How to Launch a DoS/DDoS Attack
In addition to the various other methods of hacking, comes launching “Denial of Service” attacks. One person can do quite a lot of damage but when many people use many computers this can cause irreparable damage to a website’s server(s). You may have seen past incidents of this such as when the CIA’s official website was brought down by Anonymous. This is DDoS where the extra D stands for Distributed. I’m going to be showing the steps on how to launch one yourself, helping to put an end to malicious and false services, like MyPhoneSupport or AppleGear. In this post, I will be covering exactly how DoS attacks are performed and how to launch one yourself.
Disclaimer: I’ve seen quite a few questions regarding how to launch DoS (Denial of Service) attacks properly. Before I go over the steps to do this I’d like to note that attacking someone’s network or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone’s who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular DoS attackers (Anonymous) have either been or currently are in Federal prison. In regards to scambaiting, the hobby where one attempts to annoy, waste time, and possibly take down scammers, DoS-ing is in the grey area. If ever brought to legal circumstances, the decision could go either way, in favor of the scammer hacker or the scammers. Worst case scenario, you could both go to prison, especially if you don’t cover your tracks correctly. Nor I or dizzie.org shall be responsible for your actions. So after reading this, if you would still like to proceed I have conveniently listed 10 steps that need to be done in order to successfully launch your own Dos or DDoS attack.
Step 1
You need to find the IP address of the website you are targeting. The simplest way to do this is to open your command prompt (Windows) or terminal (Mac & Linux).
Step 2
Type ping “websitename” excluding the quotation marks and replace websitename with your target site. There is no need to type www or http. Just the domain name and .com or .org, etc. Technically you could manually send the ping request over and over again but that would have little effect and really just waste your time at the end of the day. So we need something that can send a lot of pings in a very short amount of time.
Step 3
You should see that packets were sent (Probably around 4). If you see that they were received this means there are no connections issues which is good. You will also see the IP address of your target site.
Step 4
Now you will want to download and use or install a DoS tool. There are quite a few options.
Step 5
If you opt for portability use go to SourceForge and download LOIC (Low Orbit Ion Cannon). Just type in the info and start the process and you can watch as tons of request are sent.
Download
https://github.com/NewEraCracker/LOIC
My favorite DoS tool is the OWASP HTTP Post tool, SwitchBlade which is a very light, portable, and useful program for launching attacks quickly on Windows.
Windows 7 and above
https://samsclass.info/123/proj14/HttpDosTool4.0.zip
Windows Server
https://samsclass.info/123/proj14/HttpDosTool3.6.zip
Step 6
Once downloaded, extract and go in to the folders directory. Look for the file called gui.
Step 7
Once opened, you will see a minimally designed interafce listing attack configuration options.
Step 8
For testing purposes I recommend a setup that follows these guidelines.
Slow Headers
URL: The website or IP address
Connections: 40000
Connection Rate: 10
Timeout(s): 100.00
Random unchecked
Leave User Agent at default
Check diagnostics
Step 9
Click the Run attack button and watch as the site is flooded with your request. When you are done, just stop the attack and there you go. You have now officially launched a Denial of Service attack. If you feel as if the attack is not strong enough, increase the request rate and bring in some friends to launch their own attacks. You’ll be surprised what may happen next time you attempt to access the target website.