MUHAMMAD MOOSA

231272
BSCYS-A-4

LAB 6

Lab Tasks and Step-by-Step Execution

The lab tasks are divided into sections based on attack types and tools used.

Task 1: Perform a DoS Attack using Metasploit (SYN Flooding)

Step 1: Set Up the Lab Environment

● Required virtual machines:

○ Windows 10 (Target)
○ Parrot Security OS (Attacker)

● Tools Used: Metasploit

Step 2: Launching the Attack

1. Start the Parrot Security and Windows 10 virtual machines.

2. Open MATE Terminal in Parrot Security.

● Switch to root user:

sudo su
● Enter password: toor
● Start Metasploit Framework:
msfconsole
3. Load the SYN Flooding module:
use auxiliary/dos/tcp/synflood
4. Set the target IP:
set RHOST 10.10.10.10
5. Set the target port (example: FTP port 21):
set RPORT 21
6. Start the attack:
exploit
7. Monitor the attack on Wireshark on Windows 10.
Task 2: Perform a DoS Attack using hping3
Step 1: Setup

● Tools Used: hping3

● Target: Windows 10

Step 2: Launching the Attack

1. Open Terminal in Parrot Security.

● Run the following command to send a large number of SYN packets:

hping3 -S --flood -V -p 80 10.10.10.10
○ -S → Sends SYN packets.
 ○ --flood → Sends packets as fast as possible.
○ -V → Verbose mode.
○ -p 80 → Target port (HTTP).
○ 10.10.10.10 → Target IP.

2. Observe the impact on the target machine using Wireshark.

Task 3: Perform a DDoS Attack using High Orbit Ion Cannon (HOIC)
Step 1: Setup

● Required Virtual Machines:

○ Windows 10 (Attacker)

○ Windows Server 2019 & 2016 (Attackers)

○ Parrot Security OS (Target)

● Tool Used: HOIC (High Orbit Ion Cannon)

Step 2: Launching the Attack

1. Turn on all virtual machines.

2. Copy HOIC tool to each attacker's desktop.

3. Run HOIC on each attacker machine.

4. In the HOIC main window:

○ Click “+” under Targets.

○ Enter Target URL/IP: http://10.10.10.13

○ Set Power Level to High.

○ Select Booster: GenericBoost.hoic

5. Click “FIRE TEH LAZER” to start the attack.

6. Monitor network traffic using Wireshark on Parrot Security.

Task 4: Perform a DDoS Attack using Low Orbit Ion Cannon (LOIC)
Step 1: Setup

● Required Virtual Machines:

○ Windows 10 (Attacker)

○ Windows Server 2019 & 2016 (Attackers)

○ Parrot Security OS (Target)

● Tool Used: LOIC (Low Orbit Ion Cannon)

Step 2: Launching the Attack

1. Start all virtual machines.

2. Open LOIC on all attacker machines.

3. Enter Target IP: 10.10.10.13

4. Set Attack Type:

○ Select UDP Attack.

○ Set Threads to 10.

○ Adjust Power to Medium.

5. Click "IMMA CHARGIN MAH LAZER" to start the attack.

6. Use Wireshark on Parrot Security to observe packet floods.

Task 5: Detect and Protect Against DoS/DDoS

Step 1: Detect DoS Traffic using Wireshark
1. Open Wireshark on Parrot Security.

2. Select the network interface (eth0).

3. Start packet capture.

Apply the following filter to detect SYN Flood:

bash
CopyEdit
tcp.flags.syn == 1 && tcp.flags.ack == 0

4.
5. Observe excessive SYN requests from a single or multiple IPs.

Step 2: Protect Against DoS/DDoS

1. Use Firewall Rules:

Block excessive connections from a single IP:

bash
CopyEdit
sudo iptables -A INPUT -p tcp --syn -m limit --limit 1/s -j ACCEPT
sudo iptables -A INPUT -p tcp --syn -j DROP

Enable SYN Cookies:

bash
CopyEdit
sudo sysctl -w net.ipv4.tcp_syncookies=1

2.
3. Use an Anti-DDoS Solution like:

○ Cloudflare

○ AWS Shield

○ Anti-DDoS Guardian

Summary of Key Learnings

Attack Type Tool Target Defense
Used
SYN Flood Metasploit Windows 10 SYN Cookies, Firewall Rules

UDP Flood hping3 Windows 10 Rate Limiting, Firewall Rules

DDoS Attack HOIC Parrot Security Cloudflare, Anti-DDoS Guardian

DDoS Attack LOIC Parrot Security Traffic Filtering, Firewalls