This movie demonstrates the use of GoldenEye to flood the HTTP service.
- [Voiceover] Websites are often the targets of denial of service attacks, and many tools exist for attacking them. One such tool is GoldenEye. It works by creating a lot of open sockets in the target system, eventually consuming all available sockets. GoldenEye is anhanced variant of the original Hulk tool. GoldenEye doesn't come with Kali, but we can download it easily enough. I'm in Kali and I'm at the GoldenEye GitHub page and on the right we can see the button to download it.
Let's do that. I'll tell Iceweasel to save it. We now have the GoldenEye zip file downloaded. So I'll click on the blue down to see all downloads. And I'll double click to open it. I'll select Extract, Other Location, Computer, User, Share. This is my Kali tools directory.
I'll now press Extract and the extraction completes. And it extracts in the GoldenEye master directory. I'll select Show Files and navigate down to GoldenEye master. I'll just right click and rename this to GoldenEye. Okay, we're now set. I've set up Windows 10 with a performance monitor shown in one window, and I've opened a command window so that we can use the netstat command when we're ready to go.
So I'll go into Windows 7 and connect to the Windows 10 web server. Okay, the service is running just fine. I've got a terminal window open in Kali. First I'll navigate to the GoldenEye folder. I can check the options in GoldenEye by entering goldeneye.py -h. The two action options are -w and -s.
The number of concurrent workers and the number of concurrent sockets. I'll take the defaults for the options. Before starting, I'll put a rule in the Kali firewall to drop reset packets. I do this by typing iptables -A output - p tcp - - tcp flags rst rst - d 192.168.1.8 -j drop.
Okay, I can now launch the attack by entering goldeneye.py http, 192.168.1.8 . I'll pop into Windows 7 and I'll refresh the website and we can see the service is unavailable. We can see spikes of CPU activity happening as a GoldenEye attack takes its toll. I can can enter netstat, and see all the connections.
So that's how we launch a web server denial of service attack. When you find a vulnerable website in your testing, you should recommend that the number of sessions from a single IP address be limited or the service be protected with a web application firewall.
Note: Our Ethical Hacking series will map to the 18 parts of the EC-Council's certification exam. This course maps to the 09 Denial of Service domain.
- What is denial of service?
- SYN flooding
- Smurf and URL flooding
- Deauthenticating a wireless host
- Flooding HTTP
- Using BlackEnergy
- Flooding SIP
- Detecting DoS with PeerShark
- Defeating DoS attacks