Monday, April 2, 2018

DDoS - Distributed Denial of Service attack with Low Orbit Ion Cannon (LOIC) and Metasploit


- Layout for this exercise:

1 - DoS and DDoS

- A Denial-of-Service attack (DoS) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connected to the Internet:

- Denial of service is typically accomplished by flooding the targeted machine or resource with superfluous requests in an attempt to overload systems and prevent some or all legitimate requests from being fulfilled.

- In a distributed denial-of-service attack (DDoS attack), the incoming traffic flooding the victim originates from many different sources.

- This effectively makes it impossible to stop the attack simply by blocking a single source.

- In this exercise we will perform a DDoS attack against a Linux Metasploitable distro from two attackers:

  • Windows 10 using Low Orbit Ion Cannon (LOIC)
  • Kali Linux using a Metasploit auxiliary module

- The victim role is played by the Metasploitable Linux distro.

2 - Victim: Metasploitable Linux

- Metasploitable is an intentionally vulnerable Linux virtual machine. 

- This VM can be used to conduct security training, test security tools, and practice common penetration testing techniques.

- Connecting to Metasploitable via web:

3 - Attacker 1: Windows 10 with Low Orbit Ion Cannon (LOIC) 

- Low Orbit Ion Cannon (LOIC) is an open-source network stress testing and denial-of-service attack application, written in C#.

- LOIC was initially developed by Praetox Technologies, but was later released into the public domain and now is hosted on several open source platforms.

- LOIC performs a DoS attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. 

- High Orbit Ion Cannon (HOIC) has been designed to replace the LOIC, but the limitation of HOIC is that it requires a coordinated group of users to ensure that the attacks are successful.

- Even though it has allowed attacks to be launched by far fewer users than the older Low Orbit Ion Cannon, HOIC still requires a minimum of 50 users to launch an effective attack and more are required to sustain it if the target website has protection.

- We will use LOIC because our purpose is to exemplify a simple DDoS attack, so the HOIC tool is outside the scope of this exercise.

- Downloading LOIC to Windows 10:

- Running the executable:

- Setting the victim's IP and Lock on:

- Setting the method or attack (HTTP) and the port 80:

- Launching the attack:

- Running Wireshark and applying a filter:

- Removing the filter, let's notice the great amount of responses from Metasploitable:

4 - Attacker 2: Kali Linux with a Metasploit DoS auxiliary module

- Using the synflood Metasploit auxiliary module:

- Setting options for the victim:

- Launching the attack from Kali Linux:

- Running Wireshark:

- Following the Stream Content:

5 - Result of the attack

- As a consequence of the successful DDoS attack the Metasploit web server goes down: