Closed Nekai closed 5 years ago
Hi, Did you created correctly the "temporal zombies transfer zone" on your web-server, as it is indicated at /docs/blackhole.txt? -> https://github.com/epsylon/ufonet/blob/master/docs/blackhole.txt
Looks that your blackhole is correctly recieving data, but something is wrong when downloading. Did you checked if your zombies are correctly uploaded?. Is there at root folder any "community.txt.gz" file (temporal-not cleaned file)?. Can you download zombies from other sources (ex: Community server)?. Are you forcing SSL (--force-ssl)?. Should be nice if you provide a more advanced output, for example, trying a proxy (ex: burp) to see how requests are made.
I'm not forcing ssl I can download from community
Below is all wireshark traffic between me and the blackhole
below is my /ufonet
Please let me know if you need any more information
So i realized that the files weren't actually zipped, so below is after zipping them
however i still get nothing found when trying to download
Vortex: IS READY!
------------
[Info] - Zombies: 0
[Info] - Droids : 0
[Info] - Aliens : 0
[Info] - UCAVs : 0
[Info] - X-RPCs : 0
[Info] - Congratulations!. Total downloaded: 0
------------
Want to merge ONLY new 'troops' in your army? (Y/n)y
-------------------------
[Info] - Botnet updated! ;-)
An interesting thing to note, the archive manager can't seem to open the archives
Can you check permissions on that folder (/var/www/ufonet) ?
They are owned by nyseth and in group nyseth. That's the user running ./ufonet --blackhole
Ok. Let's keep reviewing it... I have check this command: ./ufonet --down-from=176.28.xx.xx, which is working correctly for Community blackhole and means that if something goes wrong, it is at server side. It is strange that even using local (LAN/WAN) IP, you cannot access to that compressed files. Has the user "write" permissions on that folder? (ex: 20 -rw-r--r-- 1 user user 18395 mar 10 2018 abductions.txt.gz). Is this error happening inmediately... or you need to wait for a timeout? -> [Info] - Congratulations!. Total downloaded: 0 You should have almost 3 processes (threads) running at your system when blackhole is started. Can you check it?. Is there, near blackhole.py executable any "core dumped" file?..
As far as I can tell it happens immediately. I will check permissions etc. When I get the chance
All files are -rw-r--r-- 1 nyseth nyseth ...
And there is no core dumped file
I understand that you are using Apache2 as web-server. Is that correct?. Do you have any logs (access.log/error.log) to check?
access.log
10.0.0.200 - - [08/Nov/2018:15:14:38 -0500] "GET /ufonet/ HTTP/1.1" 200 811 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:14:39 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:14:41 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:16 -0500] "GET /ufonet/ HTTP/1.1" 200 811 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:16 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:17 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:17 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:18 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:19 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:20 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
107.170.211.100 - - [08/Nov/2018:15:20:35 -0500] "GET / HTTP/1.1" 200 617 "-" "Mozilla/5.0 zgrab/0.x"
error.log
[Thu Nov 08 12:40:16.302841 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/infos.php' not found or unable to stat
[Thu Nov 08 12:40:16.458583 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/x.php' not found or unable to stat
[Thu Nov 08 12:40:16.613554 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/htfr.php' not found or unable to stat
[Thu Nov 08 12:40:16.768198 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/zzk.php' not found or unable to stat
[Thu Nov 08 12:40:16.922669 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/toor.php' not found or unable to stat
[Thu Nov 08 12:40:17.080853 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/uu.php' not found or unable to stat
[Thu Nov 08 12:40:17.236195 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/xiaoma.php' not found or unable to stat
[Thu Nov 08 12:40:17.390209 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/xiaomae.php' not found or unable to stat
[Thu Nov 08 12:40:36.444815 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/fack.php' not found or unable to stat
[Thu Nov 08 12:40:36.617841 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/angge.php' not found or unable to stat
[Thu Nov 08 12:40:36.784796 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/index.php' not found or unable to stat```
Not too much stuff related with our tests on that logs. Should be nice if you re-run the tool and confirm at access.log that the requests are correctly processed.
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/troops.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/robots.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/drones.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/reflectors.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/abductions.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/troops.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/robots.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/drones.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/reflectors.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"
when starting upload and download
We are using this python lib for file compression tasks: gzip (https://docs.python.org/2/library/gzip.html). Which python version are you using to execute the tool? (is => than 2.7.x)?
However, nothing on the access.log at this point in the process:
Working 'zombies': 610
========================
Want to update your army? (Y/n)y
-------------------------
[Info] - New 'zombies' found: 742
[Info] - New 'aliens' found : 2
[Info] - New 'droids' found : 41
[Info] - New 'drones' found : 3
[Info] - New 'X-RPCs' found : 160
------------
[Info] - Starting to upload new 'zombies'...
------------
[Info] - Transfer: DONE!. Thanks for your contribution ;-)
That last log is revealing that the web-server processes are running correctly (+200 OK).
running 2.7.15 as seen here
┌─[✗]─[root@parrot]─[/var/log/apache2]
└──╼ #python
Python 2.7.15+ (default, Aug 31 2018, 11:56:52)
Mmmh. Interesting... That can be reveal the source of our problem. UFONet needs almost 2.7.9 to work smothly: https://ufonet.03c8.net/#installation Please, try to upgrade it.
ops..sorry... I haven't realized that you are using 15+
Do i still need to upgrade?
I need to check how gzip lib is implemented for that Python version. Meanwhile, let's research a bit more...
No. Should be nice with that Python version, but I will check it.
I am going to be stepping away from my computer for a while, but I will try anything you suggest when I get back. Thanks for the help :)
Ok. I have it!
Next release is implementing a fix for this issue, but code isn't published yet.
BTW, I propose you to try it, directly, editing your code at main:py
1) go to main.py line ~1494 at function downloading_list
2) remove it (or comment it) until line 1524.
3) now add this code:
def downloading_list(self): # add your mirror to protect/share/distribute zombies try: print("Trying 'blackhole': "+self.blackhole+"\n") self.user_agent = random.choice(self.agents).strip() # shuffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer if self.options.forcessl: if self.options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request('https://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req).read() else: req = urllib2.Request('https://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req, context=self.ctx).read() else: if self.options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request('http://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req).read() else: req = urllib2.Request('http://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req, context=self.ctx).read() f = open('abductions.txt.gz', 'w') f.write(abductions_reply) f.close() f = open('troops.txt.gz', 'w') f.write(troops_reply) f.close() f = open('robots.txt.gz', 'w') f.write(robots_reply) f.close() f = open('drones.txt.gz', 'w') f.write(drones_reply) f.close() f = open('reflectors.txt.gz', 'w') f.write(reflectors_reply) f.close() print("Vortex: IS READY!") Much better substitute python urllib or urrlib2.requests. Please, try this spell..
The code I pasted hasn't a correct (identation) format. I hope you can manage to build it by yourself. If not, please just tell me and I will provide you a better one using other platform.
unsure if this was due to my indentation:
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
Will i need to change the uploading code to urllib2 as well?
it seems to have just broken the downloads
This is the community blackhole:
===========================================================================
Downloading list of 'zombies' from server ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
Well, maybe is too much to tell you to implement a new code like this... btw, it should works as is working at production (Community) server. We can keep trying it..
Another question. Because of failing test, you should have some residual files after compressing. I mean, those that you provided on a screen previously. Please tell me, can you manually unzip them and see which content they have?. Are just blank files?
┌─[root@parrot]─[/var/www/ufonet]
└──╼ #ls
abductions.txt drones.txt robots.txt ucavs.txt
aliens.txt reflectors.txt troops.txt
┌─[root@parrot]─[/var/www/ufonet]
└──╼ #cat *
┌─[root@parrot]─[/var/www/ufonet]
└──╼ #
I'm pretty sure my indentation is correct
I noticed that the community blackhole your using is 176.28.23.46
. Is that site blocked on your router? To check type that IP into the URL bar.
@trollmad3
@Nekai Thanks for the quick reply. The IP is not being blocked from your router, but what is the command you typed to attempt to get the zombies from the blackhole?
Is it possibly an issue here? on line 1651 in download_list():
it references 'abductions' f_in_abductions = gzip.open(abductions, 'rb')
but i don't see where abductions
is set
./ufonet --download-zombies
I will try ./ufonet --down-from=176.28.23.46
and see if it's a different result
@Nekai Run the command with -v
then post the results here.
@trollmad3
===========================================================================
Downloading list of 'zombies' from server 176.28.23.46 ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
@Nekai Try the command with -v
again, then after the results are done post them here.
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $./ufonet --down-from=176.28.23.46 -v
** 0===============================================0
'' '----' '' || ||
.'_.- ( 00 ) -._'. || * Botnet -> DDoS: ||
.'.' |'..'| '.'. || ||
.-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||
(O).)-| | \ x | |x / | |-(.(O) || -Droids : HTTP GET (+params) bots ||
`-' '-'-._'-./ ---- \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||
_ | | '-.___||___.-' | | _ || -UCAVs : Web Abusing bots ||
.' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||
/ .' ''.| | /____\ | |.'' '. \ || ||
| |(0)| '. ||__**_ || .' |(0)| | || * Close Combat -> DoS: ||
\ '._.' '. | \____/ | .' '._.' / || ||
'.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||
.'_.-| |-._'. || -LORIS : Slow HTTP requests ||
|| -UFOSYN : TCP SYN flooder ||
|| ||
* Class: UFONet - ViPR404 (model C)- || * Featured: Crawler, +CVE, +WAF detection ||
* Type: /Scout/Transporter/Warfare/ || ||
0|=============================================|0
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - Denial of Service Toolkit - by psy
===========================================================================
Downloading list of 'zombies' from server 176.28.23.46 ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
@Nekai You did that command wrong. Type this command in>
./ufonet -v --down-from=176.28.23.46
oh my bad
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --down-from=176.28.23.46
** 0===============================================0
'' '----' '' || ||
.'_.- ( 00 ) -._'. || * Botnet -> DDoS: ||
.'.' |'..'| '.'. || ||
.-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||
(O).)-| | \ x | |x / | |-(.(O) || -Droids : HTTP GET (+params) bots ||
`-' '-'-._'-./ ---- \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||
_ | | '-.___||___.-' | | _ || -UCAVs : Web Abusing bots ||
.' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||
/ .' ''.| | /____\ | |.'' '. \ || ||
| |(0)| '. ||__**_ || .' |(0)| | || * Close Combat -> DoS: ||
\ '._.' '. | \____/ | .' '._.' / || ||
'.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||
.'_.-| |-._'. || -LORIS : Slow HTTP requests ||
|| -UFOSYN : TCP SYN flooder ||
|| ||
* Class: UFONet - ViPR404 (model C)- || * Featured: Crawler, +CVE, +WAF detection ||
* Type: /Scout/Transporter/Warfare/ || ||
0|=============================================|0
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - Denial of Service Toolkit - by psy
===========================================================================
Downloading list of 'zombies' from server 176.28.23.46 ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
real 0m5.921s
user 0m0.929s
sys 0m0.389s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
oh my bad
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --down-from=176.28.23.46
** 0===============================================0
'' '----' '' || ||
.'_.- ( 00 ) -._'. || * Botnet -> DDoS: ||
.'.' |'..'| '.'. || ||
.-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||
(O).)-| | \ x | |x / | |-(.(O) || -Droids : HTTP GET (+params) bots ||
`-' '-'-._'-./ ---- \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||
_ | | '-.___||___.-' | | _ || -UCAVs : Web Abusing bots ||
.' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||
/ .' ''.| | /____\ | |.'' '. \ || ||
| |(0)| '. ||__**_ || .' |(0)| | || * Close Combat -> DoS: ||
\ '._.' '. | \____/ | .' '._.' / || ||
'.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||
.'_.-| |-._'. || -LORIS : Slow HTTP requests ||
|| -UFOSYN : TCP SYN flooder ||
|| ||
* Class: UFONet - ViPR404 (model C)- || * Featured: Crawler, +CVE, +WAF detection ||
* Type: /Scout/Transporter/Warfare/ || ||
0|=============================================|0
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - Denial of Service Toolkit - by psy
===========================================================================
Downloading list of 'zombies' from server 176.28.23.46 ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
real 0m5.921s
user 0m0.929s
sys 0m0.389s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
and with --download-zombies
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --download-zombies
** 0===============================================0
'' '----' '' || ||
.'_.- ( 00 ) -._'. || * Botnet -> DDoS: ||
.'.' |'..'| '.'. || ||
.-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||
(O).)-| | \ x | |x / | |-(.(O) || -Droids : HTTP GET (+params) bots ||
`-' '-'-._'-./ ---- \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||
_ | | '-.___||___.-' | | _ || -UCAVs : Web Abusing bots ||
.' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||
/ .' ''.| | /____\ | |.'' '. \ || ||
| |(0)| '. ||__**_ || .' |(0)| | || * Close Combat -> DoS: ||
\ '._.' '. | \____/ | .' '._.' / || ||
'.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||
.'_.-| |-._'. || -LORIS : Slow HTTP requests ||
|| -UFOSYN : TCP SYN flooder ||
|| ||
* Class: UFONet - ViPR404 (model C)- || * Featured: Crawler, +CVE, +WAF detection ||
* Type: /Scout/Transporter/Warfare/ || ||
0|=============================================|0
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - Denial of Service Toolkit - by psy
===========================================================================
Downloading list of 'zombies' from server ...
======================
Trying 'blackhole': 176.28.23.46
Vortex: IS READY!
------------
[Error] - Something wrong downloading!
real 0m8.190s
user 0m0.925s
sys 0m0.395s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
@Nekai [nyseth@parrot]─[~/ufonet]
I noticed your not running in root. Can you run it again but this time do this command?
sudo ./ufonet -v --download-zombies
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --down-from 10.0.*.*
** 0===============================================0
'' '----' '' || ||
.'_.- ( 00 ) -._'. || * Botnet -> DDoS: ||
.'.' |'..'| '.'. || ||
.-. .' /'--.__|____|__.--'\ '. .-. || -Zombies : HTTP GET bots ||
(O).)-| | \ x | |x / | |-(.(O) || -Droids : HTTP GET (+params) bots ||
`-' '-'-._'-./ ---- \.-'_.-'-' `-' || -Aliens : HTTP POST bots ||
_ | | '-.___||___.-' | | _ || -UCAVs : Web Abusing bots ||
.' _ | | | __ | | | _ '. || -X-RPCs : XML-RPC bots ||
/ .' ''.| | /____\ | |.'' '. \ || ||
| |(0)| '. ||__**_ || .' |(0)| | || * Close Combat -> DoS: ||
\ '._.' '. | \____/ | .' '._.' / || ||
'.__ ______'.|__'--'__|.'______ __.' || -LOIC : Fast HTTP requests ||
.'_.-| |-._'. || -LORIS : Slow HTTP requests ||
|| -UFOSYN : TCP SYN flooder ||
|| ||
* Class: UFONet - ViPR404 (model C)- || * Featured: Crawler, +CVE, +WAF detection ||
* Type: /Scout/Transporter/Warfare/ || ||
0|=============================================|0
===========================================================================
888 888 8888888888 .d88888b. 888b 888 888
888 888 888 d88P Y888b 8888b 888 888
888 888 888 888 888 88888b 888 888
888 888 8888888 888 888 888Y88b 888 .d88b. 888888
888 888 888 888 888 888 Y88b888 d8P Y8b 888
888 888 888 888 888 888 Y88888 88888888 888
Y88b. .d88P 888 Y88b. .d88P 888 Y8888 Y8b. Y88b.
'Y88888P' 888 'Y88888P' 888 Y888 'Y8888 'Y8888
UFONet - Denial of Service Toolkit - by psy
===========================================================================
Downloading list of 'zombies' from server 10.0.*.* ...
======================
Trying 'blackhole': 10.0.*.*
Vortex: FAILED!
------------
[Error] - Unable to download list of 'zombies' from this 'blackhole'. ;(
real 0m0.925s
user 0m0.926s
sys 0m0.372s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $
@Nekai Run this:
sudo ./ufonet -v --download-zombies
Your not running that user in root.
I saw your comment. I'm running in root and there is considerable hangtime
I'm still waiting for the command to complete
Okay, I just got my blackhole sorta working except it doesn't seem to save anything I upload to it.
Below is the upload from my laptop using my phone as a hotspot, using the external ip, over wan:
Then trying to download them on my desktop from my server, this time from LAN:
As well as using the external IP from my desktop:
and finally the output from the blackhole itself:
Any help would be greatly appreciated.