Blackhole not saving data

Nekai commented 5 years ago

Okay, I just got my blackhole sorta working except it doesn't seem to save anything I upload to it.

Below is the upload from my laptop using my phone as a hotspot, using the external ip, over wan:

OK: 853 Fail: 64
==================

-------------------------

========================
Working 'zombies': 853
========================

Want to update your army? (Y/n)y
-------------------------
[Info] - New 'zombies' found: 970
[Info] - New 'aliens' found : 2
[Info] - New 'droids' found : 41
[Info] - New 'drones' found : 3
[Info] - New 'X-RPCs' found : 252
------------

[Info] - Starting to upload new 'zombies'...

------------

[Info] - Transfer: DONE!. Thanks for your contribution ;-)

Then trying to download them on my desktop from my server, this time from LAN:

Downloading list of 'zombies' from server 10.*.*.* ...

======================

Trying 'blackhole': 10.*.*.*

Vortex: IS READY!
------------

[Info] - Zombies: 0
[Info] - Droids : 0
[Info] - Aliens : 0
[Info] - UCAVs  : 0
[Info] - X-RPCs : 0

[Info] - Congratulations!. Total downloaded: 0
------------

Want to merge ONLY new 'troops' in your army? (Y/n)

As well as using the external IP from my desktop:

Downloading list of 'zombies' from server 73.*.*.* ...

======================

Trying 'blackhole': 73.*.*.*

Vortex: IS READY!
------------

[Info] - Zombies: 0
[Info] - Droids : 0
[Info] - Aliens : 0
[Info] - UCAVs  : 0
[Info] - X-RPCs : 0

[Info] - Congratulations!. Total downloaded: 0
------------

Want to merge ONLY new 'troops' in your army? (Y/n)

and finally the output from the blackhole itself:

...
[BlackRay] Got connection from ('172.*.*.*', 6447)
[BlackRay] Meat ready :  community_rpcs.txt.gz
[Absorber] Got connection from ('172.*.*.*', 6461)
[Eater] Yum... got meat

Any help would be greatly appreciated.

epsylon commented 5 years ago

Hi, Did you created correctly the "temporal zombies transfer zone" on your web-server, as it is indicated at /docs/blackhole.txt? -> https://github.com/epsylon/ufonet/blob/master/docs/blackhole.txt

Looks that your blackhole is correctly recieving data, but something is wrong when downloading. Did you checked if your zombies are correctly uploaded?. Is there at root folder any "community.txt.gz" file (temporal-not cleaned file)?. Can you download zombies from other sources (ex: Community server)?. Are you forcing SSL (--force-ssl)?. Should be nice if you provide a more advanced output, for example, trying a proxy (ex: burp) to see how requests are made.

Nekai commented 5 years ago

I'm not forcing ssl I can download from community

Below is all wireshark traffic between me and the blackhole drawisland 1

below is my /ufonet screenshot at 2018-11-05 12-01-21

Please let me know if you need any more information

Nekai commented 5 years ago

So i realized that the files weren't actually zipped, so below is after zipping them screenshot at 2018-11-05 13-06-57

however i still get nothing found when trying to download

Vortex: IS READY!
------------

[Info] - Zombies: 0
[Info] - Droids : 0
[Info] - Aliens : 0
[Info] - UCAVs  : 0
[Info] - X-RPCs : 0

[Info] - Congratulations!. Total downloaded: 0
------------

Want to merge ONLY new 'troops' in your army? (Y/n)y
-------------------------

[Info] - Botnet updated! ;-)

Nekai commented 5 years ago

An interesting thing to note, the archive manager can't seem to open the archives screenshot at 2018-11-07 15-58-04

epsylon commented 5 years ago

Can you check permissions on that folder (/var/www/ufonet) ?

Nekai commented 5 years ago

They are owned by nyseth and in group nyseth. That's the user running ./ufonet --blackhole

epsylon commented 5 years ago

Ok. Let's keep reviewing it... I have check this command: ./ufonet --down-from=176.28.xx.xx, which is working correctly for Community blackhole and means that if something goes wrong, it is at server side. It is strange that even using local (LAN/WAN) IP, you cannot access to that compressed files. Has the user "write" permissions on that folder? (ex: 20 -rw-r--r-- 1 user user 18395 mar 10 2018 abductions.txt.gz). Is this error happening inmediately... or you need to wait for a timeout? -> [Info] - Congratulations!. Total downloaded: 0 You should have almost 3 processes (threads) running at your system when blackhole is started. Can you check it?. Is there, near blackhole.py executable any "core dumped" file?..

Nekai commented 5 years ago

As far as I can tell it happens immediately. I will check permissions etc. When I get the chance

Nekai commented 5 years ago

All files are -rw-r--r-- 1 nyseth nyseth ...

And there is no core dumped file

epsylon commented 5 years ago

I understand that you are using Apache2 as web-server. Is that correct?. Do you have any logs (access.log/error.log) to check?

Nekai commented 5 years ago

access.log

10.0.0.200 - - [08/Nov/2018:15:14:38 -0500] "GET /ufonet/ HTTP/1.1" 200 811 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:14:39 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:14:41 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:16 -0500] "GET /ufonet/ HTTP/1.1" 200 811 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:16 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:17 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:17 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:18 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:19 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
10.0.0.200 - - [08/Nov/2018:15:17:20 -0500] "GET /ufonet/ HTTP/1.1" 200 810 "-" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.67 Safari/537.36"
107.170.211.100 - - [08/Nov/2018:15:20:35 -0500] "GET / HTTP/1.1" 200 617 "-" "Mozilla/5.0 zgrab/0.x"

error.log


[Thu Nov 08 12:40:16.302841 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/infos.php' not found or unable to stat
[Thu Nov 08 12:40:16.458583 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/x.php' not found or unable to stat
[Thu Nov 08 12:40:16.613554 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/htfr.php' not found or unable to stat
[Thu Nov 08 12:40:16.768198 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/zzk.php' not found or unable to stat
[Thu Nov 08 12:40:16.922669 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/toor.php' not found or unable to stat
[Thu Nov 08 12:40:17.080853 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/uu.php' not found or unable to stat
[Thu Nov 08 12:40:17.236195 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/xiaoma.php' not found or unable to stat
[Thu Nov 08 12:40:17.390209 2018] [php7:error] [pid 3488] [client 46.174.30.68:36550] script '/var/www/xiaomae.php' not found or unable to stat
[Thu Nov 08 12:40:36.444815 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/fack.php' not found or unable to stat
[Thu Nov 08 12:40:36.617841 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/angge.php' not found or unable to stat
[Thu Nov 08 12:40:36.784796 2018] [php7:error] [pid 3064] [client 46.174.30.68:42146] script '/var/www/index.php' not found or unable to stat```

epsylon commented 5 years ago

Not too much stuff related with our tests on that logs. Should be nice if you re-run the tool and confirm at access.log that the requests are correctly processed.

Nekai commented 5 years ago

10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/troops.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/robots.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/drones.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:47 -0500] "GET /ufonet/reflectors.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/abductions.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/troops.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/robots.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/drones.txt.gz HTTP/1.0" 200 286 "-" "Python-urllib/1.17"
10.0.0.200 - - [08/Nov/2018:15:23:55 -0500] "GET /ufonet/reflectors.txt.gz HTTP/1.0" 200 290 "-" "Python-urllib/1.17"

when starting upload and download

epsylon commented 5 years ago

We are using this python lib for file compression tasks: gzip (https://docs.python.org/2/library/gzip.html). Which python version are you using to execute the tool? (is => than 2.7.x)?

Nekai commented 5 years ago

However, nothing on the access.log at this point in the process:

Working 'zombies': 610
========================

Want to update your army? (Y/n)y
-------------------------
[Info] - New 'zombies' found: 742
[Info] - New 'aliens' found : 2
[Info] - New 'droids' found : 41
[Info] - New 'drones' found : 3
[Info] - New 'X-RPCs' found : 160
------------

[Info] - Starting to upload new 'zombies'...

------------

[Info] - Transfer: DONE!. Thanks for your contribution ;-)

epsylon commented 5 years ago

That last log is revealing that the web-server processes are running correctly (+200 OK).

Nekai commented 5 years ago

running 2.7.15 as seen here

┌─[✗]─[root@parrot]─[/var/log/apache2]
└──╼ #python
Python 2.7.15+ (default, Aug 31 2018, 11:56:52)

epsylon commented 5 years ago

Mmmh. Interesting... That can be reveal the source of our problem. UFONet needs almost 2.7.9 to work smothly: https://ufonet.03c8.net/#installation Please, try to upgrade it.

epsylon commented 5 years ago

ops..sorry... I haven't realized that you are using 15+

Nekai commented 5 years ago

Do i still need to upgrade?

epsylon commented 5 years ago

I need to check how gzip lib is implemented for that Python version. Meanwhile, let's research a bit more...

epsylon commented 5 years ago

No. Should be nice with that Python version, but I will check it.

Nekai commented 5 years ago

I am going to be stepping away from my computer for a while, but I will try anything you suggest when I get back. Thanks for the help :)

epsylon commented 5 years ago

Ok. I have it! Next release is implementing a fix for this issue, but code isn't published yet.
BTW, I propose you to try it, directly, editing your code at main:py 1) go to main.py line ~1494 at function downloading_list 2) remove it (or comment it) until line 1524. 3) now add this code:

def downloading_list(self): # add your mirror to protect/share/distribute zombies try: print("Trying 'blackhole': "+self.blackhole+"\n") self.user_agent = random.choice(self.agents).strip() # shuffle user-agent headers = {'User-Agent' : self.user_agent, 'Referer' : self.referer} # set fake user-agent and referer if self.options.forcessl: if self.options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request('https://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req).read() else: req = urllib2.Request('https://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('https://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req, context=self.ctx).read() else: if self.options.proxy: # set proxy self.proxy_transport(options.proxy) req = urllib2.Request('http://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req).read() else: req = urllib2.Request('http://'+self.blackhole+'/ufonet/abductions.txt.gz', None, headers) abductions_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/troops.txt.gz', None, headers) troops_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/robots.txt.gz', None, headers) robots_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/drones.txt.gz', None, headers) drones_reply = urllib2.urlopen(req, context=self.ctx).read() req = urllib2.Request('http://'+self.blackhole+'/ufonet/reflectors.txt.gz', None, headers) reflectors_reply = urllib2.urlopen(req, context=self.ctx).read() f = open('abductions.txt.gz', 'w') f.write(abductions_reply) f.close() f = open('troops.txt.gz', 'w') f.write(troops_reply) f.close() f = open('robots.txt.gz', 'w') f.write(robots_reply) f.close() f = open('drones.txt.gz', 'w') f.write(drones_reply) f.close() f = open('reflectors.txt.gz', 'w') f.write(reflectors_reply) f.close() print("Vortex: IS READY!") Much better substitute python urllib or urrlib2.requests. Please, try this spell..

epsylon commented 5 years ago

The code I pasted hasn't a correct (identation) format. I hope you can manage to build it by yourself. If not, please just tell me and I will provide you a better one using other platform.

Nekai commented 5 years ago

unsure if this was due to my indentation:

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

Nekai commented 5 years ago

Will i need to change the uploading code to urllib2 as well?

Nekai commented 5 years ago

it seems to have just broken the downloads

Nekai commented 5 years ago

This is the community blackhole:

===========================================================================

Downloading list of 'zombies' from server ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

epsylon commented 5 years ago

Well, maybe is too much to tell you to implement a new code like this... btw, it should works as is working at production (Community) server. We can keep trying it..

epsylon commented 5 years ago

Another question. Because of failing test, you should have some residual files after compressing. I mean, those that you provided on a screen previously. Please tell me, can you manually unzip them and see which content they have?. Are just blank files?

Nekai commented 5 years ago

┌─[root@parrot]─[/var/www/ufonet]
└──╼ #ls
abductions.txt  drones.txt      robots.txt  ucavs.txt
aliens.txt      reflectors.txt  troops.txt
┌─[root@parrot]─[/var/www/ufonet]
└──╼ #cat *
┌─[root@parrot]─[/var/www/ufonet]
└──╼ #

Nekai commented 5 years ago

I'm pretty sure my indentation is correct screenshot at 2018-11-09 09-27-53

Aholicknight commented 5 years ago

I noticed that the community blackhole your using is 176.28.23.46. Is that site blocked on your router? To check type that IP into the URL bar.

Nekai commented 5 years ago

@trollmad3 screenshot at 2018-11-09 09-35-32

Aholicknight commented 5 years ago

@Nekai Thanks for the quick reply. The IP is not being blocked from your router, but what is the command you typed to attempt to get the zombies from the blackhole?

Nekai commented 5 years ago

Is it possibly an issue here? on line 1651 in download_list(): it references 'abductions' f_in_abductions = gzip.open(abductions, 'rb') but i don't see where abductions is set screenshot at 2018-11-09 09-38-37

Nekai commented 5 years ago

./ufonet --download-zombies I will try ./ufonet --down-from=176.28.23.46 and see if it's a different result

Aholicknight commented 5 years ago

@Nekai Run the command with -v then post the results here.

Nekai commented 5 years ago

@trollmad3

===========================================================================

Downloading list of 'zombies' from server 176.28.23.46 ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

Aholicknight commented 5 years ago

@Nekai Try the command with -v again, then after the results are done post them here.

Nekai commented 5 years ago

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $./ufonet --down-from=176.28.23.46 -v

                     **                      0===============================================0
                '' '----' ''                 ||                                             ||
             .'_.- ( 00 ) -._'.              ||  * Botnet -> DDoS:                          ||
           .'.'    |'..'|    '.'.            ||                                             ||
    .-.  .' /'--.__|____|__.--'\ '.  .-.     ||      -Zombies : HTTP GET bots               ||
   (O).)-| |  \  x |    |x   /  | |-(.(O)    ||      -Droids  : HTTP GET (+params) bots     ||
    `-'  '-'-._'-./ ---- \.-'_.-'-'  `-'     ||      -Aliens  : HTTP POST bots              ||
       _ | |   '-.___||___.-'   | | _        ||      -UCAVs   : Web Abusing bots            ||
    .' _ | |     |   __   |     | | _ '.     ||      -X-RPCs  : XML-RPC bots                ||
   / .' ''.|     | /____\ |     |.'' '. \    ||                                             ||
   | |(0)| '.    ||__**_ ||    .' |(0)| |    ||  * Close Combat -> DoS:                     ||
   \ '._.'   '.  | \____/ |  .'   '._.' /    ||                                             ||
    '.__ ______'.|__'--'__|.'______ __.'     ||      -LOIC    : Fast HTTP requests          ||
   .'_.-|                          |-._'.    ||      -LORIS   : Slow HTTP requests          ||
                                             ||      -UFOSYN  : TCP SYN flooder             ||
                                             ||                                             ||
    * Class: UFONet - ViPR404 (model C)-     ||  * Featured: Crawler, +CVE, +WAF detection  ||
    * Type: /Scout/Transporter/Warfare/      ||                                             ||
                                             0|=============================================|0

=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - Denial of Service Toolkit - by psy 

===========================================================================

Downloading list of 'zombies' from server 176.28.23.46 ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

Aholicknight commented 5 years ago

@Nekai You did that command wrong. Type this command in> ./ufonet -v --down-from=176.28.23.46

Nekai commented 5 years ago

oh my bad

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v  --down-from=176.28.23.46

                     **                      0===============================================0
                '' '----' ''                 ||                                             ||
             .'_.- ( 00 ) -._'.              ||  * Botnet -> DDoS:                          ||
           .'.'    |'..'|    '.'.            ||                                             ||
    .-.  .' /'--.__|____|__.--'\ '.  .-.     ||      -Zombies : HTTP GET bots               ||
   (O).)-| |  \  x |    |x   /  | |-(.(O)    ||      -Droids  : HTTP GET (+params) bots     ||
    `-'  '-'-._'-./ ---- \.-'_.-'-'  `-'     ||      -Aliens  : HTTP POST bots              ||
       _ | |   '-.___||___.-'   | | _        ||      -UCAVs   : Web Abusing bots            ||
    .' _ | |     |   __   |     | | _ '.     ||      -X-RPCs  : XML-RPC bots                ||
   / .' ''.|     | /____\ |     |.'' '. \    ||                                             ||
   | |(0)| '.    ||__**_ ||    .' |(0)| |    ||  * Close Combat -> DoS:                     ||
   \ '._.'   '.  | \____/ |  .'   '._.' /    ||                                             ||
    '.__ ______'.|__'--'__|.'______ __.'     ||      -LOIC    : Fast HTTP requests          ||
   .'_.-|                          |-._'.    ||      -LORIS   : Slow HTTP requests          ||
                                             ||      -UFOSYN  : TCP SYN flooder             ||
                                             ||                                             ||
    * Class: UFONet - ViPR404 (model C)-     ||  * Featured: Crawler, +CVE, +WAF detection  ||
    * Type: /Scout/Transporter/Warfare/      ||                                             ||
                                             0|=============================================|0

=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - Denial of Service Toolkit - by psy 

===========================================================================

Downloading list of 'zombies' from server 176.28.23.46 ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

real    0m5.921s
user    0m0.929s
sys 0m0.389s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

Nekai commented 5 years ago

oh my bad

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v  --down-from=176.28.23.46

                     **                      0===============================================0
                '' '----' ''                 ||                                             ||
             .'_.- ( 00 ) -._'.              ||  * Botnet -> DDoS:                          ||
           .'.'    |'..'|    '.'.            ||                                             ||
    .-.  .' /'--.__|____|__.--'\ '.  .-.     ||      -Zombies : HTTP GET bots               ||
   (O).)-| |  \  x |    |x   /  | |-(.(O)    ||      -Droids  : HTTP GET (+params) bots     ||
    `-'  '-'-._'-./ ---- \.-'_.-'-'  `-'     ||      -Aliens  : HTTP POST bots              ||
       _ | |   '-.___||___.-'   | | _        ||      -UCAVs   : Web Abusing bots            ||
    .' _ | |     |   __   |     | | _ '.     ||      -X-RPCs  : XML-RPC bots                ||
   / .' ''.|     | /____\ |     |.'' '. \    ||                                             ||
   | |(0)| '.    ||__**_ ||    .' |(0)| |    ||  * Close Combat -> DoS:                     ||
   \ '._.'   '.  | \____/ |  .'   '._.' /    ||                                             ||
    '.__ ______'.|__'--'__|.'______ __.'     ||      -LOIC    : Fast HTTP requests          ||
   .'_.-|                          |-._'.    ||      -LORIS   : Slow HTTP requests          ||
                                             ||      -UFOSYN  : TCP SYN flooder             ||
                                             ||                                             ||
    * Class: UFONet - ViPR404 (model C)-     ||  * Featured: Crawler, +CVE, +WAF detection  ||
    * Type: /Scout/Transporter/Warfare/      ||                                             ||
                                             0|=============================================|0

=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - Denial of Service Toolkit - by psy 

===========================================================================

Downloading list of 'zombies' from server 176.28.23.46 ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

real    0m5.921s
user    0m0.929s
sys 0m0.389s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

and with --download-zombies

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --download-zombies

                     **                      0===============================================0
                '' '----' ''                 ||                                             ||
             .'_.- ( 00 ) -._'.              ||  * Botnet -> DDoS:                          ||
           .'.'    |'..'|    '.'.            ||                                             ||
    .-.  .' /'--.__|____|__.--'\ '.  .-.     ||      -Zombies : HTTP GET bots               ||
   (O).)-| |  \  x |    |x   /  | |-(.(O)    ||      -Droids  : HTTP GET (+params) bots     ||
    `-'  '-'-._'-./ ---- \.-'_.-'-'  `-'     ||      -Aliens  : HTTP POST bots              ||
       _ | |   '-.___||___.-'   | | _        ||      -UCAVs   : Web Abusing bots            ||
    .' _ | |     |   __   |     | | _ '.     ||      -X-RPCs  : XML-RPC bots                ||
   / .' ''.|     | /____\ |     |.'' '. \    ||                                             ||
   | |(0)| '.    ||__**_ ||    .' |(0)| |    ||  * Close Combat -> DoS:                     ||
   \ '._.'   '.  | \____/ |  .'   '._.' /    ||                                             ||
    '.__ ______'.|__'--'__|.'______ __.'     ||      -LOIC    : Fast HTTP requests          ||
   .'_.-|                          |-._'.    ||      -LORIS   : Slow HTTP requests          ||
                                             ||      -UFOSYN  : TCP SYN flooder             ||
                                             ||                                             ||
    * Class: UFONet - ViPR404 (model C)-     ||  * Featured: Crawler, +CVE, +WAF detection  ||
    * Type: /Scout/Transporter/Warfare/      ||                                             ||
                                             0|=============================================|0

=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - Denial of Service Toolkit - by psy 

===========================================================================

Downloading list of 'zombies' from server ...

======================

Trying 'blackhole': 176.28.23.46

Vortex: IS READY!
------------

[Error] - Something wrong downloading!

real    0m8.190s
user    0m0.925s
sys 0m0.395s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

Aholicknight commented 5 years ago

@Nekai [nyseth@parrot]─[~/ufonet] I noticed your not running in root. Can you run it again but this time do this command? sudo ./ufonet -v --download-zombies

Nekai commented 5 years ago

┌─[nyseth@parrot]─[~/ufonet]
└──╼ $time ./ufonet -v --down-from 10.0.*.*

                     **                      0===============================================0
                '' '----' ''                 ||                                             ||
             .'_.- ( 00 ) -._'.              ||  * Botnet -> DDoS:                          ||
           .'.'    |'..'|    '.'.            ||                                             ||
    .-.  .' /'--.__|____|__.--'\ '.  .-.     ||      -Zombies : HTTP GET bots               ||
   (O).)-| |  \  x |    |x   /  | |-(.(O)    ||      -Droids  : HTTP GET (+params) bots     ||
    `-'  '-'-._'-./ ---- \.-'_.-'-'  `-'     ||      -Aliens  : HTTP POST bots              ||
       _ | |   '-.___||___.-'   | | _        ||      -UCAVs   : Web Abusing bots            ||
    .' _ | |     |   __   |     | | _ '.     ||      -X-RPCs  : XML-RPC bots                ||
   / .' ''.|     | /____\ |     |.'' '. \    ||                                             ||
   | |(0)| '.    ||__**_ ||    .' |(0)| |    ||  * Close Combat -> DoS:                     ||
   \ '._.'   '.  | \____/ |  .'   '._.' /    ||                                             ||
    '.__ ______'.|__'--'__|.'______ __.'     ||      -LOIC    : Fast HTTP requests          ||
   .'_.-|                          |-._'.    ||      -LORIS   : Slow HTTP requests          ||
                                             ||      -UFOSYN  : TCP SYN flooder             ||
                                             ||                                             ||
    * Class: UFONet - ViPR404 (model C)-     ||  * Featured: Crawler, +CVE, +WAF detection  ||
    * Type: /Scout/Transporter/Warfare/      ||                                             ||
                                             0|=============================================|0

=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - Denial of Service Toolkit - by psy 

===========================================================================

Downloading list of 'zombies' from server 10.0.*.* ...

======================

Trying 'blackhole': 10.0.*.*

Vortex: FAILED!
------------

[Error] - Unable to download list of 'zombies' from this 'blackhole'. ;(

real    0m0.925s
user    0m0.926s
sys 0m0.372s
┌─[nyseth@parrot]─[~/ufonet]
└──╼ $

Aholicknight commented 5 years ago

@Nekai Run this: sudo ./ufonet -v --download-zombies

Your not running that user in root.

Nekai commented 5 years ago

I saw your comment. I'm running in root and there is considerable hangtime

Nekai commented 5 years ago

I'm still waiting for the command to complete

epsylon / ufonet

Blackhole not saving data #134