Using Metasploit to SYN Flood a Target Host
TCP sessions are used for creating a connection with the use of a three-way handshake method. Here, the source will send a SYN packet to the destination. When the destination finds the SYN packet, it responds with a SYN/ACK packet as a confirmation.
Hackers can take advantage of the three-way handshake mechanism in a SYN attack. The false TCP SYN request is now sent by the hackers to the victim server. The hackers never transmit the ACK response in the event that the server responds. The victim server in this instance keeps watching for the connection to finish.
In this practical, you will learn how to spoof the IP address of the target machine and perform SYN flooding.
- Launch WireShark app. If you see the Network screen, click on Yes.
- When the Wireshark window opens, double-click on the network adapter available (here, Ethernet). Keep the app running. If you see the Wireshark Software Update pop-up, click on Remind Me Later.
- Click on the Kali Linux link.
- Click on the Terminal icon from the Favorites.
- Here, we will do SYN flooding on Windows 10 through port 21. Check whether this port is open or not using nmap. Write nmap -p 21 [IP Address of Windows 10] and press Enter.
In this lab, the IP address of Windows 10 is 10.10.10.10. Nmap is showing that the port is open. In case you see that the port is closed, check the other ports.
- Now, write msfconsole and press Enter. It will open msfconsole.
- Write use auxiliary/dos/tcp/synflood in the msfconsole and press Enter. It will launch the synflood modules.
- Check which module options can be configured to start the DoS attack.
Write show options and press Enter. It will show you all the options related to the auxiliary module.
- In this lab, let’s do SYN flooding on port 21 of Windows 10 by spoofing the Kali Linux IP address.
Write the below commands:
- Write set RHOST [Windows 10’s IP] and press Enter.
- Write set RPORT 21 and press Enter.
- Write set SHOST [Windows Server 2016’s IP] and press Enter.
- Write set TIMEOUT 20000 and press Enter.
- The aim of setting SHOST to the IP address of Windows Server 2016 is to spoof the Kali Linux’s IP address.
In this lab, the IP address of Windows Server 2016 is 10.10.10.16 and Windows 10 is 10.10.10.10.
- Now that the auxiliary module is configured, you can start the DoS attack on Windows 10. Write exploit and press Enter.
- Click on the Windows 10 link to open the Windows 10 machine. Check the Wireshark window.
- Wireshark will show the traffic coming from the machine. To see the TCP packets, write tcp.port == 21 and click on Apply this filter string to the display. It will show you the source IP address of the Windows Server 2016. It means that the IP address has been spoofed.
- Open Task Manager on the system and click on Performance. Wait for a few seconds. You will see a drastic rise in the CPU usage, representing the progress of the DoS attack. If the attack continues for some time, it will exhaust all the resources of the system.
Close the windows open in Windows 10 and return to Kali Linux.
- Press Ctrl+C and it will stop the attack.
- Once you have completed the practice, close all the apps and files you opened.
Using HOIC to Perform DDoS Attack
In this practical, let’s learn how to perform a DDoS attack and HTTP flooding.
- Go to Module 10 Denial-of-Service\DoS and DDoS Attack Tools and copy-paste the High Orbit Ion Cannon (HOIC) folder on Desktop.
- Open Windows 10.
- Go to Module 10 Denial-of-Service\DoS and DDoS Attack Tools and copy-paste the HOIC folder on the Desktop.
- Open Windows Server 2016 and then open the HOIC folder. From here, double-click on hoic2.1.exe.
- When the HOIC GUI shows up, click on ‘+’ icon under TARGETS.
- It will open the HOIC – [Target] pop-up. Write the URL of the target machine in the URL field, set the power bar to High, and choose GenericBoost.hoic booster from the dropdown. Click on Add.
Here, we are using 10.10.10.11 as the IP address of Kali Linux.
- Keep the THREADS value to 20. For this, click on > until you get the desired value.
- Once the configuration of HOIC has been for three machines, go to each machine and click FIRE TEH LAZER!
- Open Kali Linux.
- Launch Terminal.
- Write Wireshark and press Enter.
- If you see an Error pop-up, click on OK.
- To initiate capturing, double-click on eth0.
- Check that Wireshark will begin packet capturing, which shows that the machine is seeing a massive number of incoming packets.
Leave the machine alone for 10 minutes before opening it again. The machine performance will get affected along with its responding time.
Here, we are using three machines for flooding but multiple machines can be configured for the same purpose.
Once the lab is complete, click on FIRE TEH LAZER and close the HOIC window. Also close the other open windows.