www.i4info.org

i4info Provides the best hacking Material. Latest hacking tutorials and tools are available here. It is the best place for hackers.

Latest topics

» BitCoin Wallet stealor New
Yesterday at 7:46 pm by Admin

» Muhammad Shahroze Rashid | Marketing Consultant
Yesterday at 1:48 pm by Admin

» Muhammad Shahroze Rashid | Sharp Mind, Sharp Innovations
Yesterday at 1:47 pm by Admin

» How to design an effective job ad
Yesterday at 1:45 pm by Admin

» Teen Patti Gold Hack & 3 Patti Chips Code Extra Bonus 2016
Tue Dec 06, 2016 4:38 am by shoytan er lara

» Content Marketing | Promotional Video
Fri Dec 02, 2016 2:45 pm by Admin

» How to start an Online Business | Complete Guide
Fri Dec 02, 2016 2:30 pm by Admin

» Zeeshan Bhatti
Wed Nov 30, 2016 3:18 pm by Admin

» USAA letter for scam page
Tue Nov 29, 2016 4:20 am by Hardyjsh1966

December 2016

MonTueWedThuFriSatSun
   1234
567891011
12131415161718
19202122232425
262728293031 

Calendar Calendar

Affiliates


free forum

Forumotion on Facebook Forumotion on Twitter Forumotion on YouTubeForumotion on Google+

Visitors Counter


Flag Counter

About Author

Muhammad Shahroze Rashid
i4info
Web Developer
Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Auditor, a keen Security researcher.
samanabad
lahore, Punjab
54000
Pakistan
[email protected]
03064904829
DOB: 05/25/1992
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid is a Web Developer and Designer, Android Developer, InfoGrapher, IT consultant and Researcher
Reviewed by Google
Google
Date published: 01/19/2016
9 / 10 stars
Muhammad Shahroze Rashid
Muhammad Shahroze Rashid Web Developer & Designer,Researcher and Technical writer. An Information Security Consultant and System Audito
samanabad
lahore
Punjab
54000
Pakistan

How to use amp attack scripts, basic info. [Spoofable hosts included]

Share

Admin
Admin

Posts : 455
Reputation : 5
Join date : 2014-12-10
Age : 24
Location : Pakistan

How to use amp attack scripts, basic info. [Spoofable hosts included]

Post by Admin on Fri Jan 02, 2015 7:53 pm

What you need:
Spoof enabled Dedicated server or XEN/KVM VPS.
Any attack script: [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.] [You must be registered and logged in to see this link.]
Amp list made for the attack script.
CentOS 6/7

This was written by: Reece Leu

Spoof-enabled hosts list.
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.]
[You must be registered and logged in to see this link.] (CDN SERVERS ONLY)

What is server amplification/spoofing?
These amplification scripts allow the server to send a request to an IP in the
amplification list which then reponds. It basically tells the IP/Server in the
amplification script to send information to the target. It does this rapidly
resulting in a mass-flood of packets. Hence the "Amplification" name.
Yes this is a basic explanation and isn't the same for every attack script.

- Install the dependencies.

Code:

yum -y install gcc make php libpcap-devel libpcap libcap dstat screen


The basics


- You will want to purchase a server and install CentOS 64-bit onto it.
- Download the program called PuTTY to connect to your server.
- Connect to the server through PuTTY.
- Use an FTP Client to connect to your server to upload files.- How to compile attack scripts:
Note* Change the attackscript.c to your attack scripts name.


Code:
gcc -pthread attackscript.c -o attackscript


- How to use attack scripts:


Code:
./attackscript


- After running that command, it will give you parameters to enter. As an example below I will be using the SSDP script.

Code:

./ssdpattack
Invalid parameters!
Usage: ./ssdp <target IP> <target port> <reflection file> <throttle> <time (optional)>
./ssdpattack 1.1.1.1 80 ssdpamplist.txt 2 100


Note* The throttle in this case is the amount of threads. Time of course is in seconds.

Amplification lists are needed depending on the attack scripts you would like to use. If you'd like to create your own amplification lists please click: [You must be registered and logged in to see this link.]



How to check if your server spoofs.


- Make sure you install the dependencies above.
- Purchase a cheapo VPS that doesn't have spoofing enabled.
- Open 3 PuTTY sessions, 2 connected to the spoof enabled server and 1 connected to the non-spoof enabled cheapo VPS.- Run DSTAT on the non-spoof enabled server & on 1 of the spoofable servers.

Code:

dstat


Note* Your screen should look like this: (I am using MTPuTTY which is essentially the same with multiple tabs.)

[Image: 5bXuArP.png]

- Upload the attack script & amplist to the spoof-enabled server.
Note* In this case I will be using the SSDP attack script & amp list.

- Attack the non-spoofable server using the spoofable server not running dstat.

Code:

./ssdpattack 1.1.1.1 80 amplist.txt 2 10


- Watch the DSTAT on both servers. This is what you should see.
Note* If you do not see any incoming packets on your non-spoofable server but you attack server is sending packets. You either are hitting the wrong IP or your attack server does not spoof. If you dont see any packets being sent from your attack server, yours server does not spoof.

[Image: uggzJYW.png]

There you go! Enjoy your servers.



How many threads you should use.

\This question is asked a lot. Well here is a simple explanation.

You will want to use as many threads as you can until your server stops sending
out any more packets but you also want to use the least amount of threads
to do this.- Here is an example:
Using 2 threads my server sends 8000KBps. My CPU usage is at 10% used.
Using 4 threads my server sends 10MBps. My CPU usage is at 18% used.
Using 8 threads my server sends 10MBps. My CPU usage is at 25% used.
Using 10 threads my server sends 10MBps. My CPU usage is at 30% used.

I will want to use 4 threads as the server sends 10MBps but the CPU usage is the lowest.

- How to check the CPU usage on dstat.
Note* I was using the SSDP attack script with 20 threads.

[Image: cJ42ikY.png]

Hope you enjoyed this little lesson on threads.



More information:
- If you need help, post below.
- Yes this tutorial is for the real big noobs.
- I'll be adding more to this thread as I go.

This is for educational purposes only.
Leave a thanks if you enjoyed my tutorial. Have fun, be safe.
Don't take the candy.

    Current date/time is Thu Dec 08, 2016 10:48 am