In this article, we will be examining UFONet, "a free software tool designed to test DDoS attacks against a target using 'Open Redirect' vectors on third party web applications like botnet." I will be walking through the steps as if I were going to launch an attack on a host. This open-source botnet is easy to install and run, and it's capable of searching out vulnerable hosts, testing them, cataloging them, running DDoS attacks, and more.
This command tells UFOnet to search for sites containing "proxy.php?url=", using all built-in search engines. Sites containing "proxy.php?url=" may be vulnerable to open redirects. You can also load search strings from a text file with the command:
UFONet – Open Redirect DDoS Tool
Since none of these sites have asked me to test whether or not they are vulnerable to open redirects, I did not check the hosts. If we had selected "Yes," UFONet would have checked the remote hosts ensuring that they are vulnerable to open redirects.
We now have a large list of zombies available to us. Since the hosts provided by the community are not under my control, I cleared the community hosts that I downloaded from my bots list and set up a vulnerable page in a VM (virtual machine). This page is a simple open redirect and belongs in the botnet/zombies.txt file.
Focusing on larger files is not a necessary step, though it may eat more bandwidth from the target site wreaking a bit more havoc. Since my VM consists of two hosted pages, the default Apache page, and the vulnerable open redirect page, this command isn't going to discover anything major. Though, in some cases, you may discover large files. 2ff7e9595c
Comentarios