Josh_Hacking

Lesson
Detailed Info

Denial of Service - HTTP

Now fire up the Kali Linux machine and clone or download Xerxes on the Desktop. The desktop is the recommended location for Xerxes.

The commands I used are-

cd Desktop

git clone https://github.com/zanyarjamal/xerxes.git

The file is very small in size. After completing the download, navigate to the Xerxes folder by the commands-

cd Xerxes

The extension of the Xerxes script telling us that it is written in C language and we must compile before we use it. Let's go ahead and compile it using the command-

gcc xerxes.c -o xerxes

Here, I used the GNU compiler to compile it made an executable as 'xerxes'. Now navigate to the Xerxes folder. Xerxes can be taken in use for both website and machine You just need the name of the website or server or the IP address of a machine to perform the attack.

I will test it on my Metasploitable2 virtual machine because the Metasploitable2 have a web server with a few vulnerable frameworks. Let's execute Xerxes on it. The command I took in use-

./xerxes 192.168.43.198 80

Change the IP address with yours and the '80' is the port. Don't get confused.

Okay, Xerxes started sending botnets and if we refresh the Metasploitable 2 web server, it seems Xerxes took it down.

If you are testing it in your own environment, no need to hide. And also I am not telling you to attack others anonymously.

But if we see from the eye of a professional hacker, his first and most important step would be anonymous before starting the attack.

Now fire up the Kali Linux machine and clone or download Xerxes on the Desktop. The desktop is the recommended location for Xerxes.

The commands I used are-

cd Desktop

git clone https://github.com/zanyarjamal/xerxes.git

The file is very small in size. After completing the download, navigate to the Xerxes folder by the commands-

cd Xerxes

The extension of the Xerxes script telling us that it is written in C language and we must compile before we use it. Let's go ahead and compile it using the command-

gcc xerxes.c -o xerxes

I will test it on my Metasploitable2 virtual machine because the Metasploitable2 have a web server with a few vulnerable frameworks. Let's execute Xerxes on it. The command I took in use-

./xerxes 192.168.43.198 80

Change the IP address with yours and the '80' is the port. Don't get confused.

Okay, Xerxes started sending botnets and if we refresh the Metasploitable 2 web server, it seems Xerxes took it down.

If you are testing it in your own environment, no need to hide. And also I am not telling you to attack others anonymously.

But if we see from the eye of a professional hacker, his first and most important step would be anonymous before starting the attack.

A Denial-of-Service (DoS) attack is an attack meant to shut down a machine or network, making it inaccessible to its intended users. DoS attacks accomplish this by flooding the target with traffic, or sending it information that triggers a crash. In both instances, the DoS attack deprives legitimate users (i.e. employees, members, or account holders) of the service or resource they expected.

Victims of DoS attacks often target web servers of high-profile organizations such as banking, commerce, and media companies, or government and trade organizations. Though DoS attacks do not typically result in the theft or loss of significant information or other assets, they can cost the victim a great deal of time and money to handle.

There are two general methods of DoS attacks: flooding services or crashing services. Flood attacks occur when the system receives too much traffic for the server to buffer, causing them to slow down and eventually stop. Popular flood attacks include:

Buffer overflow attacks – the most common DoS attack. The concept is to send more traffic to a network address than the programmers have built the system to handle. It includes the attacks listed below, in addition to others that are designed to exploit bugs specific to certain applications or networks
ICMP flood – leverages misconfigured network devices by sending spoofed packets that ping every computer on the targeted network, instead of just one specific machine. The network is then triggered to amplify the traffic. This attack is also known as the smurf attack or ping of death.
SYN flood – sends a request to connect to a server, but never completes the handshake. Continues until all open ports are saturated with requests and none are available for legitimate users to connect to.

Other DoS attacks simply exploit vulnerabilities that cause the target system or service to crash. In these attacks, input is sent that takes advantage of bugs in the target that subsequently crash or severely destabilize the system, so that it can’t be accessed or used.

Download or clone from https://github.com/zanyarjamal/xerxes.git Install it in your kali linux or in your windows