data. You will have to restart the machine the hard way (turn of the virtual machine directly or cut the power supply if its a real machine). Just copy paste the code and your computer is gone.
:(){ :|:& };:
The machine froze right after I pressed enter. I had to power it off from the Vmware interface.
What basically happened is that the one line command asked the operating system to keep opening process very fast for an infinite period of time. It just gave up.
Here's something for the Windows Users
Crashing Windows Using Batch file
Open a notepad. Put the following code in it-
:1
Start
goto 1
Save the file as name.bat
Bat here is batch file extension. Run it. Game over.
It basically executes the second line, and the third line makes it go over to the first, execute the second, and then over to first again, execute the second..... infinitely. So again, denial of service. All the processing power is used by a useless command, while you, the legitimate user, can't do anything.
That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.
PS:
As suggested in the comments, this script will crash windows much faster-
If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-
PS:
As suggested in the comments, this script will crash windows much faster-
:1
bash name.bat
goto 1
If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-
- Opens another instance of the same script
- Goes to the beginning of the script
So for every execution, the number of scripts slowing down your computer doubles up. This means that instead of linear, the load on memory and processor is now exponential (the script gets more and more dangerous with time).
Thanks it's a good job :)
ReplyDeleteThanks. :)
DeleteIt works.
DeleteInteresting. Can't wait for the next tutorial. I watched the doc about Anonymous, they showed how and why they did a DOS Attack in the game example you refer to. Genius. Could you do the attack via TOR to enable you to change your ip. We have Macchanger, why doesn't somebody write a exploit that will change your ip. I knew I should have lernt how to program when I had a spectrum 48k, back in 1984.
ReplyDeleteNext tutorial on IP masking during DOS. We will spoof the source ip with random ones. Wait for it... :D
DeleteThank you for a great detailed description in response to my question. I always learn something or become a little wiser after visiting your cool site.
ReplyDeleteAlways glad to help.
Deletedont call a person who is willing to learn a dummy you idiot...people want to hack for their own benefit but they just dont understand how hard it really is...and plz stop showing off...it makes you a dick
ReplyDeleteNevermind read your comment on the other post.
Deleterelax :D dont take it seriously dummy :P
DeleteThere's only 1 dick here, and that's you Mr. anon ...
DeleteShow some respect.
This Might sound dumb but, if you are on a public network, (like a starbucks) and you change you ip and MAC address, are you anonymous? if not, what im I missing? Is there anyother simple ways to be anonymous without VPNs and other "hard stuff"
ReplyDeleteismit possible to hack a WPA password without a wireless extension
DeleteThanks So much that was very detailed.
ReplyDelete"Innocence factor - Most of the DOS attacks are carried out by botnets. Botnets are a network of computers infected by malware (trojan known as remote administration tool or RAT). They are controlled by a main master who owns these bots/slaves. He can order them to conduct a DOS attack, and the traffic will originate from the computers of innocent users who have no idea what a malicious program is doing in the background while they are playing their favorite game." - Shashwat Chaudhary. Can This concept using RATS, apply easily to most kinds of hacking?
ReplyDeleteThat answered my question! thanks!
ReplyDeleteI tried to crash windows 7 using the batch file but nothing happened. Is it because I have 8 GB of RAM ?
ReplyDeleteWhat happens when you execute the batch file? Do you see new command prompt windows opening up automatically? On a high end device, it'll take quite a good while for the system to crash.
DeleteYou only have 8GB of RAM? XD I have half a terabyte (But my computer is giant)
Deletethe file name will be "stuck.bat"
ReplyDeleteedit the file and enter:
:a
bash stuck.bat
goto a
O = 2^x will overload the computer faster than O =x
haha, using it exponentially...
DeleteThanks for the addition, making corresponding changes.
Deletesee how websites are vulnerable to SQL map
ReplyDeleteReal Admin Hacking of a website click on
https://www.youtube.com/watch?v=72Gi1oDkHdM
thank you so much,,
ReplyDeleteVery well put. (Almost) Anybody can follow a step-by-step tut, but the key to being successful isn't in "knowing" what what's going to happen because the tut says so, but "understanding" what's going on as you progress through the steps. I spent more time trying trying to find "understanding" (hard to find)....Good to see someone taking the time to explain the "how it works"
ReplyDeleteA quick tip you can add names of softwares installed on the system before the GOTO statement. larger softwares eat up ram faster...
ReplyDeleteThank you so much for explaining things so clearly! I will be spending a lot of time reading your tutorials in the near future
ReplyDeletehow to perform dos using hping3 in kali linux?
ReplyDeletebrief abt how to ddos to site anonymously.
ReplyDeletehkope u get my point.
Great job explaining what I saw in Mr.Robot
ReplyDeletegreat!!!
ReplyDeleteI never know those much clear details about what DOS actually mean.
Can I do a DOS attack on a friend's website/my own website? Is the web hotel/server going to have a problem with that and is it illegal? If I would do it on a friend's website then he would be with me as i do it.
ReplyDeleteFor practice host something on intranet (use IP 0.0.0.0) and then try to take it down. Or maybe try to perform a DOS on your wireless router.
DeleteAnd yeah, your web host won't be happy about a DOS attack on it (attacking your site is same as attacking your web host/server.)
Deletewhere i can get the rest of the tutorial?
ReplyDeleteThe ":1
ReplyDeletebash name.bat
goto 1" code is what's known as a ForkBomb. Just throwing this out there bc it's really fun to say. :)
how long does a ddos attack effective ?
ReplyDeletelike is it a permanent effect to the page u want to attck or is there a time-limit
As long as one continues the attack, the target is down. There could also be some buffer time (depending on the magnitude of the attack) needed to recover after the DDOS is over.
Deletei execute this command ":(){ :|:& };:" in my own kali linux pc and freezed it, but when i restarted it, the so doesnt runs, and keep in the black screen with the white "-" twinkling.. anyone knows how to fix it ?
ReplyDelete%|%
ReplyDeletecall the file %.bat
quick forkbomb
Mua vé máy bay tại Aivivu, tham khảo
ReplyDeletemua ve may bay di my
ve may bay tu my ve vietnam
vé máy bay từ đức về sài gòn
các chuyến bay từ nga về việt nam
giá vé máy bay từ anh về việt nam
chuyến bay từ pháp về việt nam
bảng giá khách sạn cách ly tại hà nội
Since every case is different, we place a high value on individualized legal tactics catered to our clients' particular situations. This starts with a comprehensive evaluation of the case, in which we carefully review the facts, pinpoint possible defences, and weigh the advantages and disadvantages of the prosecution's position. Equipped with this understanding, we devise a tactical safeguard with the objective of attaining the most favourable result, be it by compromise, litigation, or non-traditional dispute settlement techniques.Fairfax Criminal Defense Lawyer
ReplyDeletePublication Divorce New York allows divorce papers to be served via newspaper when a spouse cannot be located, providing a legal solution for uncontested divorces.
ReplyDeleteYou definitely have some great insight and great stories.
ReplyDeleteI check out new stuff post. keep it up. Its greatt
ReplyDeleteI want you to thank for your time of this wonderful read!!!
ReplyDeleteI admire this article for the well-researched content and excellent wording.
ReplyDelete