Find us on Google+ Bypass The Security: September 2014

Sunday, 28 September 2014

DoS Attack (Ping Flooding)

DoS Attack (Ping flooding)


Introduction

I got all excited when I learned to ping flood (Denial of Service) someone for the first time. The thought of having the power to slow someone’s network speed down is thrilling. I got D@rkGh0st to come over to my place so we could do the attack together. So he set himself up on one PC while I set my Laptop and my other PC up for a DoS attack. He started playing an online game and I told him I’d be ping flooding him. So I set my commands up and pressed enter. As I turned around to see the results, I could see his ping shoot up to 3500 from a comfortable 200.
The night after I decided to ping flood my actual router. This produced some scary results; I could not connect to any site what so ever, all it took was three simultaneous ping floods from one computer.
Now I know DoS attacks are illegal, so that’s the reason I experimented on my own PCs. Going from having 200 ping to 3500 ping in a game that hardly consumes much bandwidth is quite a significant response considering I only used a Botnet of 2 computers. If you think about it, one could potentially grind a network to a halt with a Botnet of about 20 PCs. It’s scary to think what someone could do with very little knowledge.
Moving along. When someone is armed with knowledge and the knowledge of C++ and Sockets, they become very, very, very dangerous people, they also become very sloppy people. Someone who just learns this information will most likely go out and create a bot and get themselves caught immediately. So I do advise that you (The reader) do not attempt this on any computer that you don’t have permission to DoS attack.

What is a DoS attack?
A DoS (Denial of Service) is an attempt to make a computer’s resources unavailable to its user. A DoS attack comes in many shapes and forms, and it can also have sub motifs. A DoS attack can disable a computer and its networks if carefully planned and executed. It can be mounted from anywhere to anywhere, at anytime, anyhow. There are so many variables one can put on DoS attacks.
Usually an attacker does not use his/her own computer. They would create what’s called a Botnet (A hive of computers) in which he controls (Remotely through use of trojans) and would direct them towards one machine. To explain this efficiently,  it’s sort of like taking a magnifying glass (1 computer) and trying to light a wet piece of tinder, it’s not going to burn, but when a whole lot of them (Botnet) are focused on it, it will burn. In this way, the hacker can anonymously control multiple computers to attack one target to bring it down. The attacker would also use Tunneling and IP Spoofing to camouflage his identity.

What is a Ping Flood?
In this tutorial we will be focusing on a type of attack called a Ping flood. Ping flooding is the most primitive form of DoS attacks because anyone can do it extremely easily. When a targeted computer is under a ping flood attack, what happens is the computer’s network  becomes backed up, trying to keep up with ping requests. Each time the server receives a ping request it has to compute it then send a reply with the same amount of data, ping flooding is when the attacker floods the server with ping requests and the server has to compute tons of requests every split second, which takes up a lot of resources.

Typical botnet hierarchy of a hacker

Why am I doing this tutorial?
First let me start by explaining something; When ping flooding from your own computer, you’re basically attacking yourself too unless you use IP Spoofing. The reason I’m doing a tutorial on this is because I think people should know how someone could easily attack a system and take its network offline. There is another reason; One computer will not be sufficient enough to bring a system to a halt, so there is no harm in sharing this information.
There is an upside and a downside to knowing how to ping flood. The upside is, you know what it is and how to do it, the downside is that it’s completely useless unless you know how to make a Botnet. Yet you CAN use this to attack a local network I suppose, but just remember to only attack computers you have permission to attack.

Ping flooding 101
In this tutorial I will be teaching you these types of DoS attacks:
1.     Targeted local disclosed ping flood (Known IP Addy)
2.     Router disclosed ping flood
3.     Blind ping flood (Unknown IP Addy)


1.   Targeted local disclosed ping flood
A targeted local disclosed attack is when you know the IP Address of the target connected to the network and you attack it directly.
Alright, so you want to ping flood a single computer. First off we need to make sure we are indeed connected to it, start up command prompt (Start->All programs->Accessories->Command Prompt) and type in:
ipconfig
The dos screen will run a few numbers down the screen and will stop. What we are looking for is a local IP address we can attack. Look for an entry called IPv4 Address.

Results for ipconfig, highlighted text is what you need
If you do not get something like this then you are not connected to any network. If you are in fact connected then note this number down because this is the IP Address we will be needing to attack from the other computer. No we are going to directly attack your target (The computer you are on) so go to the other PC and open command prompt and type this in:
ping *ip address here* -t -l 65500
Use the IP address you noted from the other PC and replace the *ip address here* with that IP address. You will see the prompt start Pinging the computer you specified. Now you are actually ping flooding the target. Hurray! Your very first ever DoS attack! Give yourself a pat on the back. As you can see, this was not difficult at all.

Attacking an IP Address
To understand the command properly here’s the argument breakdown: The -t specifies that it keeps pinging the host until it times out (Disconnects or until you stop it). -l specifies the load you want to send, so we are sending 65500 bytes to the host every ping. That’s quite a lot of data to handle, the usual default ping size is 32 bytes.
If you take a look at the PC that’s being attacked, you will notice a rather significant increase in activity and decrease in speed. If you check the task manager, you will see your network activity will have increased.

The effects of a ping flood in action
You must also remember that what ever load you are wanting to put on the target computer, you will also be putting on your computer, so attacking a stronger computer will only end up in a fail. Also another thing to note that if attacking over Wireless, it’s less likely to have a strong effect compared to LAN.

2.   Router disclosed ping flood
A router disclosed ping flood has the same fundamentals as a  targeted one, except you target routers and not a computer. When you ping flood a router you compromise the network that it’s hosting. If there are about 20 computers connected to one router and the router is DoS attacked, the 20 computers will not be able to communicate with each other or to the router.
It has the same procedure as the targeted flood, except you need to know the internal IP Address for the router. To get the IP Address of your local router, you use the same procedure as a targeted flood. Open Command Prompt and type:
ipconfig
We need the Default Gateway, this is the local IP Address for the router.

Now use the same process you used to flood the targeted computer, use it on the router, like this:
ping 192.168.1.1 -t -l 65500
Replace the IP Address I got with the IP you got. Generally the IP Addy from your router will be 192.168.1.1 as most routers ship with it set as the default internal IP Address. When you hit return, you will see the command screen now pinging the router with 65500 bytes each ping. This is the most basic attack anyone can do to any target, whether it be a router or direct computer attack. When targeting a computer on a network through a switch or router, generally the router/switch will take the brunt of the attack and could cause it to crash, resulting in a hard reset.

3.   Blind ping flood
A blind attack of any kind is when the attacker does not know the IP Address of his target, so he uses technique to uncover them through external programs. We will be using Cain and Abel to retrieve an attackable list of IP Addresses. I will be covering how to use Cain and Abel to find IP Addresses connected to your network.


Journey of IP Packet

The Journey of An IP Packet in a Local Network


THE JOURNEY OF AN IP PACKET IN A LOCAL NETWORK
This is a good time now to discuss what exactly happens in journey of an IP packet, typically we can say
what happens when we PING an IP Address, or in a Network Communication process. In this Post, we
are going to discuss what happens in a Locally in Local Network.

Lets say Bob and Sally, they are sitting in a company, and both of them are connected to the same network, or same broadcast domain.
Lets say Bob’s PC has an IP address 10.0.0.5/8 and Sally has got 10.0.0.10/8. Both of them are in the same network, connected by a Switch, and Bob sitting in his own cabin tried to ping Sally who is her own different cabin, so Bob opened up his command prompt and typed C:\ping 10.0.0.10
Now lets see what happens in this ping process…

1.     When Bob pinged, ICMP creates an echo request payload.
2.     ICMP hands that payload to IP, which creates a packet. This packet contains Source IP Address,Destination IP address and a protocol field, which tells the receiving host whom it should hand the payload to, in this case ICMP.
3.     Once the packet is created, IP determines whether the Destination IP is on a remote network or local network, in this case local network.
4.     On a local network, hosts communicate with MAC address, now the packet is created, Bobs PC would check the ARP cache to find if Sallys MAC address is known. If known its good, the packet is handed to Data Link Layer where a frame would be created and the Source MAC address would be the MAC address of Bob and Destination MAC address would be Mac address of Sallys PC.
In this we will assume that Bob dsnt know the MAC address of Sally, so here is what will be done now, Bob would send an ARP request which is a Broadcast. On the Local Network, it says “Hello Everyone, I am looking for the MAC address of Sally, whos IP address is 10.0.0.10 and my MAC address is xc.xc.xc.xc.xc.xc”, Switch hears the broadcast, and sends this broadcast to everyone, in this process, Switch learns that Bob is connected to, lets say fastethernet 0/0 on its interface, and then Switch sends the broadcast out to all active interface, Sally PC gets the broadcast message and says “Hey ,I am Sally, and my IP address 10.0.0.10, here is MAC Address aa.bb.cc.dd.ee.ff” Sally’s replies to the broadcast of Bob through the Switch, in this process Switch again learned that Sally is connected to, lets say fastethernet 0/1 on its interface, and all other devices that were on the networks drops the broadcast, because it was not meant for them. So our Switch, being very smart, learned that Bob is connected to  fa0/0 and Sally is connected to f0/1.
5.     Bob’s PC learns that MAC address of Sally is aa.bb.cc.dd.ee.ff, and stores this information in its ARP cache.
6.     Now that bob has learned sallys MAC address, in next ping, after the packet is created with Source and Destination IP, the packet is handed down to Data Link Layer, and a Frame is created with Source and Destination MAC Address, with an ether-type field(protocol), which is here IP, and at the end an FCS field is added to the frame.
7.     The Frame is handed down to the Physical Layer to put on a physical medium, which is a Straight-through cable.
8.     The Frame is received by the Switch on its F0/0 port, Switch checks the destination MAC Address(Sally), and checks its CAM Table, it knows on which port Sally is connected from its CAM table which is fa0/1.
9.     Switch sends the frame out through fa0/1, Sallys PC recieves the Frame, on receiving the frame it runs a CRC and matches the result with the FCS field on the frame, then it checks the destination MAC address of the frame, which was Sallys MAC address, next the Ether-type field is checked to determine whom to hand the packet at the network layer, in this case IP.
10.  Network Layer check the detination IP address, which was Sallys IP address, next the protocol field is checked to determine whom the payload should be handed, in this case ICMP.
11.  The Payload is handed to ICMP, which understands that its an echo request. ICMP responds to this immediately discarding the packet and generating a new payload as an echo reply.
12.  In this same way, the echo reply is sent to Bob. But while Sally replying to the echo request, Sallys PC changes the Source and Destination IP Address, where Sally is the Source and Bob is the destination.
13.  Bob recieves the reply, and the second reply is a success.
14.  The same process continues for two more times, with a success.

So this is how a PING works on a local network.


Backtrack Common Commands

Backtrack 5 Common Commands [Basic]

Backtrack 5 build under Linux machine so the commands is same as the other Linux OS (Ubuntu, Debian, Fedora, Linux Mint, etc). If you are using Linux before you won't difficulty using Backtrack 5. But if you are a newbie / beginner on Linux world and want learn about Backtrack here are some Backtrack 5 Basic Command.

The default username/ password of Backtrack is root/toor but if you want to change the password you can run this command and type your new password.
passwd



Now the common commands of installing a program
apt-get install <package>
Downloads <package> and all of its dependencies, and installs them.

apt-get remove [--purge] <package>
Removes <package> and any packages that depend on it.

apt-get update
Updates packages listings from the repo.

apt-get upgrade
Upgrades all currently installed packages.

apt-get dist-upgrade [-u]
Similar to apt-get upgrade, except that dist-upgrade will install or remove packages to satisfy dependencies.

apt-cache search <pattern>
Searches packages and descriptions.

apt-cache show <package>
Shows the full description about the package.

apt-cache showpkg <package>
Shows a lot more detail about package.

man apt

Give more info on these commands. Man command shows the manual page of command