Table of Contents
Performing DDoS attack with Torshammer
DoS (Denial of Service), also referred to as a denial of service attack, is the predecessor of DDoS. In a denial of service attack, numerous legitimate requests are sent in an effort to overload the target server's resources, hence preventing the server from responding to requests.
DDoS attackers (Distributed Denial of Service) use multiple hosts to concurrently attack the target server and employ a decentralized approach based on Denial of Service. This renders the targeted server incapable of processing a large volume of requests even when a network defensive technology is implemented.
The following types of Distributed Denial of service can be differentiated based on the attack's general strategy.
- Bandwidth exhaustion: Regardless of whether it's a server or a network device, its bandwidth has a set maximum. It is known as "running out of bandwidth." Network congestion actually occurs when the set bandwidth has been used up, rendering it incapable of sending more network packets.
- ExhaustOS resources: The usual functioning of internet service needs a certain amount of operating system resources, both software and hardware resources such as connection tables and CPU and RAM. Whenever a resource is exhausted, the system is unable to manage additional regular network connections.
- Exhaust application resources: For an app to operate correctly, it usually needs to share information with other systems or resources. The processing of legitimate requests will also slow down or stop entirely if the application has been busy processing bogus requests from a DDoS attacker.
In this guide, we will be showing you how to use torshammer to perform a DDoS attack on the target website.
- Python installed on your Linux server
- Basic knowledge of how proxies work.
- Target website (We can run one of the vulnerable websites for use on this attack e. OWASP Juice Shop, Damn Vulnerable Web application).
Introduction to Torhammer tool
Tor's Hammer is a Python-based delayed post-dos testing tool. Torhammer utilizes the Tor network to anonymize its attack and avoid detection. Using the Tor network to anonymize attacks makes it the perfect tool for the job in a case where the target website has rules banning IPs sending a large number of traffic.
While using the Tor network for DDOS attacks, Torhammer assumes you are just using Tor on 127.0.0.1:9050. The tool kills almost all of the unprotected Apache and IIS web servers with a single instance.
Installing Torhammer tool
Since the Torhammer tool is python based, it is a cross platform tool. To install it, we must install Tor on our system for use with Torhammer.
$ sudo apt-get install tor
We can now use Torhammer with Tor. The next step is to download the tool from its official GitHub repository.
$ git clone https://github.com/dotfighter/torshammer.git
After the download is complete we navigate into the newly created folder.
$ cd torshammer
Within the folder, we have the three files which make up the Torhammer tool: socks.py, terminal.py and torshammer.py. To run the DDoS attack we will be using the torshammer.py file.
While using the Torshammer tool to launch a DDoS attack, we can specify the details of the target and even choose whether to use Tor or not. These commands include;
- -t - -sets the target <Hostname|IP>
- -r - -sets the number of threads <Number of threads> Defaults to 256
- -p - -sets the port <Web Server Port> Defaults to 80
- -T - -tor Enables anonymising through tor on 127.0.0.1:9050
- -h - -help Shows this help
Launching a DDoS attack against a target website on localhost
We already have a running instance of DVWA on which we will be performing a DDoS attack on. To completely render the website unusable, we navigate to the Torshammer folder and run the below command.
$ python torshammer.py -t 127.0.0.1 -p 80 -r 50000
After some time, if you try to load the DVWA webpage on your browser, it will be stuck on loading as shown in the image below.
If you want to use the Tor network, when launching your attack make sure you add the -T function which provides security, as well, as providing a new identity in a case where the target site is programmed to ban IP addresses which keep a connection open for a specified amount of time.
As illustrated in the above guide, we can be able to launch a DDoS attack on a target from our computer. The target website was rendered unusable just after a few seconds of running the Torshammer tool. In a DDoS attack, the attacker slows down the normal function of the target website by sending many random packets to the webserver.
Over the year, DDoS attacks have evolved and so has the mechanisms employed to mitigate this kind of attack. Some of the ways that you can mitigate these attacks include;
- Using AI based DDoS attack security for a higher accuracy of recognizing such kinds of attacks and acting before it is late.
- Hosting your website on some of the major cloud based hosts. Having a powerful and hardened architecture for your website. i.e. Use firewalls and DDoS attack detection software.
- Always have a backup version of your website. The backup version should be static so as to use the least amount of resources hence improving its performance.
Before launching a DDoS attack against a target always make sure you have obtained consent from the involved parties. Launching DDoS attacks on websites is a criminal act prohibited by law around the world.