Thursday, January 3, 2019

How to Perform DDOS Attack with XERXES

Which attack does the website owners hate most?

Well, I would say Distributed Denial Of Service Attack.

This is the easiest and an effective way to take down a website. At the begining, it was used by pen-testers for stress testing of websites. But the Anonymous first used it as an attack and named it the Distributed Denial Of Service attack.

This attack is mainly used to take revenge, you can't gain anything from it.

Here I am going to give you an idea about how it can be done. I will use an open source tool called Xerxes which is written in C programming language. The tool is very powerful and can be very effective if you use it in the right way.

I will use it in my own environment legally and it is recommended to not perform it on other's property without taking written permission.


Configure Xerxes in Kali Linux

Download the tool from Github and the credit goes to Zanayar Jamal, the creator of the tool.

Now fire up the Kali Linux machine and clone or download Xerxes on the Desktop. The desktop is the recommended location for Xerxes.

The commands I used are-

cd Desktop

The file is very small in size. After completing the download, navigate to the Xerxes folder by the commands-

cd Xerxes
ls
How to Perform DDOS Attack with XERXES

In the screenshot, I added above, you can see it contains two scripts, the one is 'Readme' and the other is the 'xerxes.c' script. The extension of the Xerxes script telling us that it is written in C language and we must compile before we use it. Let's go ahead and compile it using the command-

gcc xerxes.c -o xerxes
How to Perform DDOS Attack with XERXES

Here, I used the GNU compiler to compile it made an executable as 'xerxes'. Now navigate to the Xerxes folder. Xerxes can be taken in use for both website and machine You just need the name of the website or server or the IP address of a machine to perform the attack.

I will test it on my Metasploitable2 virtual machine because the Metasploitable2 have a web server with a few vulnerable frameworks. Let's execute Xerxes on it. The command I took in use-

./xerxes 192.168.43.198 80

Change the IP address with yours and the '80' is the port. Don't get confused.
How to Perform DDOS Attack with XERXES

Okay, Xerxes started sending botnets and if we refresh the Metasploitable 2 web server, it seems Xerxes took it down.

Stay Anonymous during the Attack

If you are testing it in your own environment, no need to hide. And also I am not telling you to attack others anonymously.

But if we see from the eye of a professional hacker, his first and most important step would be anonymous before starting the attack. 

There are so many anonymizers available on Github for Linux. You can take them in use. But remember one thing, nothing can give you a perfect anonymous state.

Conclusion

Xerxes gives a great efficiency and very easy to use and configure. This is a good thing for a student to learn these things.

This is a fact that nowadays there are still some websites who don't have DDOS protection. Xerxes with botnets can give them serious damage.

But for big websites, it is not enough performing the attack from one computer to take them down as they can handle a big amount of traffic. But for other small websites, this tool can be a serious problem.

If you found the tutorial helpful, let me know in the comment box and also let me know if you are facing any problem with configuring or using the tool. Have a great hacking journey and don't get caught.

Authored By: Manas Lahon

Disclaimer

The tutorial you found on this website is only for educational purpose. Misuse of the information can lead you to jail or punishment. Anything you damage, we are not responsible for that. Do use it on your own property. If you want to test it on other's property, take written permission from them.

Comments 0

Thanks for visiting us. Please Do comment with a valid name. Don't comment as Unknown.
(Warning: Do not spam in the comment box. Repetitive comments will not be moderated.)
EmoticonEmoticon