How to LOIC
Don't really know what to write about today, so I'm going to teach how to DoS a website using LOIC.
For those who don't know:
DoS = Denial of Service, not to be confused with DOS(disk operating system), or GLaDOS (Genetic Lifeform and Disk Operating System).
DDoS = distributed denial of service attack, which is linking a bunch of computers together to take down a target site.
LOIC = Low Orbit Ion Cannon, an easy to use GUI, for performing DoS or DDoS attacks.
GUI = Graphical User Interface
How it works:
Basically DoS attacks work by overloading your target's servers with more page requests than they can handle. This program called LOIC is capable of sending a lot of requests very fast.
Step 1:
Download LOIC. You can get it at http://sourceforge.net/projects/loic/ by clicking the big green download button. Note that some antivirus products may give you a warning. Mine identified it as a hacker tool, which it is, but it isn't harmful to MY system, so i told it not to worry about it. It won't harm your comp, so don't worry.
Step 2:
Set your target. This can be used for website stability testing by attacking your own site, it isn't purely for malicious purposes. So umm I guess I should absolve myself of liability and tell you not to use this to break the law, or something.
Sooo, for this example lets say I own stock in mastercard. Since I own a share of the company I'd like to make sure my company's site is reliable. In the "Select your Target" box you'd put in www.mastercard.com and click "Lock On". If done correctly you'll see the targets IP number pop up in the display. See pic for reference.
Step 3:
Attack mode and options.
TCP - this is the default and you shouldn't change it, for now. Skip to step 4 until your IP gets banned.
UDP - sends junk requests in a different way, use this when your TCP requests stop working.
HTTP - actually calls the sites http server and reports on successful/unsuccessful downloads to use up their bandwidth. It won't work once the site goes down though.
Step 4:
Press the big button in the upper right that says "IMMA CHARGIN MAH LAZER". If set up properly, your requests will climb. If/When they stop increasing you can try restarting LOIC or changing your IP. Or see step 3 and check out UDP mode. It should look like this:
Other Notes:
The site in the background of the above picture is a useful tool for checking that a site is really down. You can use it by going to http://www.downforeveryoneorjustme.com/
Using a proxy: You can't LOIC with a proxy, the requests will hit the proxy and not the target and it defeats the purpose.
Legal: DoSing(NOT DDoSing) is a legal grey area in most places but check local laws to be sure. I've never heard of an arrest for a DoS, but have heard of a few for DDoSing(though it's incredibly rare and usually just if you're running the server).
Deciding who to target: Use your power for good. I know a lot of people used DDoS attacks against the Egyptian government recently to support the protests over there, and I approve of things like that.
Also sony recently started banning modified PS3s from online services, and I personally think that if you paid good money for the machine, it's yours to modify however you want and maybe they should be denied some services themselves, but I'm not suggesting you go out and target Sony.com on your own. You wouldn't be likely to take them down without a strong network DDoS. I just think they deserve the hit for what they're doing.
Support good or funny causes. Hope somebody finds this article useful. I just didn't have much to write about today.
Comments