Kali Linux

How to Perform DDOS Attack on Kali Linux

How to Perform DDOS Attack on Kali Linux

Denial-of-Service Attack, commonly referred to as DDOS attack, is a type of malicious attack that is used to disrupt the traffic of a target server, service or network. This type of attack is performed by overwhelming the server with a flood of internet traffic, preventing legitimate users from accessing the target resource. Though using DDOS attacks is illegal and harmful, understanding the basics of how it is done is crucial for beginners who have recently started using the Kali Linux system. Performing DDOS attack on a server will help you in checking the efficacy of the website against such type of attack. With the right amount of knowledge, the users can protect their servers from such attacks in the future.

This article is presented for educational purposes, providing you with the right amount of guidance to perform DDOS attacks on Kali Linux systems.

How to Perform DDOS Attack on Kali Linux

There are multiple tools available for performing DDOS attacks on Kali Linux and checking the efficacy of the website, some of the widely used one are:

How to Perform DDOS Attack on Kali Linux Using Slowloris

Slowloris is an open-source tool available in the official Kali Linux repository that allows you to perform a DDOS attack. This tool is written in Python programming language and helps you in taking down another machine’s web server from another machine.

To install and use Slowloris on Kali Linux for performing DDOS attacks, follow the below-given steps:

Step 1: Install Slowloris on Kali Linux

First, you have to install Slowloris on your Kali Linux system through the apt repository using the below-given command:

sudo apt install slowloris -y

Step 2: Start Apache Service on Kali Linux (Optional)

This step is optional since we are going to block our Apache server to ensure DDOS attack is successfully performed. You can skip it if you want to perform a DDOS attack on some other server.

The Apache service can be started on Kali Linux system from the following command:

sudo systemctl start apache2

Step 3: Check Apache Service Status on Kali Linux (Optional)

This step is optional too because here we are going to check whether Apache service is running on Kali Linux system, it can be done using:

sudo systemctl status apache2

Step 4: Load the Apache Web Server on Browser (Optional)

To ensure Apache web server is running, navigate to any system browser and use the IP address of your Kali Linux system to access the server:

You can find your Kali Linux IP address from the hostname command given below:

hostname -I

Step 5: Perform DDOS Attack on Server

Now, to perform the DDOS attack on a server with Kali Linux, you can use the below-given syntax:

slowloris -p port -s socket_count -v target_IPaddress

Where -p specifies the port number, -s is for socket count used in the attack and -v enables the verbose mode (printing more information). It should also be noted that the more sockets are, the more connections the attackers can open with the server.

Here, I am going to block my target IP address 192.168.221.141 using port number 80, socket count as 1000:

slowloris -p 80 -s 1000 -v 192.168.221.141

Once you run the attack, you can go back to the browser to ensure the service is down after performing the DDOS attack.

Here, I have added the screenshot after performing the DDOS attack, where page is loading for a longer time, which ensures the attack is performed successfully on the server:

How to Perform DDOS Attack on Kali Linux Using slowhttptest

slowhttp test is another command line tool that you can use to stimulate various DDOS attacks on the server. You can use this tool to test the efficacy of a server against different types of attacks including the infamous Slowloris attack. To perform DDOS attack on Kali Linux using slowhttptest, use the following steps:

Step 1: Install slowhttptest on Kali Linux

First, install slowhttptest on your Kali Linux system from the apt repository through the following command:

sudo apt install slowhttptest -y

Step 2: Perform DDOS Attack Using slowhttptest

To perform DDOS attack on Kali Linux using slowhttptest, you can follow the below-given command:

slowhttptest -c 1000 -H -g -o slowhttp -i 10 -r 200 -t GET -u http://192.168.18.122/ -x 24 -p 3

Here in the above command:

  • -c 1000 is the target number of established connections during the test.
  • -H uses the Slowloris mode by sending unfinished HTTP requests.
  • -g is used to generated statistics with socket state changes
  • -o slowhttp will save the output of the test.
  • -i is the interval between follow up data in seconds.
  • -r 200 is the connection rate per seconds, which is 200 in this case
  • -t GET explicitly sets the HTTP method to GET.
  • -u http://(link to the website) is the URL address of the target, change it accordingly.
  • -x 24 max length of each randomized name.
  • p 3 is the number of parallel requests per seconds, which is 3 in this case.

After you execute the above command, it will send a large amount of traffic to the given IP address with a short delay, thus overloading the target source.

To check whether the DDOS attack is successfully performed on the given target you can verify by loading the target address. Here, I have performed DDOS attack on IP address 192.168.18.122. By loading the server, it will refuse the connection during the attack, which ensures that attack is successfully performed on the target server address.

Note: Besides Slowloris and slowhttptest, you can also install and use tools Goldeneye, and dsniff to check the efficacy of a website against the DDOS attack.

Conclusion

Performing DDOS attacks on a server is illegal and should be done with extreme caution and under strict ethical guidelines. There are multiple tools that can help you perform DDOS attacks on Kali Linux and check the efficacy of a server. Here, in this guide, we have discussed two widely used tools called Slowloris and slowhttptest to perform DDOS attacks on a web server. The web server will fail to load if DDOS attack is performed and if it has the efficacy, it will load normally even with a high amount of HTTP requests.

Similar Posts