Re: DDoS attacks via other sites execution tool

["MustLive" <mustlive () websecurity com ua>]

Hello psy!

I'm glad that you liked DOVOSET. And I'm glad that you liked my articles,
including those old articles about attacks via redirectors (Redirectors'
hell and Hellfire for redirectors).

Such attacks can be used together with XSS holes. So it can be useful for
your tool. Specially for using with your UFONet - to use XSS holes with
looped redirectors to conduct more powerful DDoS attacks - I released
advisory about Denial of Service vulnerabilities WordPress at 27.06.2013.
Any redirector at any web site or any redirector service can be used with
XSS vulnerabilities to conduct DDoS attack via UFONet.

> Curiously, I posted a tool written in python the same day. It is called:
> UFONet

I made my tool already in 2010. That time I made an announcement of the
tool, where I described DAVOSET and its effectiveness, but didn't release
the tool. I made it private and gave it only to one security researcher, who
wanted to look at it. I didn't want to give such kind of attacking tool to
script kiddies (to prevent mass attacks, because there were a lot such Abuse
of Functionality vulnerabilities in Internet, since 2007 when I start
finding them and presented in zombies-lists with my tool). But because for
three years people continue to ignore such holes and almost nobody fixed
such holes (just few most serious ones, and even Yahoo lamerly ignored for a
long time such hole in their Babelfish and in 2012 just lamerly closed it),
so I decided to release it publicly in June 2013.

> My idea now, is to work the detection of new 'zombies' by crawlering
> techniques and increase the "strike" capability requests.

Good ideas. But concerning automated searching XSS holes by crawlering.
It'll be already XSS scanner, not just attacking tool for using existent
vulnerabilities, and it'll give a lot of power to an attacker. No need for
him to find XSS holes, your tool will do everything for him ;-). Just enter
target site and UFONet will do all the work (find a lot of zombies and
attack the target with all of them), so be careful with such functionality.

> I have seen that your tool doesn't allows the use of proxies. It may be
> interesting to add that functionality.

Thanks for suggestion. I've added it to ToDo - in addition to all my ideas
(which I have a lot). The reason, why I've not done it earlier and was
not planning, is simple - DAVOSET is using other sites as proxies for
conducting DoS attacks. So target sites after received DDoS attacks from
multiple zombie sites will be seeing in logs only Google, W3C and other
sites/IPs. So proxying is part of attack :-). But for paranoids, who worry
that admins on zombie-sites will give their logs to admins of victim-sites
(or not admins, but special services), then additional proxy will be good
solution (and I'll add proxy support in the future).

> + Video: http://vimeo.com/68772290

I've seen your video. And I wrote you feedback about video and some feedback
about UFONet last month. And will write more feedback soon.

Keep working on your software. Concerning your release of v.0.2. Think about 
making more detailed changelog (not just mention concerning release of new 
version, but with detailed description of changes).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message ----- 
From: "psy" <root () lordepsylon net>
To: "MustLive" <mustlive () websecurity com ua>
Cc: <full-disclosure () lists grok org uk>; <websecurity () lists webappsec org>
Sent: Wednesday, June 19, 2013 10:25 PM
Subject: Re: [Full-disclosure] DDoS attacks via other sites execution tool


> Hi,
>
> On 18/06/13 22:50, MustLive wrote:
> > Hello participants of Mailing List.
> >
> > If you haven't read my article (written in 2010 and last week I wrote
> > about
> > it to WASC list) Advantages of attacks on sites with using other sites
> > (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2013-June/008846.html),
> >
> > feel free to do it. In this article I reminded you about using of the
> > sites
> > for attacks on other sites
> > (http://lists.grok.org.uk/pipermail/full-disclosure/2010-June/075384.html),
> > DDoS attacks via other sites execution tool (DAVOSET)
> > (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006832.html),
> >
> > sending spam via sites and creating spam-botnets
> > (http://lists.webappsec.org/pipermail/websecurity_lists.webappsec.org/2010-July/006863.html)
> >
> > and wrote about advantages of attacks on sites with using other sites.
>
> I have read the articles and they are very interesting, for example, the
> "hell" redirection. This kind of web abuse can be very powerful.
>
> Nice work! ;-)
>
> > Last week I've published online my DDoS attacks via other sites execution
> > tool (http://websecurity.com.ua/davoset/). It's tool for conducting
> > of DDoS attacks via Abuse of Functionality vulnerabilities on the sites,
> > which I've made in 2010. Description and changelog on English are
> > presented
> > at my site. Where you can get my DAVOSET v.1.0.5 (made at 18.07.2010).
>
> Curiously, I posted a tool written in python the same day. It is called:
> UFONet
>
> http://ufonet.sf.net
>
> At first, I designed a module for XSSer (http://xsser.sf.net) to use XFS
> found on third-party, on the direction of DoS attacks. But, I decided
> that best thing was to create a unique tool, because of the interesting
> subject.
>
> My idea now, is to work the detection of new 'zombies' by crawlering
> techniques and increase the "strike" capability requests.
>
> I have thought for example, that may be is interesting to obtain the
> images, flash movies, etc., like a benchmarking process on the target,
> to pass to the 'zombies' the places heavier on the site and do a more
> effective attack.
>
> > This is the last version of my DAVOSET. After that I've stopped its
> > development. But now I am planning to continue development of the
> > software
> > and to release new versions (I'll release v.1.0.6 today).
>
> I have seen that your tool doesn't allows the use of proxies. It may be
> interesting to add that functionality.
>
> > For three years I was holding this tool privately, but now released it
> > for
> > free access. So everyone can test Abuse of Functionality vulnerabilities
> > at
> > multiple web sites - like Google's sites, W3C and many others, which were
> > informed by me many times during many years (I was informing admins of
> > web
> > sites about such vulnerabilities since 2007), but ignored and don't want
> > to
> > fix these holes for a long time, and for example Google continued to
> > create
> > new services with Abuse of Functionality and Insufficient Anti-automation
> > vulnerabilities, which can be used for such DoS and DDoS attacks.
>
> I would like to propose that we work together. I'm sure that the
> community would appreciate our agreement on a single line of development.
>
> Thank you very much for publish your research.
>
> A greeting.
>
> psy 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/