Close Menu

DDoS Attack – Stressing Attack

In the final stage of the development of any web system that will target users directly, the developers must test the expected number of users of the web application in order to approve the initial version of the site and produce a product that bears the number of potential audience.

 

The problem is with emerging applications when they are launched online, most of them are Shared Hosting | VPS Limited Resources.
Accordingly, it can stop working after the first 100 users or even after archiving it from search engine bots, so the test team makes a dedicated methodology to click on the site to get the record number that the site can serve from the number of visitors and requests at the same moment.


To do this we have to use automated compression tools to simulate the browsing process of a normal user and test whether malicious requests can be blocked by potential hackers.

Linux

Use a Linux system with any distribution, and I recommend a distribution dedicated to this purpose, such as Kali Linux

After that, use the built-in tool called:

Medusa & Hydra

You may need passwords to simulate the login process There are many files in Kali Linux distribution and in case you want to download external passwords you can use:

We use the following commands in the above tools to perform a simulated attack of user logins with switch paths to files. These commands are just an example to explain the mechanism

  1. hydra -L /usr/share/kali/wordlists/simple-users.txt -P /usr/share/kali/wordlists/password.lst sizzle.htb.local http-get /certsrv/

  2. # Use https-get mode for httpS

  3. medusa -h -u -P -M http -m DIR:/path/to/auth -T 10

 

This is in the login process

HTTP Post Forum

hydra -L /usr/share/wordlists/simple-users.txt -P /usr/share/wordlists/password.lst domain.htb  http-post-form “/path/index.php:name=^USER^&password=^PASS^&enter=Sign+in:Login name or password is incorrect” -V

# Use https-post-form mode for httpS