How I managed to make a DDoS attack by exploiting a company’s service — Bug Bounty
Hello Hackers, I’m MrEmpy, I’m 17 years old and welcome. Today I’m going to tell you about an event that happened to me while I was exploring a service from a company.
Let’s start, I chose a company to try to find any flaws, I started by getting subdomains of the target and validating them to see if they were still active, but I started exploring one of the main subdomains where I had the client part. The company offered a website monitoring service, I started testing this application and made a port forwarding with ngrok to use it when choosing which website would be monitored. I tried to explore server-side request forgery (SSRF) but it didn’t work very well, I kept looking for loopholes and trying to understand the application behind the scenes.
Looking at the requests made on my web server, I saw that it wasn’t just a host that monitored my server but several other hosts from different countries, so I started scanning the ports of each host but they didn’t have any interesting ports to explore, so trying to find SSRF was useless.
After a few minutes my server was full of requests being made very fast and I was surprised at the speed they were using to monitor my web server, that’s how I thought of trying to exploit a distributed denial of service attack.
This is what was happening with my server (after testing with ngrok I used interactsh). Another detail that I noticed is that a host could be monitored using several other accounts, there was no block to monitor a host that was already being monitored and that was the key for the attack to work because that way I could make the other servers make more requests faster than usual.
With just a few screenshots and a detailed walkthrough I sent a report to the company. After a few days I receive a message saying that I would have to show that it was possible to take down a service to be accepted, I confess that I started to get sad because I imagined that I would not be able to demonstrate the impact.
I created a VPS on a website, set up the web server and a home HTML page, and created multiple accounts to monitor the same target to speed up the request process. On a simple HTML page it was not possible to diagnose slowness, and again I started to get sad but I still had hope of being able to do something, it was then that I remembered about an article explaining a denial of service attack that said that if the request was made in file with many bytes on a web server, the transfer of data on the network would be so intense that it could lead to a slowdown on the server, as there would be a lot of data being sent to several different computers creating several threads and making the processor work more and more . I put this into practice and created a file and filled it with a few bytes as if it were a file to be passed to another computer (like a ZIP file). I recorded it from the beginning of the attack to send along with my new message to the report.
AND YES, I MANAGED TO TAKE DOWN MY OWN WEB SERVER. — YEEEEEEEEEEEEAAAAAAAAAHHHHHH OOWWWOOOOOOOOOOOWWW. I screamed as I saw my server crashing LOL. The feeling was very good, luckily the video I had recorded was without sound because otherwise I would be ashamed of it LOOOLL. I replied to the message along with the video attached and after a few days my report was marked and accepted.
Everything went well and I had my report accepted, I remember this event as if it were yesterday. I just want to say one thing, never give up on your dream because only those who can make it come true and you, if you stop, no one will continue for you so believe me you will make it, I will root for all of you to have the same experience as mine .
Thanks to everyone who read my story.
A big hug,
- MrEmpy
