World Best Powerfull DDos Attack Tool LOIC || Live Video || How to Install LOIC Tool any Linux, Windows, Android
October 19, 2020
By
SUMAN MONDAL
A LOIC (Low Orbit Ion Cannon) is one of the most powerful DOS attacking tools freely available. If you follow news related to hacking and security issues, you doubtless have been hearing about this tool for the past several months. It has become widely used, including in some highly-publicized attacks against the PayPal, Mastercard and Visa servers a few months back. This tool was also the weapon of choice implemented by the (in)famous hacker group, Anonymous, who have claimed responsibility for many high profile hacking attacks, among them, hacks against Sony, the FBI and other US security agencies. The group not only used this tool, but also requested that others download it and join Anonymous attacks via IRC.
In this brief article, I will give an overview and operational model of the tool. There are 2 versions of the tool: the first is the binary version, which is the original LOIC tool. The other is web-based LOIC or JS LOIC.
🌀 Video 🌀
✳️ Installation ✳️
Step 1: Download LOIC File And Extract File
Step 2: Open Terminal and Open File Location
Step 3: Run All Commands
Step 4: Open LOIC File User Terminal
Step 8: Successfully Installed Ckeck Live Demo Video
How to prevent the attack of LOIC: LOIC is available for free to download and use, and can be used effectively with very little hacking experience. Anyone that wants to can attack a website with this
✳️ Live Use LOIC DDOS Attack Tool Videos :-
About The Original LOIC Tool:
The LOIC was originally developed by Praetox Technologies as a stress testing application before becoming available within the public domain. The tool is able to perform a simple dos attack by sending a large sequence of UDP, TCP or HTTP requests to the target server. It’s a very easy tool to use, even by those lacking any basic knowledge of hacking. The only thing a user needs to know for using the tool is the URL of the target. A would-be hacker need only then select some easy options (address of target system and method of attack) and click a button to start the attack.
The tool takes the URL of the target server on which you want to perform the attack. You can also enter the IP address of the target system. The IP address of the target is used in place of an internal local network where DNS is not being used. The tool has three chief methods of attack: TCP, UDP and HTTP. You can select the method of attack on the target server. Some other options include timeout, TCP/UDP message, Port and threads. See the basic screen of the tool in the snapshot above in Figure 1.
The LOIC version used by Anonymous group attacks was different than the original LOIC. It had an option to connect the client to the IRC (Internet Relay Chat). This allowed the tool to be remotely controlled, using the IRC protocol. In that case, the user machine became part of a botnet. A botnet is a system of compromised computer systems connected to each other via the internet, which are in turn controlled by the attacker who directs the malware toward his / her target. The bigger the botnet, the more powerful the attack is.
Figure 2: Modified version of LOIC with an option for IRC connect
Type of attacks: As I’d mentioned previously, the LOIC uses three different types of attacks (TCP, UDP and HTTP). All three
methods implement the same mechanism of attack. The tool opens multiple connections to the target server and sends a continuous sequence of messages which can be defined from the TCP/UDP message parameter option available on the tool. In the TCP and UDP attacks, the string is sent as a plain text but in the HTTP attack, it is included in the contents of a HTTP GET message.
This tool continues sending requests to the target server; after some time, the target server becomes overloaded. In this way, the target server will no longer be able to respond to requests from legitimate users, effectively shutting it down.
Analysis of the attack:
UDP Attack: To perform the UDP attack, select the method of attack as UDP. It has port 80 as the default option selected, but you can change this according to your need. Change the message string or leave it as the default.
TCP Attack: This method is similar to UDP attack. Select the type of attack as TCP to use this.
HTTP Attack: In this attack, the tool sends HTTP requests to the target server. A web application firewall can detect this type of attack easily.
How to use LOIC to perform a Dos attack: Just follow these simple steps to enact a DOS attack against a website (but do so at your own risk).
- Step 1: Run the tool.
- Step 2: Enter the URL of the website in The URL field and click on Lock O. Then, select attack method (TCP, UDP or HTTP). I will recommend TCP to start. These 2 options are necessary to start the attack.
Figure3: LOIC in action (I painted the URL and IP white to hide the identity of the victim in snap)
- Step 3: Change other parameters per your choice or leave it to the default. Now click on the Big Button labeled as “IMMA CHARGIN MAH LAZER.” You have just mounted an attack on the target.
After starting the attack you will see some numbers in the Attack status fields. When the requested number stops increasing, restart the LOIC or change the IP. You can also give the UDP attack a try. Users can also set the speed of the attack by the slider. It is set to faster as default but you can slow down it with the slider. I don’t think anyone is going to slow down the attack.
The HTTP-Attack can be used as a bandwidth reaper or for massdemanding (dynamic) content.
Options
In the "subsite" you can specify the page to request.
If "Append random chars" is checked, 6 random characters are added at the end of the subsite. (usefull with dynamic pages and get-parameters)
If "Wait for reply" is checked, the complete document will be downloaded.
If it is unchecked, the page is only requested but not (completely) read. However the server starts to send the document until your receivebuffer is full. This option is especially intereseting for noncached dynamic pages where the processing time is more valuable than the used bandwidth.
In the "Timeout" field you set the read timeout in seconds. This is only important if "Wait for reply" is checked.
Remarks
"Failed" counts the unsuccessful connection attempts to the target. If "Wait for reply" is checked, "Failed" is also increased, if the target took longer than the time specified in "Timeout" to deliver the page.
The TCP / UDP method is a packet flooder. It is NOT a SYN-Flooder!!
Options
In the "message" you can set some payload to send to the targeted service.
If you need the newline chars, you can use \\r and \\n to construct the desired command / message.
If "Append random chars" is checked, 6 random characters are added at the end of the message.
"Wait for reply" waits until the packet is completely send. (you may want to check this on slower connections!)
Remarks
"Failed" counts the unsuccessful connection attempts to the target.
In most cases 10 threads is more than enough and should use all available upload-bandwidth, however with the speed-slider you can adjust this.
The ReCoil attack focuses on keeping the connections alive as long as possible, but it is not the same as SlowLoris. It is more like a "reverse" DOS-attack.
A fully legimit request is made but the download-speed is slowed down to nearly 0 by reading just enough from the network to keep the socket alive.
The attack itself produces NO errors - there are just a bunch of HTTP 200 in the access logs. If the server runs out of available ressources and goes down, there might be an system error entry.
Especially all servers, that are vulnerable to SlowLoris, are vulnerable to this attack. ReCoil however is not as "easy" mitigated as SlowLoris. Think of it as a bunch of mobile devices requesting a page just before driving through a tunnel.
Prerequisite
Due to the nature of the attack the requested site has to be at least 24kb (better larger).
The exact minimum filesize depends on the network buffer space of the attacking system. For most 10/100 connections around 24KB should work, while on gigabit connections filesizes beyond 64KB are needed.
NOTE: Your LOCAL link speed is the essential key not your internet speed! (meaning if you have a 1MBit internet connection and you are have a 1 gigabit link to your modem / router, you are pretty much screwed! --> target pdfs or big stuff like that!)
Options
In the "subsite" you can specify the page to request. (keep the size in mind and do a bit scouting!)
If "Append random chars" is checked, 6 random characters are added at the end of the subsite. (usefull with dynamic pages and get-parameters)
If "Wait for reply" is checked, ReCoil follows Header redirects and discards early documents, which are smaller than 16KB. (Only apply this if needed)
The "Timeout" field is for the wait time in seconds between reading from each socket. This must be less than the write timeout on the target side.
The amount of worker "threads" can be changed during the attack at any time. This value should be initially lower than the maximum allowed half-open connections.
To consume even more memory you can additionaly check the "use gZip" - but remember the resulting document has to be of reasonable size!
In the "Sockets / Thread" field you can define the number of connections per thread. (this number should not be insanely high - if you go over 100 it might be better to increase the amount of threads!)
the speed-slider sets just the delay between the creation of sockets.
Remarks
The "requested" value shows the amount of currently connected sockets.
If no thread is in the "Connecting" state you should increase the number of threads - if all your threads or most of them are connecting you should lower the amount of threads.
"Failed" counts the connections which were reset by the server. If "Wait for reply" is checked it also counts the unsuccessful attempts which are early discarded.
If "failed" goes up too fast you are doing it WRONG!
Tip
If you target a system which is not vulnerable to this attack you can always go for port-starving!
Just use up all max possible 64K connections and you are done! (running 16 clients with 5.000 connections each should do the trick!)
SlowLoris (originally by RSnake) keeps the connections alive as long as possible by sending partial headers but nether completing the request.
Options
In the "subsite" you can specify the page to request.
If "Append random chars" is checked, 6 random characters are added at the end of the subsite. (usefull with dynamic pages and get-parameters)
The "Timeout" field is for the wait time in seconds between sending a new part of the header. This must be less than the read timeout on the target side.
The amount of worker "threads" can be changed during the attack at any time. This value should be initially lower than the maximum allowed half-open connections.
Check "use gZip" to check for CEV-2009-1891.
Check "use GET" to use the GET-command instead of POST. (mods like http-ready mitigate GET-attacks)
In the "Sockets / Thread" field you can define the number of connections per thread. (this number should not be insanely high - if you go over 100 it might be better to increase the amount of threads!)
the speed-slider sets just the delay between the creation of sockets.
Remarks
The "requested" value shows the amount of currently connected sockets.
If no thread is in the "Connecting" state you should increase the number of threads - if all your threads or most of them are connecting you should lower the amount of threads.
"Failed" counts the connections which were reset by the server.
If "failed" goes up too fast you are doing it WRONG!
Tip
If you target a system which is not vulnerable to this attack you can always go for port-starving!
Just use up all max possible 64K connections and you are done! (running 16 clients with 5.000 connections each should do the trick!)
Online Hacking Admin
This information is only for educationla purpose and we are not responsible for any kind of illegal activity
0 Comments:
Post a Comment