Just like most other things associated with hacking, a denial of service
attack is not everyone's cup of tea. It, however, can be understood if
explained properly. In this tutorial, I'll try to give you a big picture
of denial of service attacks, before I start using geeky terms like
packets and all that. We'll start at the easiest point.
That's it for this tutorial, we'll discuss the technical details of a practical denial of service in a later tutorial.
PS:
As suggested in the comments, this script will crash windows much faster-
If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-
What effect does a denial of service attack have
Wireless hacking usually gives you the password of a wireless network. A
man in the middle attack lets you spy on network traffic. Exploiting a
vulnerability and sending a payload gives you access and control over
the target machine. What exactly does a Denial of Service (DOS) attack
do? Basically, it robs the legitimate owner of a resource from the right
to use it. I mean if I successfully perform a DOS on your machine, you
won't be able to use it anymore. In the modern scenario, it is used to
disrupt online services. Many hacktivist groups (internet activists who
use hacking as a form of active resistance - a name worth mentioning
here is Anonymous) do a Distributed Denial of service attack on
government and private websites to make them listen to the people's
opinion (the legitimacy of this method of dictating your opinion has
been a topic of debate, and a lot of hactivists had to suffer jailtime
for participating in DDOS). So basically it's just what its name
suggests, Denial Of Service.
Basic Concept
It uses the fact that while a service can be more than sufficient to
cater to the demands of the desired users, a drastic increase in
unwelcome users can make the service go down. Most of us use the words
like "This website was down the other day" without any idea what it
actually means. Well now you do. To give you a good idea of what is
happening, I'll take the example from the movie "We Are Legion".
Scenario One : Multiplayer online game
Now consider you are playing an online multi-player game. There are
millions of other people who also play this game. Now there's a pool in
the game that everyone likes to visit. Now you and your friends know
that they have the power of numbers. There are a lot of you, and
together you decide to make identical characters in the game. And then
all of you go and block the access to the pool. You just carried out a
denial of service attack. The users of the game have now been deprived
of a service which they had obtained the right to use when they signed
up for the game. This is just what the guys at 4chan (birthplace and
residence of Anonymous) did a long time ago. This is the kind of thing
that gives you a very basic idea what a denial of service attack can be.
 |
| They made a Swastika and blocked access to the pool |
Scenario 2 : Bus stop
Now assume that due to some reason, you want to disrupt the bus service
of your city and stop the people from using the service. To stop the
legitimate people from utilizing this service, you can call your friends
to unnecessarily use it. Basically you can invite millions of friends
to come and crowd around all the bus stops and take the buses without
any purpose. Practically it is not feasible since you don't have
millions of friends, and they are definitely not wasting their time and
money riding aimlessly from one place to another.
So while this may seem impossible in the real world, in the virtual
world, you can cause as much load as a thousand (or even a million)
users alone at the click of a button. There are many tools out there for
this purpose, however, you are not recommended to use them as a DOS on
someone else is illegal, and easy to detect (Knock, knock. It's the police). We will, come back to this later, and do a DOS on our own computer.
How denial of service attacks are carried out
Basically, when you visit a website, you send them a request to deliver
their content to you. What you send is a packet. Basically, it take more
than just one packet, you need a lot of them. But still, the bandwidth
that you consume in requesting the server to send you some data is very
little. In return, the data they send you is huge. This takes up server
resources, for which they pay for. A legitimate view can easily earn
more than the server costs on account of advertisements, etc. So,
companies buy server that can provide enough data transfer for its
regular users. However, if the number of users suddenly increases, the
server gives up. It goes down. And since the company knows it under DOS,
it just turns off the server, so that it does not have to waste its
monetary resources on a DOS, and wait till the DOS stops. Now with the
modern computers and bandwidth, we alone can easily pretend to be a
thousand or even more users at once. While this is not good for the
server, it is not something that can make it succumb (your computer is
not the only thing that gets better with time, the servers do too).
However, if a lot of people like you do a DOS attack, it becomes a
distributed denial of service attack. This can easily be fatal for a
server. It's just like you go to a page, and start refreshing it very
fast, maybe a thousand times every second. And you are not the only one.
There are thousand others that are doing the same thing. So basically
you guys are equivalent to more than a million users using the site
simultaneously, and that's not something the server can take. Sites like
Google and Facebook have stronger servers, and algorithms that can
easily identify a DOS and block the traffic from that IP. But it's not
just the websites that get better, and the black hat hackers too are
improving every day. This leaves a huge scope for understanding DOS
attacks and becoming an asset to one of these sides ( the good, the bad
and the ugly).
A Live DOS on your Kali Machine
If you have Kali linux (The hackers OS- the OS of choice if you use this blog) the here's a small exercise for you.
We are going to execute a command in the Kali linux terminal that will
cripple the operating system and make it hand. It will most probably
work on other linux distributions too.
Warning : This code will freeze Kali linux, and most probably it will
not recover from the shock. You'll lose any unsaved data. You will have
to restart the machine the hard way (turn of the virtual machine
directly or cut the power supply if its a real machine). Just copy paste
the code and your computer is gone.
:(){ :|:& };:
The machine froze right after I pressed enter. I had to power it off from the Vmware interface.
What basically happened is that the one line command asked the operating
system to keep opening process very fast for an infinite period of
time. It just gave up.
Here's something for the Windows Users
Crashing Windows Using Batch file
Open a notepad. Put the following code in it-
:1
Start
goto 1
Save the file as name.bat
Bat here is batch file extension. Run it. Game over.
It basically executes the second line, and the third line makes it go
over to the first, execute the second, and then over to first again,
execute the second..... infinitely. So again, denial of service. All the
processing power is used by a useless command, while you, the
legitimate user, can't do anything.
PS:
As suggested in the comments, this script will crash windows much faster-
:1
bash name.bat
goto 1
If you look at the script carefully, it is quite easy to understand what it does. Everytime the script is executed, it does two things-
- Opens another instance of the same script
- Goes to the beginning of the script
So for every execution, the number of scripts slowing down your computer
doubles up. This means that instead of linear, the load on memory and
processor is now exponential (the script gets more and more dangerous
with time).
Posts
