How To Hack: DDos a Website Like a Pro on Windows (Misnomer?)

denied-resized-600First of all DDos means Distributed Denial Of Service attack. This means that services from the target box are being denied because of an influx of traffic. DDosing is where you spam a website or server with so much data that it forces them to close down for a short amount of time. Be warned though, if you have a bandwith cap then this will waste it within a minute, so only do this if you’re using an ISP with unlimited bandwith. P.S you will need quite a few computers to shut down websites, but you can at least lag them a bit. It may also be good for pranking a friend, if he has a minecraft server or something.

Step 1: Getting the Software

To DDos, first you’re going to have to get the software. The software we are going to be using in this tutorial is called Low Orbit Ion Cannon (abreviated LOIC) you can get this from HERE. Once you download the file, go ahead and extract it to your desktop.

Step 2: Targeting the Website

Now open LOIC (obvious, but I want the spiders to pickup more content from my site, so I am making this tutorial more than five words long, and things and stuff). When I opened it, my antivirus started whining about “Oylecann.A” Well, being naturally curious about whether I had unleashed a trojan on myself, I followed all of the “more info” links and found the following info at the Microsoft Malware Center:

HackTool:Win32/Oylecann.A

SummaryTechnical information
HackTool:Win32/Oylecann.A is a tool that may be used to send a flood of network packets, like TCP, UDP and HTTP, to a designated target.

What to do now
Programs designated as Hacktool are generally installed intentionally by a computer user. Deleting the installed components will remove it. Alternatively, to detect and remove this software, run a full-system scan with an up-to-date antivirus product such as the following:

So as we can see, it is described by Microsoft to be the thing that we actually want it to be, and that it has been detected as a tool that does what we actually want it to do, LOL.

You will be prompted with a screen a little bit like this:

First of all find the box that says “1. Select your target” and fill it in. If you want to DDos a website, put the web adress in the url box, if you have an ip you want to DDos then put the ip in the box.Then press the lock on button next to the text box you filled in.

Step 3: Configuring the Attack

Skip the big button that says [IMMA CHARGIN MAH LAZER] and go to section 3 that says attack options. keep [Timeout] [HTTP Subsite] and the [Speed] selector the same, but in tcp/udp message enter a random message. In [Port], type whatever port you want to attack, and in [Method], select UDP. (if your attacking a www site, keep the port the same. For minecraft servers it is usually 25565) Also, uncheck [Wait for reply] and keep [Threads] at 10. If you have a good pc you can change it to 20 but no more than 20. in the end, your screen should look like this:

Step 4: Fire the Lazer!!!!!!!!!!!!!!!!!!!

Now all thats left to do is press the big button that says [IMMA CHARGIN MAH LAZER]. once you have pressed that, you should see the requested column in attack status be filling up with loads of numbers and stuff. This is how many times it has requested that page or minecraft server or whatever from the server.

Now, keep in mind as I said, this is just packets coming from one computer. Any venerable webserver or website service should be able to handle a packet flood from your one little measly computer. However, if you had this same program flooding from say, 100 zombie PCs or 1,000… Well, that might be a force to contend with. How will this tool help you in your Penetration Testing, and showing a company where they are vulnerable? I have also seen this tool used to kill somebody’s ping times on XBOX and other multi-player games to a point where they just get kicked from the server. Keep this in mind, the next time someone is being a multiplayer Dick!

Hope you enjoyed this tutorial, and if you care to discuss other methods or DDos’s, go to MY FACEBOOK.

Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *