Preface: I am an undergrad Computer Science student about to graduate but I have little to no experience in web development and PHP in particular. Apologies for lack of familiarity.
Background: I am looking to create a simple DoS vulnerability on my own local PHP server which is running XAMPP on a Linux (18.04) 64-bit virtual box machine. In order to ensure I'm not just boosting CPU usage on the virtual machine by local activity, I am running another virtual machine where I use a Python script along with the "requests" library to request the vulnerable page 10,000 times in a loop. As of right now, the vulnerable page (dos.php) runs a loop where it appends a random number to a list and then echo's the hash of a generic text line which are completely unrelated apart from supposedly being CPU intensive.
Issue: I learned that I could output the memory and CPU usage to the browser (via https://devdojo.com/tutorials/how-to-get-memory-and-cpu-usage-in-php). The problem is that I haven't been able to get the CPU usage on the server above about 4%... Memory sits at roughly 30%. However, I know that I am doing some small piece correctly because I am seeing an increase from 0-1% to that number of 4% but nothing beyond that.
The end goal is to demonstrate a proof-of-concept where I show that a fuzzer (SlowFuzz) can find this vulnerability if pointed at the PHP document. Once I have a DoS vulnerability I plan to write a very simple and intentionally broken function. Something like a loop in which the user defines the upper bound.
Here is a picture of the PHP on dos.php: PHP Code
Thank you in advance for your help! Hope this isn't too silly of a question.