.

Xerxes Video - Th3J35t3r

<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Mon Mar 01, 2010 2:46 pm

Xerxes Video - Th3J35t3r

Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement. Infosec Island has gained exclusive access to a video demonstration of the XerXeS DoS attack as it is unleashed on the Taliban website www.alemarah.info, and carried out by infamous patriot hacker The Jester (th3j35t3r).

The video release follows an earlier announcement that The Jester has been working to improve and automate aspects of the attack method, which unlike a DDoS attack, requires only one low spec machine to implement.

https://www.infosecisland.com/blogview/2990-Exclusive-Video-of-XerXeS-DoS-Attack.html

Pretty cool vid .. and tool  ;)
All men by nature desire knowledge.

Aristotle
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Thu Mar 04, 2010 2:24 am

Re: Xerxes Video - Th3J35t3r

Looks quite fancy. Would be more interested on how it is implemented and achieving what it does though.
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Mar 04, 2010 9:00 am

Re: Xerxes Video - Th3J35t3r

No doubt.  I'm wondering how he manages to 'effective' DDoS the box, using only one machine, unless he somehow IS bouncing the attack off of multiple boxes along the way.  I'd like more detail, if he ever releases it, as to how this works.
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Thu Mar 04, 2010 9:45 am

Re: Xerxes Video - Th3J35t3r

Yea quite interesting. But don't you need just one machine to control a DDoS attack. At least when you have a nice botnet you can control. Or maybe it's some sort of amplification attack.

Anyway, I never really liked denial of service attacks.
ZF
<<

hayabusa

User avatar

Hero Member
Hero Member

Posts: 1662

Joined: Mon Jan 29, 2007 2:59 pm

Post Thu Mar 04, 2010 9:51 am

Re: Xerxes Video - Th3J35t3r

Well, they make it seem as if this is all done from one machine, with no outside assistance / resources.  So that's why I'm curious, as to how, as you say, they 'amplified' the attack, etc.

I'm no fan of DDoS, either, however, for this type of purpose, it's both effective, and curiously interesting (as to the 'how to')
~ hayabusa ~ 

"All men can see these tactics whereby I conquer, but what none can see is the strategy out of which victory is evolved." - Sun Tzu, 'The Art of War'


OSCE, OSCP , GPEN, C|EH
<<

zeroflaw

User avatar

Full Member
Full Member

Posts: 208

Joined: Fri Feb 12, 2010 10:41 am

Location: Holland, Den Helder

Post Thu Mar 04, 2010 9:57 am

Re: Xerxes Video - Th3J35t3r

hayabusa wrote:Well, they make it seem as if this is all done from one machine, with no outside assistance / resources.  So that's why I'm curious, as to how, as you say, they 'amplified' the attack, etc.


Oh, now I get it. Well that also raises my curiosity :P
ZF
<<

Data_Raid

User avatar

Full Member
Full Member

Posts: 165

Joined: Fri Nov 09, 2007 5:55 am

Post Thu Mar 04, 2010 10:45 am

Re: Xerxes Video - Th3J35t3r

Some additional information about ZerXes taken from an inteview (link posted at the end of my comments)

Q:  How did you first develop your DoS technique?

A:  Okay it started with a little script I wrote a while back to harden-test servers. I modified this script, and it was just a nasty script, very cumbersome. When I realized the extent of the jihad online recruiting and co-ordination involvement (much later), I realized I could turn this script into a weapon.  But the problem with that was it took me constantly shell hopping and wasn’t very user friendly. Now I have started on project XerXeS, an intelligent frontend with the ability to hit multiple targets autonomously.

Q:  So the automation does not hinder your technique’s effectiveness?

No, not at all. Each new wave uses a different IP (location). It starts with just one, but ramps it up if it detects system counter-measures.

Q:  What are the implications if something like XerXeS was combined with a large zombie network, and coordinated against critical U.S. infrastructure, like our communications, power grids, or financial systems?

XerXes requires no zombie network or botnet to be effective. Once a single attacking machine running XerXeS has smacked down a box, it's down, there is no need for thousands of machines. But, XerXeS does not hurt intermediary nodes along its path to the target. So the answer is that such institutions’ systems would still be intact, as it causes no collateral damage, just not functional.

https://www.infosecisland.com/blogview/ ... ttack.html
All men by nature desire knowledge.

Aristotle
<<

D4rk357

User avatar

Newbie
Newbie

Posts: 4

Joined: Mon Jun 28, 2010 10:53 am

Post Wed Sep 15, 2010 2:06 am

Re: Xerxes Video - Th3J35t3r

It is some sort of Smurf attack ?? my closest guess  ???
<<

MaXe

User avatar

Hero Member
Hero Member

Posts: 671

Joined: Tue Aug 17, 2010 9:49 am

Post Wed Sep 15, 2010 4:04 am

Re: Xerxes Video - Th3J35t3r

Most likely D4rk357.

My best guess is a DNS Amplification Attack, POD (Ping of Death) and / or Slowloris style WebServer attack, perhaps all 3 combined for a higher success rate.

I don't think it's something new even though I can't confirm nor deny it.

Update:
Oh yeah I forgot about UDP and TCP DoS attacks too.  :D

After all if he's not attacking specific services on the target computers, such as
web-servers, dns-servers etc. then he's abusing the functionality of the ICMP, TCP and / or UDP protocols which hardly can't be something new. Just better implemented.
Last edited by MaXe on Wed Sep 15, 2010 4:16 am, edited 1 time in total.
I'm an InterN0T'er
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Thu Sep 16, 2010 10:59 am

Re: Xerxes Video - Th3J35t3r

To me it seems that that there must be an element of a new attack there.  All of the old smurf, fraggle, etc attacks are fairly effective blocked by most modern firewalls.  Jester says that his attack is effective against 90% of the sites on the Internet.  It seems like the majority of the infrastructures would have patched their routers and firewalls to block simple stuff like the smurfs, fraggles, and PODs. 
~~~~~~~~~~~~~~
Ketchup
<<

isoloSpeeds

Post Thu Dec 20, 2012 11:31 pm

Re: Xerxes Video - Th3J35t3r

whoah this blog is excellent i love reading your posts.  Keep up the good work! You know, a lot of people are searching around for this info,  you can help them greatly.

Return to Cyber Warfare

Who is online

Users browsing this forum: No registered users and 2 guests

cron
.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software