helpukr.xyz  -  Help Support Ukraine!
If you are at a device with more control over like a Computer, you can use much more advance DDoS techniques, this allows you to have your computer generate complex payloads of data, abstract query’s and all kinds of other server abusing craziness.
In this section we’ll detail all kinds of useful software that can be used to attack our targets from.

First and most important:

Get A Trusted VPN to both protect your identity and make your attacks more effective.

VPN Example

OpenVPN 
It's Free, secure and offers thousands of locations all over the world.
They are able to offer an extremely well refined & powerful VPN service to the world for free.
Trusted by millions of users worldwide.
This service is hosted and managed by a company that deals in commercial products to fund it.
They aspire to create the best VPN platform they possible can for free, and do their best to ensure its better than the competition by backing it with their companies assets.
For more info, Click the link: What Is OpenVPN? | OpenVPN.

Extra addition: OpenVPN removed Russian servers from their list, you can download the Russian config files here: http://zozulya.com.ua/and add the config files into OpenVPN It's a free Russian VPN..

Proton VPN 
ProtonVPN is owned and operated by Proton Technologies AG. ProtonVPN is a sibling to ProtonMail, a secure email service built to protect activists, journalists, and others worldwide
Like OpenVPN, ProtonVPN has a free version, however its recomended to get at least the $5 package to get access to a lot more IP's that will be a lot more effective for our tasks.
For more info, click the link: Proton VPN: Protect Yourself Online

Click Here (or the VPN button at top of page) to See a bigger list of VPN's

Types of DDoS Attack:

There are several ways you can go about dosing a target.

The OSI model is a perfect example to reveal the types of DDoS attacks. The OSI layer is divided into 7 types and according to it, the different types of attacks come under different levels of OSI layers. Where all DDoS attacks involve target base or traffic networks, hereby attacks are classified into 3 categories that are application-layer attacks, protocol attacks, volumetric attacks. According to the target vector,
the attackers plan to use one or multiple methods.
DDoS attacks are used to suspend online services and make them unavailable to end-users.

What are the types of DDoS attacks?

DDoS attacks are divided into several types:.

  1. Application layer attacks
2. Protocol attacks
3. Volumetric attacks

Some common DDoS attacks are listed below:

1. UDP Flood
2. ICMP Flood
3. SYN Flood
4. Ping of Death
5. NTP Amplification
6. HTTP Flood
7. Slowloris

Different types of DDoS attacks explained:

Application layer attacks

These are sometimes been known as layer 7 attacks to destruct the resources available in the target area. The DDoS attack is mainly in the area where webpages are created and transmitted through requests (HTTPS). An HTTP request can be too small on the client side but the response from the server is too large as it may hold multiple files and queries to build a webpage. Mostly this type of attack is difficult to protect as the traffic may be a concern to determine as malicious.
The HTTP flood is an example of applying the press button again and again in a web engine browser on many systems at a time making the server flood with requests and occurring denial of service to users. The HTTPS flood attacks range from one to many, i.e. simple implementations access one URL and complex implementations access many URLs with attacking IP addresses.

Protocol attacks

They mainly utilize layers 3 and 4 of the protocol stack to make the target not been accessed. These attacks consume the state capacity of web servers and firewalls etc.

Here is an example of SYN Flood where requests are being unanswered and the process continues. For example, labor in a supply room gets a request from outside of the storeroom for a package. By hearing this, the labor goes and gets the package and waits for the final confirmation before he takes the package out of the storeroom. By the time the labor gets many more requests and without confirmation, the process goes unanswered and waits for the final step to closed.

Volume attacks

This kind of DDoS attack will consume to use the bandwidth of target and internet networks.
To succeed in this attack, attackers overflow the website with malicious traffic. This results in the stoppage of legitimate traffic and results in denial of service.

Some DDoS attacks are mentioned below:

  1. UDP or User Datagram Protocol is a DDoS attack that is initiated by forwarding a huge number of UDP packets to other ports. The far distance host will reply accordingly as :

    •Checking for application or no application listens at that port.
    •Replying with ICMP packets
    • Usually, UDP flood attacks tools are of 2 types as Low Orbit Ion Cannon and UDP unicorn
    • These attacks can be handled by implementing firewalls at end networks to filter out malicious traffic.
        It attacks the end networks with a packet having static or random Internet protocol addresses.
  1. ICMP Flood or Ping Flood follows the same principle as UDP Flood and it is a common DDoS attack where the striker ruins down the victim’s system by continuously sending requests called pings. There are several ping commands like n,l,t where the n command is the number of times requests are being sent, the l command tells us the amount of data sent in a packet, and the t command is used to ping data.
  2. TCP SYN Flood is a DDoS attack where client and server establish a three-way handshake which is described below:

First of all, the client is requesting for connection by sending an SYN message to the server-side. Once the server receives the connection request, it sends back an acknowledgment message to the client, to which the client responds with acceptance, and thereby the connection has been established.

Here the striker sends continuous messages (SYN) to the server, mostly having a false IP address. The server receives being unknown lots of requests for connections. Either way the server attacked with malicious requests sends the acknowledgment, but it waits from the client-side for the same.

  1. Slowloris is a high-level attack where one server takes down others without hampering services on the same networks. Slowloris by its name creates a connection to the target server by sending only partial requests. The server keeps this connection open which later overflows and leads to denial of service.
  2. Those attackers are mainly focused on attacks due to some ideology, Extortion, Business rivalry, etc.
  3. Zero Based DDoS attacks include unknown attacks and have no patch left behind.

Top recomended simple DDoS tools

Before moving on to a big list of DDoS tools, here are the most simple and effective ones.

Death by 1000 Needles


Death By 1000 Needles is one of the simplest and most effective tools of all to flood Russian propaganda and infrastructure, It's as simple as downloading an app and opening it on your PC.
Built in the GO Language it can flood every protocol on each daily target list with little to no effort, not only that but the target lists are automatically updated allowing us to better coordinate our attacks and inflict the maximum amount of damage onto the targets.
It supports lots of platforms including: Windows, Linux, BSD, Solaris and, macOS as well as supporting multiple architectures (ARM, x86, x64).
If you’re OS / architecture isn’t supported you can get the source from GitHub and try and compile it for your platform, It's been done on Android a few times, IOS 1 or 2 times.

Visit the GitHub | Download Death by 10000 Needles via the GitHub Releases

Disbalancer Liberator


Disbalancer is another easy to use DDoS app that works a lot like Death by 1000 needles. Disbalancer have their own targets so there targets might not always be the same as ours, they are however good legit targets and o occasionally overlap with our targets.
Just like db1000n did, it has support for a lot of platforms, including Windows, MacOS and Linux

Warning: This app is seen as a virus, It's not so no need to worry, the reason it thinks it's a virus is because from what the computer understands is you have an single .exe file on your machine that when open displays no window by default and then floods tons of services. Its best to open it with CMD or any other console application to see a window.

Visit the GitHub | Download Disbalancer - Liberator via GitHub | Visit their website

helpukr.xyz http(s) flood  


HTTP Floods are a extremely easy way to flood a target.
They are simply webpages that when accessed in a browser are instructed to send requests to a defined list of targeted russian websites over and over again.

some the main benefits of this kind of flood is that you can use it on any device with a browser, no need to install any software, no need to root your mobile device to run it, and it's the safest way to flood a target if you for whatever reason refuse to use a VPN, Proxy or even Tor (which I've seen a few times). If you want to use the ToR browser to preform your attacks then a http(s) browser flood is one of the best ways to go about it, though you can use a Linux distribution called "parrot OS" to run your entire network through ToR for the other tools.
Our browser flood tool is updated every morning with the new targets put out by the IT Army of Ukraine, We are always the first to update the targets and likely the most frequently updated browser flood tool out there. We work on a by day basis, meaning each day there will be a new .htm webpage available on our site for you to use, you can access it from the main index page or click the link as soon as it's posted in the IT Army of Ukraine's [English] Telegram Server.
We use GitHub to host which is a very powerful Microsoft service, it guarantees our site flood pages will always be available until the end of Putin’s prophetic war. We’ve tested our flood site to be working on: Android 6 and above from default browsers, IOS 9 and above, MacOS Leopard and above (Actively run on a powerMac G5 Quad), All Linux with a GUI, All BSD with a GUI, Windows xp and above, Smart TV Browsers, Xbox One, PS4, PS5 & now Windows Phones (tested with Lumia 650 and Lumia 950)

Go to "Browser Flood Tool" section of this website. | Visit the GitHub

The following infomation is sourced from Step 4 and above in the "How to get started" PDF file

view the origional document How to get started v1_9.pdf here

Attack (Test) Programs

Get yourself a good attack (DDOS) program. On the sites themselves are examples on how to use them.
If you have to bypass Cloudfare UAN anti-DDOS, you could use:

https://github.com/yottaiq/CloudAttack

Here are a few others (non Cloudfare):

4.1 Slowloris

Slowloris is basically an HTTP Denial of Service attack that affects threaded servers. It works like this:

1. We start making lots of HTTP requests.
2. We send headers periodically (every ~15 seconds) to keep the connections open.
3. We never close the connection unless the server does so. If the server closes a connection,
     then we create a new one keep doing the same thing

This exhausts the servers thread pool and the server can't reply to other people. In order to run the attack, we need the logic of slowloris, however we won't write it by ourselves, instead, use the Python Slowloris implementation from an open source repository in Github.

https://github.com/gkbrk/slowloris

The script runs 150 sockets by default. After the installation just run:

$ python3 slowloris.py [website url] -s [number of sockets]

4.2 Manyloris

Manyloris is a neat tool that allows to run Slowloris for multiple targets. It receives a list of targets and ports. You must have slowloris installed before you can run Manyloris. The targetlist is easy to make. Just create a simple text (.txt) file with the following format (add as many targets as you like):

123.423.1.1:80:443
12.1.612.123:80:443:8443
231.23.522.3:443:80
141.101.123.30:443

For each target in the list, your system will start a slowloris attack.

https://github.com/mjalt96/Manyloris

4.3 Bombardier

https://github.com/codesenberg/bombardier/releases/tag/v1.2.5

(example use : Example usage - ./bombardier-linux-amd64 --duration=240h --connections=1000 -- latencies https://lenta.ru)

It maybe wise to run your query in a docker:

https://github.com/nitupkcuf/runner

[More information required]

4.4 DB1000N

Check our own program - Death by 1000 needles (DB1000N)

https://github.com/Arriven/db1000n

This is software for coordinated DDoS attacks on the occupier’s infrastructure. The main advantage of this method is that users only need to run the program on a PC to carry out attacks, and all coordination will be carried out and configured by administrators with the support of cyber security specialists.

Instructions for use and all necessary links are on the main website:

https://hackmd.io/pl_ucHTWQUmO9ubmzRT1tQ

Please join everyone and download the program to your PC before the evening attacks, because then we will carry out the first attack with DB1000N. Stay tuned in the channel and look for upcoming updates.

INFO :

  Here’s a cool neat ARP Spoofing article, also known as ARP Poisoning
  actually used for Man in the Middle (MitM) attacks. This can be very effective
  if you happen to know the IP addresses of routers along the way.

  https://medium.com/geekculture/simple-but-powerful-denial-of-service-
   dos- attack-8c7dfd60045f

Ty R3X, for this contribution on proxychains.

This area of the origional documentation is outdated, so it has been replaced with details on our html flood tool.. If you want to view the origional content, open this PDF (also listed above).

Every day we create a new .htm page that allows you to flood the daily targets with minimum effort.
You can download these .htm pages and load them into the ToR browser, from there you can flood these targets via the iP address given by the ToR Browser.
You don't need a VPN for this, so long as you are making use of the ToR Browser.
Follow the instructions on the page to download a local copy of the .htm page or grab it off our GitHub.

https://github.com/helpukr/helpukr.github.io

4.5 How to create a local HTML page (For Windows)

1. Open the github page and click on the current day's file with the extension .htm e.g. day94.htm

2. Select the code as you would normally select text in a document.

Don’t use “Select All” because that will select the entire page and you only want the code.
If you're having problems selecting all the code, click the "Raw" button at the top right, it will only show the code.

3. Open a new notepad file and paste the copied code in the new file and save it somewhere locally on your computer. Make sure you change the extension of your new file is .html

4. Find your file in ‘Explorer’, select the file by clicking ONCE (left mouse button), hold down the SHIFT key and right-click on the selected file. Select “Copy as path”.

Be careful not to double click this file because it will open in your selected default HTML program, most likely a normal browser and you will be exposed.

5. Open your TOR browser and paste (CTRL-V) the copied path in the address bar of your TOR browser. You have to remove the double quotes (“”) on each end or it won’t open. Hit enter when you’ve removed the quotes.

Click Continue to start the flood!

Step 5 (optional): SOCKS Proxy and proxychains

This next step is somewhat advanced and you will need a bit on Linux knowledge. If you’re really paranoid you can also run your network connection through several proxy (socks) services but this is not strictly necessary. Here’s a list of free proxy services (servers):

https://spys.one/en/socks-proxy-list/

INFO :

  SOCKS is an Internet protocol that exchanges network packets between a client and server through
  a proxy server. SOCKS5 optionally provides authentication so only authorized users may access a
  server. Practically, a SOCKS server proxies TCP connections to an arbitrary IP address, and provides
  a means for UDP packets to be forwarded. SOCKS performs at Layer 5 of the OSI model (the session
  layer, an intermediate layer between the presentation layer and the transport layer).socks server
  accepts incoming client connection on TCP port 1080, as defined in RFC 1928

In Linux, you can achieve this added layer of security by using "proxychains". It's easy to install. Open a terminal (commands for Kali so you may have to adjust slightly if you are using a different distro/version)

$ sudo apt install proxychains

COMMAND TO START PROXYCHAINS (below):

$ proxychains [browser name of choice] ipleak.net Example: $ proxychains firefox ipleak.net

This will open up a special browser session that will route all traffic through a series of proxy servers. If you are using anonsurf (also recommended and mentioned earlier in the document) proxy chains will route AFTER tor (local>tor>proxychains>target). It also works with several security related tools like nmap.

Some distros already have proxy chains installed by default.

Ty R3X, for this contribution on proxychains.

Step 6 (optional): NMAP Port Scanner

Click Continue to start the flood!

https://nmap.org/

Please read the manual carefully. NMAP is a very powerful tool with many options to discover open ports. A good site to learn quickly is:

https://www.freecodecamp.org/news/what-is-nmap-and-how-to-use-it-a-tutorial-for-the-greatest-scanning-tool-of-all-time/

For the WINDOWS users among us, there is a GUI for nmap, called zenmap:

https://nmap.org/zenmap/

It does the same thing except it comes with a nice user-friendly GUI (Graphical User interface).

INFO :

  Anonymous also created a webpage with tools that you can use in order to help the war effort in
  Ukraine. Most tools will do the same as the tools described in this document, however they are for
  more advanced users. If you have no technical experience we suggest you follow the rules outlined
  in this document in order to stay safe and get yourself up and running in the shortest possible time.

  Never the less, great work Anonymous !!

  #Anonymous Tools for #OpRussia #UkraineUnderAttack – Anonymous Worldwide

TIPS and tricks:

TIP 1: NMAP

For anyone who has access to nmap already, nmap is pre-installed in Kali and ParrotOS. Check if you have this script by running this in the terminal "locate http-slowloris.nse" if you see this:

/usr/share/nmap/scripts/http-slowloris.nse

You can then use it on any desired IP.

nmap -vv --script http-slowloris --max-parallelism 400 <target IP>

TIP 2: DNS

We also recommend changing your DNS to 9.9.9.9. This is an open DNS recursive service for free security and high privacy since your local DNS service may not always give you what you need in terms of reliability.

https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10

TIP 3: Randomized MAC addresses

There's two controls for using random hardware addresses—one is for all Wi-Fi networks and the other is for the specific Wi-Fi network you choose. When you turn it on for all networks, random hardware addresses are used while your PC scans for networks and connects to any network. When it's turned on for a specific network you choose, random hardware addresses are used the next time you connect to that network.

https://support.microsoft.com/en-us/windows/how-to-use-random-hardware-addresses-in-windows

INFO :

  Some of the information (webbrowsers) in this article was taken from the following article :

  https://hackmd.io/pl_ucHTWQUmO9ubmzRT1tQ

  Please check it out. It has a lot of additional information. Credit where credit due.

Many people in Russia have no idea what’s going on. It’s a myth that every single Russian citizen supports the war. In fact, most Russian don’t even know that Russia is the aggressor and that there even IS a war in the first place. So, in order to make them aware, you could go onto a popular website like tripadvisor or Trivago, find a Russian restaurant or hotel and give them a review.

Anonymous had a standard text that you could use, however in order to bypass spam filters you may alter the text slightly. Be creative with penetrating the minds of the average Russian citizen.

Here’s the Russian text :

Еда была хорошей! К сожалению, Путин испортил нам аппетит, подло развязав войну с Украиной. Россияне, пора восстать против диктатора, пока еще не поздно! Во избежание смертей невинных людей и молодых российских солдат, которых кинули в мясорубку! Во имя мирного неба над вашими же головами, во имя будущего ваших же детей. Пожалуйста, встаньте, чтобы остановить эту бессмысленную войну. Украинцев убивают, ваши пацаны гибнут из-за сумасшедшего эго, имперских амбиций, непомерной жадности и кошелька!

You can change random Cyrillic letters such as "a, e, c, o" to Latin, they will look the same to get passed spam filters.

Translation:

The food was good! Unfortunately, Putin spoiled our appetite by vilely unleashing a war with Ukraine. Russians, it's time to rise up against the dictator before it's too late! In order to avoid the deaths of innocent people and young Russian soldiers who were thrown into a meat grinder! In the name of a peaceful sky above your own heads, in the name of the future of your own children. Please stand up to stop this senseless war. Ukrainians are being killed, your boys are dying because of a crazy ego, imperial ambitions, exorbitant greed and a wallet

TIP 5: Find any Russian website you can and place a message.

Our valued member Insschnimp made a great tutorial on spamming Russian websites:

Russian websites where you can rate, blog or discuss as a quick way to get rid of messages. Sometimes they are checked before publishing, then at least the checker reads it. Maybe you can find websites where small posts are published directly. He managed to do that in a short time! He was able to post 5 messages extremely quickly.

Excellent work Insschnimp!


So please always remember this order :

    • Install OS
    • Hide identity !!
    • Attack (test)