How to Launch a DoS/DDoS Attack
In addition to the various other methods of hacking, comes launching "Denial of Service" attacks. One person can do quite a lot of damage but when many people use many computers this can cause irreparable damage to a website's server(s). You may have seen past incidents of this such as when the CIA's official website was brought down by Anonymous. This is DDoS where the extra D stands for Distributed. I'm going to be showing the steps on how to launch one yourself, helping to put an end to malicious and false services, like MyPhoneSupport or AppleGear. In this post, I will be covering exactly how DoS attacks are performed and how to launch one yourself.
Disclaimer: I've seen quite a few questions regarding how to launch DoS (Denial of Service) attacks properly. Before I go over the steps to do this I'd like to note that attacking someone's network or website without their permission is illegal in the United States and in most countries. In the U.S. it is technically only illegal when used with malicious intent, hence testing this on your OWN device or on someone's who has ALLOWED you is perfectly acceptable and legal. Because of the potential unethical uses, many popular DoS attackers (Anonymous) have either been or currently are in Federal prison. In regards to scambaiting, the hobby where one attempts to annoy, waste time, and possibly take down scammers, DoS-ing is in the grey area. If ever brought to legal circumstances, the decision could go either way, in favor of the scammer hacker or the scammers. Worst case scenario, you could both go to prison, especially if you don't cover your tracks correctly. Nor I or dizzieinc.com shall be responsible for your actions. So after reading this, if you would still like to proceed I have conveniently listed 10 steps that need to be done in order to successfully launch your own Dos or DDoS attack.
You need to find the IP address of the website you are targeting. The simplest way to do this is to open your command prompt (Windows) or terminal (Mac & Linux).
Type ping "websitename" excluding the quotation marks and replace websitename with your target site. There is no need to type www or http. Just the domain name and .com or .org, etc. Technically you could manually send the ping request over and over again but that would have little effect and really just waste your time at the end of the day. So we need something that can send a lot of pings in a very short amount of time.
You should see that packets were sent (Probably around 4). If you see that they were received this means there are no connections issues which is good. You will also see the IP address of your target site.
Now you have a few options. You can use an online DoS tool which is super easy but can be iffy or you can install one which gives you much more control and reliability. You can also set up a botnet but this will be on another post coming soon.
If you opt for online use go to LOIC Online which is one of the most popular online utilities out there. Just type in the info and start the process and you can watch as tons of request are sent. The only problem is that sometimes these request do not seem to work and there are no additional controls or options to adjust your attack. If this is not enough, in you will want to download a powerful DoS tool.
My favorite DoS tool is the OWASP HTTP Post tool, SwitchBlade which is a very light, portable, and useful program for launching attacks quickly on Windows.
Windows 7 and above
Once downloaded, extract and go in to the folders directory. Look for the file called gui.
Once opened, you will see a minimally designed interafce listing attack configuration options.
For testing purposes I recommend a setup that follows these guidelines.
URL: The website or IP address
Connection Rate: 10
Leave User Agent at default
Click the Run attack button and watch as the site is flooded with your request. When you are done, just stop the attack and there you go. You have now officially launched a Denial of Service attack. If you feel as if the attack is not strong enough, increase the request rate and bring in some friends to launch their own attacks. You'll be surprised what may happen next time you attempt to access the target website.