search

epsylon / ufonet

UFONet - Denial of Service Toolkit
https://ufonet.03c8.net
2.22k stars 610 forks source link

[Error] - Something wrong testing XML-RPC servers! #43

Closed olea closed 7 years ago

olea commented 7 years ago

This is the session:

$ cd /tmp/
$ git clone https://github.com/epsylon/ufonet.git
Cloning into 'ufonet'...
remote: Counting objects: 229, done.
remote: Total 229 (delta 0), reused 0 (delta 0), pack-reused 229
Receiving objects: 100% (229/229), 528.63 KiB | 321.00 KiB/s, done.
Resolving deltas: 100% (81/81), done.
Checking connectivity... done.
$ cd ufonet
$ ./ufonet --test-rpc
=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - DDoS Botnet via Web Abuse - by psy 

===========================================================================
Are 'plasma' reflectors ready? :-) (XML-RPC Check):
===================================
Trying: 1
---------------------
Searching 'Pingback' on http://smartcows.com/xmlrpc.php

[Error] - Something wrong testing XML-RPC servers!

Traceback (most recent call last):
  File "/tmp/ufonet/core/main.py", line 374, in run
    testrpc = self.testing_rpcs(rpcs)
  File "/tmp/ufonet/core/main.py", line 1839, in testing_rpcs
    rpc_vulnerable, rpc_pingback_url = self.search_rpc(rpc_host)
  File "/tmp/ufonet/core/main.py", line 1819, in search_rpc
    rpc_pingback_url = rpc_host + "/xmlrpc.php"
TypeError: can only concatenate tuple (not "str") to tuple

Maybe I'm lacking some python non documented dependency?

epsylon commented 7 years ago

mmmh I see...

This is related with the 'zombie' (xml-rpc) provided with main package. I think it is deprecated (btw, this wrong exit should be fixed...). Did you tryed with another to discard it?

I will check it (with rest of tasks) and will be updated soon.

Thanks for your support...

epsylon commented 7 years ago

Ok, fixed...

Is just to replace on main.py (L1819): rpc_pingback_url = rpc_host.path + "/xmlrpc.php" To: rpc_pingback_url = str(rpc_host.path) + "/xmlrpc.php"

ventiska% ./ufonet --test-rpc
=========================================================================== 

888     888 8888888888 .d88888b.  888b    888          888    
888     888 888        d88P Y888b 8888b   888          888    
888     888 888       888     888 88888b  888          888    
888     888 8888888   888     888 888Y88b 888  .d88b.  888888 
888     888 888       888     888 888 Y88b888 d8P  Y8b 888    
888     888 888       888     888 888  Y88888 88888888 888    
Y88b. .d88P 888       Y88b. .d88P 888   Y8888 Y8b.     Y88b.  
 'Y88888P'  888        'Y88888P'  888    Y888  'Y8888   'Y8888

UFONet - DDoS Botnet via Web Abuse - by psy 

===========================================================================
Are 'plasma' reflectors ready? :-) (XML-RPC Check):
===================================
Trying: 1
---------------------
Searching 'Pingback' on http://smartcows.com/xmlrpc.php
[Info] Is NOT vulnerable...

[SNIPPED]

`-------------------------------------------------------------------------------

And this confirms that "zombie(xml-rpc)" provided is not longer vulnerable... I will add that fix to next commit.

Thanks!!

epsylon commented 7 years ago

Fix added to latest commit: https://github.com/epsylon/ufonet/commit/a80bee5c495520935f9648488f972172bc8be61c