The following steps demonstrate the use of Metasploit to perform Dos attacks:

1. Prior to using Metasploit auxiliary modules to perform DoS testing, we will need to identify what DoS modules are available. The relevant modules can be identified by browsing through the Metasploit directory tree:

2. By browsing to the /modules/auxiliary/dos directory, we can see the various categories of DoS modules. In the example provided, we have browsed to the directory that contains Windows HTTP denial-of-service exploits:

3. The vulnerability allows remote unauthenticated attackers to force the IIS server to become unresponsive until the IIS service is restarted manually by the administrator. It is required that active server pages are hosted by the IIS and that an ASP script reads out a post form value.
4. To read the script from top to bottom, we should use the cat command on the file and then pipe the output to the more utility. The top part of the script describes the vulnerability that it exploits and the conditions that must exist for a system to be vulnerable. We can also identify potential DoS exploits within the Metasploit Framework Console. To access this, type msfconsole in a Terminal:

5. Once it's opened, the search command can be used in conjunction with a search term to identify the potential exploits to use:

6. In the example provided, the search term dos was used to query the database. A series of auxiliary DoS modules was returned, and the relative path for each was included. This relative path can be used to narrow down the search results:

7. After querying the relative path of /dos/windows/smb, the only results that are returned are the DoS modules in this directory. The directories are well organized and can be used to effectively search for exploits that pertain to a particular platform or service. Once we decide which exploit to use, we can select it with the use command and the relative path of the module:

8. Once the module has been selected, the show options command can be used to identify and/or modify scan configurations. This command will display four column headers: Name, Current Setting, Required, and Description:
   • The Name column identifies the name of each configurable variable.
   • The Current Setting column lists the existing configuration for any given variable.
   • The Required column identifies whether a value is required for any given variable.
   • The Description column describes the function of each variable. The value for any given variable can be changed using the set command and by providing the new value as an argument:

9. In the example provided, the RHOST value was changed to the IP address of the remote system that we wish to scan. After updating the necessary variables, the configurations can be verified using the show options command again. Once the desired configurations have been verified, the module can be launched with the run command:

10. After executing the Metasploit DoS auxiliary module, a series of messages is returned to indicate that a series of malicious SMB transactions have been performed, and a final message indicating that the module execution completed is returned. The success of the exploit can be verified by referring back to the Windows XP system, which has crashed and now displays a BSOD: