More Related Content
Similar to Ceh v8 labs module 10 denial of service
Similar to Ceh v8 labs module 10 denial of service (20)
Ceh v8 labs module 10 denial of service
- 1. C EH
Lab M a n u a l
D e n ia l o f S e r v ic e
M o d u l e 10
- 2. M odule 10 - D enial o f S e rv ic e
D e n ia l o f S e r v i c e
Denialof Se ic (DoS) isa attack o a c m ue orn t okthatpe e ts
rv e
n
n o p t r ew r
rvn
le itim teueof its r s uc s
g a s
eo r e.
ICON KEY
V a lu a b le
in fo r m a tio n
L a b S c e n a r io
111 c o m p u tin g , a d e n ia l-o f -s e rv ic e a tta c k (D o S a tta c k ) is a n a tt e m p t to m a k e a
m a c h in e o r n e tw o r k re s o u rc e u n a v a ila b le to its in te n d e d u s e rs . A lth o u g h th e
Test yo u r
m e a n s to earn* o u t, m o tiv e s fo r, a n d ta rg e ts o f a D o S a tta c k m a y van*, it
g e n e ra lly c o n s is ts o f th e e f f o r ts o f o n e o r m o r e p e o p le to te m p o ra r ily 0 1 ־
^
W e b e x e r c is e
W o r k b o o k re
in d e fin ite ly in t e r r u p t 0 1 ־s u s p e n d s e iv ic e s o f a h o s t c o n n e c t e d to th e I n te r n e t.
P e r p e tr a to r s o f D o S a tta c k s ty p ic a lly ta r g e t sites 0 1 ־s e iv ic e s h o s t e d 0 1 1 h ig h p ro f ile w e b s e n ־ers s u c h as b a n k s , c r e d it c a rd p a y m e n t g a te w a y s, a n d e v e n r o o t
n a m e s e iv e r s . T h e te r m is g e n e ra lly u s e d re la tin g to c o m p u te r n e tw o rk s , b u t is
n o t lim ite d to tin s field ; fo r e x a m p le , it is a ls o u s e d 111 r e f e r e n c e to C P U
r e s o u r c e m a n a g e m e n t.
O n e c o m m o n m e t h o d o f a tta c k in v o lv e s s a tu ra tin g th e ta r g e t m a c h in e w ith
e x te r n a l c o m m u n ic a tio n s re q u e s ts , s u c h th a t it c a n n o t r e s p o n d to le g itim a te
tra ffic , o r r e s p o n d s so slo w ly as to b e r e n d e r e d e ss e n tia lly u n a v a ila b le . S u c h
a tta c k s u su a lly le a d to a s e iv e r o v e rlo a d . D e 111 al-o f-se n * 1 ce a tta c k s c a n e sse n tia lly
d is a b le y o u r c o m p u t e r 0 1 ־y o u r n e tw o rk . D o S a tta c k s c a n b e lu c ra tiv e fo r
c rim in a ls; r e c e n t a tta c k s h a v e s h o w n th a t D o S a tta c k s a w a y fo r c y b e r c rim in a ls
to p ro f it.
A s a n e x p e r t e th ic a l h a c k e r 0 1 ־s e c u r i t y a d m i n i s t r a t o r o f a n o rg a n iz a tio n , y o u
s h o u ld h a v e s o u n d k n o w le d g e o f h o w d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d
d e n ia l - o f - s e r v i c e a tta c k s a re c a rr ie d o u t, to d e t e c t a n d n e u t r a l i z e a tta c k
h a n d le r s , a n d to m i t i g a t e s u c h a tta c k s.
L a b O b je c t iv e s
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m D o S a tta c k s a n d to
te s t n e tw o r k fo r D o S flaw s.
1 1 1 d iis la b , y o u w ill:
■
C re a te a n d la u n c h a d e 11 ia l־o f ־se 1v ic e a tta c k to a v ic tim
■
R e m o te ly a d m in is te r c lie n ts
■
P e r f o r m a D o S a tta c k b y s e n d in g a h u g e a m o u n t o f S Y N p a c k e ts
c o n tin u o u s ly
P e r f o r m a D o S H T T P a tta c k
C E H Lab Manual Page 703
Ethical Hacking and Countemieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 3. M odule 10 - D enial o f S e rv ic e
& T o o ls
d e m o n s tr a t e d in
t h i s la b a r e
a v a ila b le in
D:CEHT oo lsC E H v 8
M o d u le 1 0 D en ialo f-S e rv ic e
L a b E n v ir o n m e n t
T o e a rn ־o u t th is, y o u n eed :
■
A c o m p u te r ru n n in g W in d o w S e rv e r 2 0 0 8
■
W in d o w s X P / 7 ru n n in g 111 v irtu a l m a c h in e
■
A w e b b ro w s e r w ith I n te rn e t access
■
A d m in istra tiv e privileges to m n to o ls
L a b D u r a tio n
T im e: 60 M in u te s
O v e r v ie w o f D e n ia l o f S e r v ic e
D e n ia l-o f-se rv ic e (D o S ) is a n a tta c k o n a c o m p u te r o r n e tw o rk th a t p r e v e n t s
leg itim ate u se o f its re so u rc e s. 111 a D o S attack , atta c k e rs flo o d a v ic tim ’s sy ste m
w ith illegitim ate service re q u e s ts o r t r a f f i c to o v e r l o a d its re s o u rc e s a n d p re v e n t it
fro m p e rfo rm in g in t e n d e d tasks.
Lab T asks
O v e rv ie w
P ic k a n o rg a n iz a tio n th a t y o u feel is w o rth y o f y o u r a tte n tio n . T in s c o u ld b e an
e d u c a tio n a l in s titu tio n , a c o m m e rc ia l c o m p a n y , o r p e rh a p s a n o n p ro f it charity.
R e c o m m e n d e d lab s to assist y o u in d en ial o f service:
■
S Y N flo o d in g a ta rg e t h o s t u sin g 11pi11g3
■
H T T P flo o d in g u sin g D o S H T T P
L a b A n a ly s is
A n aly ze a n d d o c u m e n t th e resu lts re la te d to th e la b exercise. G iv e y o u r o p in io n o n
y o u r ta rg e t’s secu rity p o s tu re a n d e x p o su re .
P L E A S E
T A L K
T O
Y O U R
I N S T R U C T O R
R E L A T E D
C E H Lab Manual Page
T O
T H I S
I F
Y O U
H A V E
Q U E S T I O N S
L A B .
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 4. M odule 10 - D enial o f S e rv ic e
S Y N
F lo o d in g
a
T a r g e t H o s t U s in g
h p in g 3
hpingJ is a command-line oriented T C P / IP packet assembler/ analyser.
■ n
co
k ey
1 ^ ~ / V a lu a b le
in fo r m a tio n
y *'
Test yo ur
L a b S c e n a r io
A S Y N flo o d is a f o r m o f d e n ia l-o f-s e rv ic e a tta c k 111 w h ic h ail a tta c k e r s e n d s a
s u c c e s s io n o l S Y N re q u e s ts to a ta rg e t's s y s te m 111 a n a tt e m p t to c o n s u m e
e n o u g h s e rv e r re s o u rc e s to m a k e th e s y s te m u n re s p o n s iv e to le g itim a te tra flic .
k n o w le d g e
A S Y N flo o d a tta c k w o rk s b y n o t r e s p o n d in g to th e s e r v e r w ith th e e x p e c te d
* *
W e b e x e r c is e
m
W o r k b o o k r e v ie w
A C K c o d e . T h e m a lic io u s c lie n t c a n e ith e r sim p ly n o t s e n d th e e x p e c te d A C K ,
o r b y s p o o lin g th e s o u r c e IP a d d re s s 111 th e S Y N , c a u se th e s e r v e r to s e n d th e
S Y N -A C K to a fa lsifie d I P a d d re s s , w h ic h w ill n o t s e n d a n A C K b e c a u s e it
"k n o w s"
th a t
it
never
sen t
a
SYN.
The
s e rv e r
w ill
w a it
fo r
th e
a c k n o w le d g e m e n t f o r s o m e tim e , as s im p le n e tw o r k c o n g e s tio n c o u ld a lso b e
th e c a u s e o f th e m is s in g A C K , b u t 111 a n a tta c k in c re a s in g ly la rg e n u m b e r s o f
h a lf - o p e n
c o n n e c tio n s
w ill
b in d
re so u rc e s
on
th e
s e rv e r
u n til
no
new
c o n n e c tio n s c a n b e m a d e , re s u ltin g 111 a d e n ia l o f se rv ic e to le g itim a te tra ffic .
S o m e sy s te m s m a y a ls o m a lf u n c tio n b a d ly o r e v e n c ra s h if o th e r o p e r a tin g
s y s te m f u n c tio n s a re s ta rv e d o t re s o u rc e s 111 tin s w ay .
A s a n e x p e r t e t h i c a l h a c k e r o r s e c u r i t y a d m i n i s t r a t o r o t a n o r g a n iz a tio n , y o u
s h o u ld h a v e s o u n d k n o w le d g e o f d e n ia l - o f - s e r v i c e a n d d i s t r i b u t e d d e n ia l-o f s e r v i c e a tta c k s a n d s h o u ld b e a b le to d e t e c t a n d n e u t r a l i z e a tta c k h a n d le rs .
Y o u s h o u ld u se S Y N c o o k ie s as a c o u n te r m e a s u r e a g a in s t th e S Y N flo o d w h ic h
e lim in a te s th e re s o u rc e s a llo c a te d o n th e ta r g e t h o s t.
L a b O b je c t iv e s
T h e o b je c tiv e o f tin s la b is to h e lp s tu d e n ts le a r n to p e r f o r m d e n ia l-o f-s e rv ic e
a tta c k s a n d te s t th e n e tw o r k f o r D o S flaw s.
1 1 1 tin s la b , y o u w ill:
■
■
C E H Lab Manual Page 705
P e r f o r m d e n ia l-o t-s e r v ic e a tta c k s
S e n d h u g e a m o u n t o f S Y N p a c k e ts c o n tin u o u s ly
Ethical Hacking and Countenneasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 5. M odule 10 - D enial o f S e rv ic e
& T o o ls
d e m o n s tr a t e d in
th i s la b a r e
a v a ila b le a t
D:CEHT oo lsC E H v 8
M o d u le 1 0 D en ialo f-S e rv ic e
L a b E n v ir o n m e n t
T o e a rn ’ o u t d ie lab , y o u need:
■
A c o m p u te r r u n n in g W in d o w s 7 as v ic tim m a c h in e
■
B a c k T ra c k 5 r3 ru n n in g 111 v irtu a l m a c h in e as a tta c k e r m a c h in e
"
W ir e s h a rk is lo c a te d a t D :C EH -ToolsC EH v 8 M o d u le 0 8 S n iffin g S n iffin g
T oolsV W iresh ark
L a b D u r a tio n
T u n e : 10 M in u te s
O v e r v ie w o f h p in g 3
11pu1g3 is a n e tw o rk to o l ab le to se n d c u s to m T C P / I P p a c k e ts a n d to d isp lay ta rg e t
rep lies like a p in g p ro g ra m d o e s w ith IC M P replies. 11pu1g3 h a n d le s fra g m e n ta tio n ,
a rb itra n ־p a c k e ts b o d y , a n d size a n d c a n b e u s e d u i o rd e r to tra n s fe r hies
e n c a p su la te d u n d e r s u p p o r te d p ro to c o ls.
Lab T asks
— j
F lo o d SYN P a c k e t
1.
L a u n c h B a c k T a c k 5 r3 o n th e v irtu al m a c h in e .
2.
L a u n c h d ie h in g p 3 utility fro m th e B a c k T ra c k 5 r3 v irtu al m a c h in e . S elect
B a c k T r a c k M e n u -> B a c k t r a c k -> I n f o r m a tio n G a th e r i n g -> N e tw o r k
A n a ly s is -> I d e n tif y L iv e H o s t s -> H p in g 3 .
^^Applications Places System (
r 3
j
Sun Oct 21. 1:34 PM
V Accessories
inform
ationG
athering
... N ork Analysis
etw
W Appl ^
eb
^ Graphics
► ״vulnerability Assessment
^|
^
#- ״Exploitation Tools
|ףDatabase ^
aiiveo
►
^
arei
lvf
internet
S B (yfke
System Tools
9 Wine
Wireless ^
► i Maintaining Access
|
Other
!f, Sound & Video
0=5! hping3 is a
command-line oriented
TC P/IP packet
assembler/analyzer.
Pnvilege Escalation
Otrace
־f; arping
,c
•
^
Reverse Engineering
.!4 Network T a f c Analysis
rfi
detect*new־
ip6
;ן ״RFID Tools
” dnmap
*b
>n OSIMT Analysis
► tj StressI c t n
fsig
^
fping
R
oute Analysis »!.
hplng2
.־H service Fin erp tin
g rin g
forensics
^
R
eportin T o
g o ls
hpingj
^ netAscovcr
^ netifera
<< back
.
t
nmap
^ Pn
b
j
sctpscan
t ae
rc®
traceroute
wle
o^ zenmap
1y=I Type only hping3
without any argument. If
hping3 was compiled with
Tel scripting capabilities,
you should see a prompt.
C E H Lab Manual Page 706
Figure 1.1: BackTrack 5 r3 Menu
3.
T h e h p in g 3 u tility starts in d ie c o m m a n d shell.
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 6. M odule 10 - D enial o f S e rv ic e
*
*
root(afbt: -
File Edit View trm inal Help
>
syn
set SYN flag
<
־־rst
set RST flag
* ־־push
set PUSH flag
v
ack
set ACK flag
־־urg
set U flag
RG
-־xnas
set X unused flag
(0x40)
ynas
set Y unused flag
(0x80)
■tcpexitcode
use last tcp->th flags as exit code
tcp-tinestaTp enable the TCP timestamp option to guess the HZ/uptine
J
(
f
data size
data fron file
add ,signature*
Bum packets in
(default is 0)
e olt p O O tS .
na T 'T ro R
mn
|
1
-u ^ end
te ll you
reacheJ EO and prevent reAind
F
•T -•traceroute traceroute m
ode
(Implies ••bind and ־־t t l 1)
--tr-stop
Exit
when receive the firs t not ICMP in traceroute node
tr <ccp t t l
Keep the source TTL fixed, useful to nonitor ]ust one hop
**tr*no-rtt
Don't calculate/show RTT information in traceroute node
ARS packet description (new, unstable)
apd send
Send
the packet described with apo (see docs/APO.txt)
F IG U R E 1.2: BackTrack 5 13 Command Shell with hping3
4.
111 th e c o m m a n d shell, ty p e h p in g 3 - S 1 0 .0 .0 .1 1 - a 1 0 .0 .0 .1 3 - p 2 2 -flo o d a n d p re s s E n te r .
m
First, type a simple
command and see the
result: #hping3.0.0-alpha1> hping resolve
www.google.com
66.102.9.104.
m
The hping3
command should be called
with a subcommand as a
first argument and
additional arguments
according to die particular
subcommand.
a
v
*
root(abt: -
File Edit View Terminal Help
F IG U R E 1.3: BackTrack 5 r3 11ping3 command
5.
L i d ie p re v io u s c o m m a n d , 1 0 .0 .0 .1 1 (W in d o w s 7 ) is th e v ic t im ’s m a c h in e
IP a d d re ss, a n d 1 0 .0 .0 .1 3 ( B a c k T r a c k 5 r3 ) is th e a t t a c k e r ’s m a c h in e IP
ad d ress.
/v
v
x
root(§bt: -
File Edit View *fenminal Help
״ootebt:-# hp1ng3 -s 10.0.0.11 ■ 10.0.0.13 • 22 •■flood
a
p
HPING 10.0 9.11 (ethO 10.6.0.11): S set, 40 headers 0 data
hping in flood node, no replies w ill be show
n
<< b a c k
H y1 The hping resolve
=
command is used to
convert a hostname to an
IP address.
C E H Lab Manual Page 707
tra c k
F IG U R E 1.4: BackTrack4 Command Shell with hping3
6.
11pi11g3 flo o d s th e v ic tim m a c h in e b y se n d in g b u lk S Y N p a c k e ts a n d
o v e rlo a d in g v ic tim reso u rc es.
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 7. M odule 10 - D enial o f S e rv ic e
7.
G o to d ie v ic tim ’s m a c h in e (W in d o w s 7). In stall a n d la u n c h W ire sh a rk ,
a n d o b se rv e th e S Y N p ack ets.
12(SVN Rev445202
טMicro o tC r o a i n PeviceNPFJ605FlD17-52CF-4EA9-BA6P-5E43A8Dro2DD [ i e
sf oprto:
W r shark
Pile Edit View Gc Capture Analyze Statistics Telephony Tools Internals Help
0. < 0 1 m m »
a
.
m
IBTal
hping3 was mainly
used as a security tool in
the past. It can be used in
many ways by people who
don't care for security to
test networks and hosts. A
subset of the things you
can do using hping3:
■ Firewall testing
יAdvanced port scanning
יNetwork testing, using
various protocols, TOS,
fragmentation
■ Manual path M TU
discovery
■ Advanced traceroute,
under all the supported
protocols
■ Remote OS
fingerprinting
* Remote uptime guessing
■ TC P/IP stacks auditing
m
D
estination
Protocol Length Info
31 .כ
31 .כ
31 . נ
31 . נ
10.0.0.11
TCP
10.0.0.11
10.0.0.11
1
10.0.0.11
TCP
TCP
TCP
TCP
|G
l
.
IE
Ij
54 [TCP Pert numbers
54 [TCP Pert numbers
54 [TCP Pert numbers
54 [TCP Port numbers
■ ff1i ־r 3 ^ T
M7־
54 [TCP Port numbers
reused]
reused]
reused]
reused]
T T 1
reused]
53620
53621
53622
53623
>
>
>
>
ssh
ssh
ssh
ssh
[SYN] 5
[SYN] s
[SYN] 5
[SYN] 5
13771■3
53625 > ssh [SYN] 5
1
U-tI& W 7
ZW tt M
Frame 1: 54 b/tes on wire (432 b it s ) , 54 bytes captured (432 b its ) on in te rface 0
Ethernet I I , Src: Microsof_a8:78:07 (00:15:5d:a8:78:07), Dst: M'crosof_a8:78:05 (00:15:5d:a
Internet Protocol version 4, src: 10.0.0.13 (10.0.0.13), Dst: 10.0.0.11 (10.0.0.11)
Transmission control Protocol, src Po rt: 11766 (11766), Dst Port: ssh (22), seq: 0, Len: 0
OO O
O
0019
0020
0030
0015
0028
00Ob
0200
5d
dl
2d
ee
as
3a
f6
df
78
00
00
00
05 00 15
00 40 06
16 3a a9
00
5d a8 78 07 OS 00 45 00
95 7e Oa 00 00 Od Oa 00
09 f c 61 62 d6 d7 50 02
. .] .x .. . ].X ...E .
•(• :..®. —........
O Fl:*CUsenAdminAppDataLocalTemp... P c e s 119311 D s l y d 119311 M r e . P o i e D f u t
ie
akt:
ipae:
a k . . rfl: e a l
FIG U R E 1.5: Wireshark with SYN Packets Traffic
Y o u se n t h u g e n u m b e r o l S Y N p a c k e ts, w h ic h c a u se d d ie v ic tim ’s m a c h in e
to crash .
L a b A n a ly s is
D o c u m e n t all d ie resu lts g a d ie r d u rin g d ie lab.
T o o l/U tility
I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d
S Y N p a c k e ts o b s e r v e d o v e r flo o d in g th e r e s o u rc e s in
h p in g 3
P L E A S E
T A L K
v ic tim m a c h in e
T O
Y O U R
I N S T R U C T O R
R E L A T E D
T O
T H I S
I F
Y O U
H A V E
Q U E S T I O N S
L A B .
I n te rn e t C o n n e c tio n R e q u ire d
□ Y es
0 No
P la tfo rm S u p p o rte d
0
C E H Lab Manual Page 708
C la s s ro o m
0 1L a b s
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 8. M odule 10 - D enial o f S e rv ic e
Lab
H T T P
F lo o d in g
U s in g
D o S H T T P
D oS H T T P is an H T T P flood denial-of-service (D oS) testing toolfor Windows.
D o S H T T P includesp o rt designation and reporting.
ICON KEY
L a b S c e n a r io
/ V a lu a b le
in fo r m a tio n
H T T P flo o d in g is a n a tta c k th a t u se s e n o rm o u s u seless p a c k e ts to jam a w e b server.
111 tliis p a p e r, w e u se lu d d e n se m i-M a rk o v m o d e ls (H S M M ) to d e s c n b e W e b -
.-* v
Test yo ur
______ k n o w le d g e
b ro w s in g p a tte rn s a n d d e te c t H T T P flo o d in g attack s. W e first u se a large n u m b e r o f
leg itim ate re q u e s t seq u e n c e s to tra in a n H S M M m o d e l a n d th e n u se tins leg itim ate
m .
W e b e x e r c is e
m o d e l to c h e c k ea c h in c o m in g re q u e s t se q u en c e . A b n o rm a l W w b traffic w h o se
lik e lih o o d falls in to u n re a s o n a b le ra n g e fo r th e leg itim ate m o d e l w o u ld b e classified
as p o te n tia l a tta c k traffic a n d sh o u ld b e c o n tro lle d w ith special a ctio n s su c h as
filtering 01 ־lim itin g th e traffic. F inally w e v alid ate o u r a p p ro a c h b y te stin g d ie
m e th o d w ith real data. T h e re su lt sh o w s th a t o u r m e th o d c a n d e te c t th e a n o m a ly
w e b traffic effectively.
111 th e p re v io u s lab y o u le a rn e d a b o u t S Y N flo o d in g u sin g 11p111g3 a n d th e
c o u n te rm e a s u re s th a t c a n b e im p le m e n te d to p re v e n t su c h attack s. A n o th e r m e th o d
th a t atta c k e rs c a n u se to a tta c k a se rv er is b y u sin g th e H T T P flo o d a p p ro a c h .
A s a n e x p e rt e th i c a l h a c k e r a n d p e n e tr a ti o n t e s t e r , y o u m u s t b e aw are o f all types
o f h a c k in g a tte m p ts 0 11 a w e b serv er. F o r H T T P flo o d in g a tta c k y o u sh o u ld
im p le m e n t a n a d v a n c e d te c h n iq u e k n o w n as “ ta rp ittin g ,” w h ic h o n c e esta b lish e d
su ccessfu lly w ill set c o n n e c tio n s w in d o w size to few bytes. A c c o rd in g to T C P / I P
p ro to c o l d esig n , th e c o n n e c tin g d ev ice w ill initially o n ly se n d as m u c h d ata to targ et
as it tak es to fill d ie w in d o w u n til th e serv er re s p o n d s. W ith ta rp ittin g , th e re w ill b e
110
re s p o n s e b a c k to th e p a c k e ts fo r all u n w a n te d H T T P re q u e sts, th e re b y
p ro te c tin g y o u r w e b server.
L a b O b je c t iv e s
T h e o b je c tiv e o f tin s la b is to h e lp s m d e n ts le a r n H T T P flo o d in g d e m a l-o t
se rv ic e (D o S ) a tta c k .
C E H Lab Manual Page 709
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.
- 9. M odule 10 - D enial o f S e rv ic e
& T o o ls
d e m o n s tr a t e d in
t h i s la b a r e
a v a ila b le in
D:CEHT oo lsC E H v 8
M o d u le 1 0 D en ialo f-S e rv ic e
L a b E n v ir o n m e n t
T o e a rn ’ o u t th is lab , y o u n eed :
■
D oSH T T P to o l lo c a te d a t D :C E H -ToolsC E H v 8 M o d u le 1 0 D enial-ofS e rv ic e ' DDoS A tta c k T o o lsD o S H TTP
■
Y o u c a n a lso d o w n lo a d th e la te s t v e r s io n o f D o S H T T P f r o m th e lin k
h ttp : / / w w w .s o c k e ts o f t. 11 e t /
■
I f y o u d e c id e to d o w n lo a d th e l a t e s t v e r s io n , th e n s c r e e n s h o ts s h o w n
111 th e la b m ig h t d if fe r
■
A c o m p u te r m m iu ig W in d o w s S e r v e r 2 0 1 2 as h o s t m a c h in e
■
W in d o w s
■
A w e b b ro w s e r w ith an I n te r n e t c o n n e c tio n
■
A d m in istra tiv e p rivileges to m il to o ls
7 ru n n in g
o n v irtu a l m a c liu ie as a tta c k e r m ac liu ie
L a b D u r a tio n
T u n e : 10 M in u te s
O v e r v ie w o f D o S H T T P
D o S H T T P is an H T T P H ood d en ial-o f-se rv ic e (D oS ) te stin g to o l fo r W in d o w s. I t
in clu d e s U R L v e rific atio n , H T T P re d ire c tio n , a n d p e rfo rm a n c e m o n ito rin g .
D o S H T T P u ses m u ltip le a s y n c h ro n o u s so c k ets to p e rf o rm a n e ffectiv e H T T P
flo o d . D o S H T T P c a n b e u s e d sim u lta n e o u sly o n m u ltip le clients to e m u la te a
d is tn b u te d d e n ial-o f-serv ice (D D o S ) attack . T in s to o l is u s e d b y I T p ro fe ssio n a ls to
te s t w e b se rv er p e rfo rm a n c e .
Lab T asks
1.
2.
D oSH T T P
F lo o d in g
In sta ll a n d la u n c h D o S H T T P u i W in d o w s S e r v e r 2 0 1 2 .
T o la u n c h D o S H T T P , m o v e y o u r m o u s e c u rs o r to lo w e r le ft c o rn e r o f d ie
d e s k to p a n d click S ta r t.
FIG U RE 2.1: Windows Server 2012 Desktop view
C E H Lab Manual Page 710
Ethical Hacking and Countermeasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 10. M odule 10 - D enial o f S e rv ic e
3.
C lick d ie D o S H ttp 2 .5 a p p fro m d ie S t a r t m e n u a p p s to la u n c h d ie p ro g ra m .
Adm
inistrator ^
Start
Cro c
c Ur
Tf
ac
Mngr
a ae
Miilla
o
Feo
irf x
*
DoSHTTP is an easy
to use and powerful HTTP
Flood Denial of Service
(DoS) Testing Tool for
Windows. DoSHTTP
includes U R L Verification,
H TTP Redirection, Port
Designation, Performance
Monitoring and Enhanced
Reporting.
y *
©
•
Cmad
om
n
Po p
r mt
rr־
N
otefao*
r S TP
wHT
S
V n tr
tmK
Hp fV
yo
N«
kk
Wb lc t
oC n
%
וי
Cn
to e
l
■
FIG U R E 2.2: Windows Server 2012 Start Menu Apps
T h e D oSH T T P m a in scre e n ap p e a rs as s h o w n 111 th e fo llo w in g figure; 111 d iis lab
w e h a v e d e m o n s tra te d trial v e rsio n . C lick T ry to c o n tin u e .
|
File
O p tio n s
H elp
D
T o o ls
d e m o n s tr a t e d in
t h i s la b a r e
a v a ila b le in
D:CEHT oo lsC E H v 8
M o d u le 1 0 D en ialo f-S e rv ic e
X
DoSHTTP 2.5.1 - Socketsoft.net [Loading...]
H
DoSHTTP Registration
H־
Ta
r
/ U nreq istered V ersion
V
(
Sa
J
3
Close
Us
[m
fry
You have 13 days or 3 uses left on your free trial.
Enter your Serial Number and click the Register button.
3
Register
jSerial Number
I
C׳sc 3 r-sr
t־ttD://w w w .so cketsoft. ret׳
'
1
R
eady
FIG U R E 2.3: D oSH TIP main window
5.
E n te r d ie U R L o r IP a d d re ss 111 d ie T a r g e t URL field.
6.
S elect a U s e r A g e n t, n u m b e r o f S o c k e t s to se n d , a n d th e ty p e o f R e q u e s ts to
sen d . C lick S ta r t.
7.
C E H Lab Manual Page 711
m
DoSHTTP includes
Port Designation and
Reporting.
111 d iis lab , w e are u sin g W in d o w s 7 I P (10.0.0.7) to flo o d .
Ethical Hacking and Countemieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 11. M odule 10 - D enial o f S e rv ic e
H
nn^HTTP ? S 1 - W kpfcnft npf [Fvaliiatmn Mnrlp]
File
O p tio n s
*1
H elp
DoSH TTP
HTTP Flood Denial of S ervice (DoS) Testing Tool
Target URL
10.0.0.11
Usei Agent
|Mozilla/6.0 (compatible; MSIE 7.0a; Windows NT 5.2; SV1)
Sockets
Requests
1
500
▼ Verify URL jStart FloodJ
]
▼ | |Continuous
Close
httD://www.socketsoft.ret'׳
Leca D s c a mer
Ready
--------
!-------------------------- J
FIG U R E 2.4: DoSHTTP Flooding
N o te: T h e s e I P a d d re sses m a y d iffe r 111 y o u r la b e n v iro n m e n t.
8.
C lick OK m th e D o S H T T P e v a lu a tio n p o p -u p .
H
DoSHTTP 2.5.1 - Socketsoft.net [Evaluation Mode]
File
y DoSHTTP uses
multiple asynchronous
sockets to perform an
effective H TTP Flood.
DoSHTTP can be used
simultaneously on multiple
clients to emulate a
Distributed Denial of
Service (DDoS) attack.
O p tio n s
x
H elp
DoSHTTP
E valuation m o d e w ill o n ly p e rfo rm a m a x im u m o f 10000 requests per
session.
OK
Lees D - S c a rrer
t
־ttD:.|’
, www.soctetsoft.ret/
.
׳
Ready
FIG U R E 2.5: DoSHTTP Evaluation mode pop-up
9.
L a u n c h d ie W ir e s h a rk n e tw o rk p ro to c o l an aly zer 111 d ie W in d o w s 7 v irtu a l
m a c h in e a n d sta rt its in terfa ce.
10. D o S H T T P sen d s a s y n c h r o n o u s so c k e ts a n d p e rfo rm s H TT P flo o d in g o f d ie
y
DoSHTTP can help
IT Professionals test web
server performance and
evaluate web server
protection software.
DoSHTTP was developed
by certified IT Security and
Software Development
professionals
C E H Lab Manual Page 712
ta rg e t n etw o rk .
11. G o to V irtu a l m a c h in e , o p e n W ire s h a rk . a n d o b se rv e th a t a lo t o f p a c k e t
traffic is c a p tu re d b y W iresh a rk .
Ethical Hacking and Countenneasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
- 12. M odule 10 - D enial o f S e rv ic e
^^t info Mr sf oprt nDv P65lD^C E ^6E88W^
j" pjr gr micooKr oa!oAe!nN^0F 12MAA^4AC 2
Fl £ i View
ie d t
£0 Capture Analyze S a i t c Telephony Tools I t rnals Help
ttsis
ne
pyai
Fle
itr
No.
ojai 1 * ט
m »
m
| |E p e s o . C e r Apply Save
▼ xrsin. la
Time
Source
81 14.2268530 10.0.0.10
85
85
87
83
89
90
91
92
93
94
95
Dsiain
etnto
10.0.0.11
P otocol Length I f
r
no
•
*
TCP
66 57281 > http [SYN] Sec
14. 9489030 Del 1_c3:c3:cc
Broadcast
15.4810940 1 0 .0 .0 .1 0
1 0.0.0.255
15.4812800 fe80: : 38aa: 6390 : 554 f f 02: :1:3
15.4813280 10.0.0.10
224.0.0.252
15. 9012270fe80: :38aa:6390:554ff02: :1:3
15 9013020 10.0.0.10
224.0.0.252
15 9494970 De11_c3:c3:cc
Broadcast
16 2313280 10.0.0.10
10.0.0.255
16 9962120 10.0.0.10
10.0.0.255
17 7675600 f p80 : : 38aa : 6390 :5 54 f f 0?: :1 7
18 4547800 D e l1 _c 3 :c3 :c c
M icro sof_a8 :7 8 :0 5
ARP
NBNS
llnnr
LLNNR
LLNNR
llnnr
ARP
NBNS
nbns
DHCPv6
ARP
42 who has 10.0.0.13? Te
92 Nam query NB W
e
PAD<00>
84 standard query 0xfe99
64 stardard query 0xfe99
84 Stardard query 0xfe99
64 stardard query 0xfe99
42 who has 10.0.0.13? T€
92 N e query NB wpad<
am
00>
92 N e query NB WPAD<00>.
am
157 S o lic it XTD: 0xa QQ84 C
42 who has 10.0.0.11? T€
w Frane 1: 42 bytes on wire (336 bits). 42 bytes captured (336 bits) on interface 0
• Ethernet I I , src: De11_c3:c3:cc (d4:be:d9:c3:c3:cc), Dst: Broadcast ( f f : f f : f f : f f : f f : f f )
E Address Resolution Protocol (request)
0000
0010
0020
f f f f f f f t f t f f d4 be
0800 06 04 00 01 d4 be
0000 00 00 00 00 Oa 00
d9 c3 c3 cc 08 06 00 01
d9 c3 c3 cc Oa 00 00 Oa
00 O
d
FIG U R E 26: Wireshark window
DoSHTTP can be
used simultaneously on
multiple clients to emulate
a Distributed Denial of
Service (DDoS) attack.
12. Y o u see a lo t o l H T T P p a c k e ts are flo o d e d to d ie h o s t m ac h in e .
13. D o S H T T P u se s m u ltip le a s y n c h ro n o u s so ck e ts to p e rf o rm a n H T T P flo o d
ag ain st d ie e n te re d n e tw o rk .
L a b A n a ly s is
A n a ly z e a n d d o c u m e n t d ie resu lts re la te d to d ie lab exercise.
T o o l/U tility
I n f o r m a tio n C o ll e c te d / O b j e c ti v e s A c h ie v e d
D oSH TTP
P L E A S E
T A L K
H T T P p a c k e ts o b s e r v e d flo o d in g th e h o s t m a c h in e
T O
Y O U R
I N S T R U C T O R
R E L A T E D
T O
T H I S
I F
Y O U
H A V E
Q U E S T I O N S
L A B .
Q u e s t io n s
E v a lu a te h o w D o S H T T P ca n b e u se d sim u lta n e o u sly o n m u ltip le clients
a n d p e rfo rm D D o S attacks.
C E H Lab Manual Page 713
Ethical Hacking and Countemieasures Copyright © by EC-Council
All Rights Reserved. Reproduction is Stricdy Prohibited.
- 13. M odule 10 - D enial o f S e rv ic e
2.
D e te rm in e h o w y o u c a n p re v e n t D o S H T T P attack s 0 11 a n e tw o rk .
In te r n e t C o n n e c tio n R e q u ire d
□ Y es
P la tfo rm S u p p o rte d
0
C E H Lab Manual Page 714
C la s s ro o m
0 !L a b s
Ethical Hacking and Countermeasures Copyright © by EC-Council
A ll Rights Reserved. Reproduction is Stricdy Prohibited.