This is default featured slide 1 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 2 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 3 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 4 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

This is default featured slide 5 title

Go to Blogger edit html and find these sentences.Now replace these sentences with your own descriptions.

Showing posts with label DDoS attacks. Show all posts
Showing posts with label DDoS attacks. Show all posts

Wreckuests - Tool to run DDoS atacks with HTTP-flood

June 21, 2017  , , , , , , , ,  


Wreckuests is a script, which allows you to run DDoS attacks with HTTP-flood(GET/POST). It's written in pure Python and uses proxy-servers as "bots". OF COURSE, this script is not universal and you can't just drop Pentagon/NSA/whatever website with one mouse click. Each attack is unique, and for each website you'll gonna need to search for vulnerabilities and exult them, which might result in hardcoding, nosleeping, etc... Yeap, this is your dirty and ungrateful part of job.
⚠️ Warning: This script is published for educational purposes only! Author will accept no responsibility for any consequence, damage or loss which might result from use.

Features
  • Cache bypass with random ?abcd=efg parameter
  • CloudFlare detection and notification of
  • Automatic gzip/deflate toggling
  • HTTP Authentication bypass
  • UserAgent substitution
  • Referers randomizer
  • HTTP proxy support

Dependencies

Installation
This is so easy to install Wreckuests just in one command. Isn't it?

Ubuntu 16.04
apt-get update && apt-get dist-upgrade && apt-get install python3 && apt-get install python3-pip && pip3 install --upgrade pip && pip3 install requests && pip3 install netaddr
Note: pip3 may install requests 2.9.1. Just run pip3 install --upgrade requests to upgrade requests to the latest version.

Usage
Type under sudo mode:
python3 wreckuests.py -v <target url> -a <login:pass> -t <timeout>


Possible parameters:
-h or --help:
Prints a message with possible parameters.
-v or --victim:
Specifies a link to the victim's site page. It could be the website's main page, someone's profile, .php-file or even image. Everything that has a lot of weight or is hard for server to give. The choice is yours.
-a or --auth:
Parameter for bypassing authentication. You'r victim could enable basic HTTP authentication and his website will ask you to enter login and password in popup window. Victim may previously publish login and password data for his users in VK/FB/Twitter and whatever social network.
-t or --timeout(defalut: 10):
Parameter to control connection'n'read timeout. This option also controls terminating time. Note: if you set timeout=1 or somewhere about 2-3 seconds, the slow(but still working) proxies will not have any time to even connect to your victim's website and will not even hit it. If you still do not understand how it works - do not change this option. Also, this parameter regulates the intensiveness of requests you sending. So, if you sure your proxies are fast enough - you can reduce this value. Use this accordingly.

Important
A separate thread is created for each proxy address. The more proxies you use - the more threads you create. So, please, do not use way too much proxies. Otherwise, the script may exit abnormaly by meeting segmentation fault.


Read More

WarChild - Denial of Service Testing Suite

May 10, 2017  , , , , , , , , , , , , ,  


Warchild is a denial of service testing suite made for analysing the strength of your website against different kinds of denial of service attacks you will be facing which are mainly organised by crooks to cause damage to your website.


Installation
For Installing the required modules just run the following command in your terminal :) 

                 pip install -r requirements.txt

Use
python warchild.py

Overview
This Denial Of Service suite comprises of the following features :
  1. CloudBust :- Cloudbust a.k.a AETHON is a cloudflare resolver that looks into the cloudflare protected website for misconfigured DNS configuration basically uses dnsdumpster.com as its resolver :)and identifies the backend IP of the website. We will add more updates in upcoming time.

  2. HTTP Flood :- HTTP Flood is a type of Denial of Service attack in which the attacker manipulates HTTP and POST unwanted requests in order to attack a web server or application. In an HTTP flood, the HTTP clients such as web browser interact with an application
    or server to send HTTP requests. The aim of the attack is when to compel the server to allocate as many resources as possible to serving the attack thus denying legitimate users access to the server's resources. ALISA is a http d.o.s tool written in such a way to suck all of the website's resources and is a layer 7 D.O.S tool.


  3. TCP SYN Flood :- A SYN flood is a form of denial-of-service attack in which an attacker sends a succession of SYN requests to a target's system in
    an attempt to consume enough server resources to make the system unresponsive to legitimate traffic.

  4. UDP Flood :- A UDP flood attack is a denial-of-service (DoS) attack using the User Datagram Protocol (UDP), a sessionless/connectionless computer networking protocol.

Author
Souhardya Sardar is an independent security analyst and programmer who loves to break things in order to secure them. Github :- github.com/Souhardya


Read More

FalconGate - A smart gateway to stop hackers and Malware attacks

March 24, 2017  , , , , , , , , , , , , , , , , , ,  


A smart gateway to stop hackers, Malware and more...

Motivation
Cyber attacks are on the raise. Hacker and cyber criminals are continuously improving their methods and building new tools and Malware with the purpose of hacking your network, spying on you and stealing valuable data. Recently a new business model has become popular among hackers: the use of Ransomware to encrypt your data and ask for a ransom to unlock it. These attacks have extended also to the Internet of Things (IoT) devices since many of them are vulnerable by design and hackers can leverage them to compromise other devices in your network or launch DDoS attacks towards other targets. Traditionally securing a network against such attacks has been an expensive item which could be afforded just by medium to large companies. With FalconGate we're aiming to change this and bring "out of the box" security for free to people, small businesses and anyone else in need.

Features
FalconGate is an open source smart gateway which can protect your home devices against hackers, Malware like Ransomeware and other threats. It detects and alerts on hacker intrusions on your home network as well as other devices misbehaving and attacking targets within your network or in the Internet.
Currently FalconGate is able to:
  • Block several types of Malware based on open source blacklists (see detailed list in file intel-sources.md )
  • Block Malware using the Tor network
  • Detect and report potential Malware DNS requests based on VirusTotal reports
  • Detect and report the presence of Malware executables and other components based on VirusTotal reports
  • Detect and report Domain Generation Algorithm (DGA) Malware patterns
  • Detect and report on Malware spamming activity
  • Detect and report on internal and outbound port scans
  • Report details of all new devices connected to your network
  • Block ads based on open source lists
  • Monitor a custom list of personal or family accounts used in online services for public reports of hacking

Getting Started
FalconGate was built on top of other open source software so it has multiple dependencies which must be configured correctly for it to work. The fastest way to get FalconGate up and running is to deploy one of the supported system images from our downloads page .

Supported Platforms
Currently FalconGate has been successfully tested and implemented on Raspberry Pi (RPi 2 model B) and Banana Pi (BPI-M2+) using Raspian Jessie Lite as base image.
Jessie Lite for RPi
Jessie Lite for BPi
It should be compatible with other Debian ARM images as well but this has not been tested yet.

Prerequisites
FalconGate has a number of software dependencies:
  • Bro IDS
  • Python 2.7
  • Nginx
  • Dnsmasq
  • Exim
  • PHP
It depends also on several Python modules (see requirements.txt file for details)

Other dependencies
The devices's malware detection can be enhanced with the utilization of VirusTotal's personal free API
Currently FalconGate uses have i been pwned public API to detect whether credentials and/or other data from personal accounts have been stolen by hackers from third party sites.

Deploying FalconGate from a supported image
This is the fastest way to get FalconGate up and running in your network.
  • Download the correct system image for your device from the downloads page .
  • Extract the image to a folder in your computer.
  • Write the image to your SD card.
You can use the guides below as reference for Raspberry Pi:
Linux
Mac OS
Windows
  • Insert the SD card in your device and plug it to any available ethernet port in your router.
  • Power on your device and wait few minutes until it will acquire the correct configuration for your network.
  • Login to your router and disable its DHCP server function
  • Login to FalconGate's web app and configure the email address(es) to be used as recipients for alerts and your VirusTotal API key 
https://[FalconGate IP address]
Username: admin
Password: falcongate
Usually FalconGate will assign to its administration interface an IP ending in ".2" (e.g. 192.168.0.2) which is derived from the network's gateway IP Change the default password after the first logon to the application
  • Navigate to the "Configuration" page and fill in the correct fields
This configuration it's not mandatory but highly desired if you want to unleash FalconGate's full power. In order to obtain a free VirusTotal API key you must register at ( https://www.virustotal.com/ ).

Installing FalconGate from source
Follow the steps below to configure your device and install FalconGate from this repository.
  • Download and install the OS image to your Raspberry Pi or Banana Pi device
This is well documented in multiple sources out there.
  • Connect to your device via SSH 
$ ssh pi@<IP assigned to your RPi>
  • Install Git if you don't have it yet 
$ sudo apt-get update
$ sudo apt-get install git
  • Clone FalconGate's repository to a local folder 
$ cd /opt
$ sudo git clone https://github.com/A3sal0n/FalconGate.git
  • Run the installation script inside FalconGate's folder 
$ cd FalconGate/
$ sudo python install.py
Now you can go for a walk and prepare a coffee or any other beverage of your choice because the installation usually takes some time. The script will print the progress to the console.
The script should finish without issues if you're using the supported platforms. If you're attempting to install FalconGate experimentally to a new hardware platform/OS and you get some errors during the installation you could try to correct the issues manually and continue to execute the steps listed in the installation script.
  • Login to your router and disable its DHCP server function
FalconGate was designed to work connected to a router over ethernet. It does not replaces the functions of your router. Instead it becomes a layer of security between your devices and your router. Disabling your router's DHCP allows FalconGate to become the new gateway for all the devices connected to the same router in your VLAN.
  • Reboot your device to apply all the configuration changes
  • Login to FalconGate's web app and configure the email address(es) to be used as recipients for alerts and your VirusTotal API key

Deployment
Some important considerations to keep in mind when deploying FalconGate to a real environment: home or production network.
  • Change the default SSH password in your Raspberry Pi or Banana Pi devices
  • Regenerate the openssh-server certificates for SSH encryption

Limitations
Currently the RPi 2 model B and the Banana Pi M2+ have both a single ethernet interface so the traffic forwarding in the gateway it's done using this single interface. This has an impact in networks with fast Internet connection (e.g. > 50Mb/s). However it's still good enough for the home networks of many people's and even some small businesses.


Read More

LOIC 1.0.8 (Low Orbit Ion Cannon) - A network stress testing application

December 13, 2014  , , , , , , ,  


Low Orbit Ion Cannon (LOIC) is an open source network stress testing and denial-of-service attack application, written in C#. LOIC was initially developed by Praetox Technologies, but was later released into the public domain, and now is hosted on several open source platforms.

LOIC performs a denial-of-service (DoS) attack (or when used by multiple individuals, a DDoS attack) on a target site by flooding the server with TCP or UDP packets with the intention of disrupting the service of a particular host. People have used LOIC to join voluntary botnets. The software inspired the creation of an independent JavaScript version called JS LOIC, as well as LOIC-derived web version called Low Orbit Web Cannon. These enable a DoS from a web browser.


Read More

UFONet - DDoS attacks via Web Abuse (XSS/CSRF)

September 22, 2014  , , , , , , , ,  


UFONet - is a tool designed to launch DDoS attacks against a target, using 'Open Redirect' vectors on third party web applications, like botnet.

See this links for more info:
- CWE-601:Open Redirect
- OWASP:URL Redirector Abuse


Main features: 
--version             show program's version number and exit
  -v, --verbose         active verbose on requests
  --check-tor           check to see if Tor is used properly
  --update              check for latest stable version

  *Configure Request(s)*:
    --proxy=PROXY       Use proxy server (tor: http://localhost:8118)
    --user-agent=AGENT  Use another HTTP User-Agent header (default SPOOFED)
    --referer=REFERER   Use another HTTP Referer header (default SPOOFED)
    --host=HOST         Use another HTTP Host header (default NONE)
    --xforw             Set your HTTP X-Forwarded-For with random IP values
    --xclient           Set your HTTP X-Client-IP with random IP values
    --timeout=TIMEOUT   Select your timeout (default 30)
    --retries=RETRIES   Retries when the connection timeouts (default 1)
    --delay=DELAY       Delay in seconds between each HTTP request (default 0)

  *Manage Botnet*:
    -s SEARCH           Search 'zombies' on google (ex: -s 'proxy.php?url=')
    --sn=NUM_RESULTS    Set max number of result to search (default 10)
    -t TEST             Test list of web 'zombie' servers (ex: -t zombies.txt)

  *Configure Attack(s)*:
    -r ROUNDS           Set number of 'rounds' for the attack (default: 1)
    -b PLACE            Set a place to 'bit' on target (ex: -b /path/big.jpg)
    -a TARGET           Start a Web DDoS attack (ex: -a http(s)://target.com)


Read More

[DAVOSET] Tool for conducting DDoS attacks

January 07, 2014  , , , , ,  

DAVOSET – it is console (command line) tool for conducting DDoS attacks on the sites via Abuse of Functionality vulnerabilities at other sites.

Changelog v1.1.5
  • Added error handler in GetCookie().
  • Added new services into lists of zombies.
  • Removed non-working services from lists of zombies.
Usage
1. Start the program: davoset.pl
2. Enter URL of the site to attack: Site: http://site
3. Get the site attacked via your list of zombie-servers.
Or from command line: 
perl davoset.pl u=http://site
perl davoset.pl u=http://site l=list.txt m=1 c=100

Read More
Subscribe to: Posts (Atom)