Hello Friends. Finally @Anonops or the Anonymos group has raised curtains from the most talked about tool in recent few months. Finally the source code has been revealed by the group and the most troubled person will be Mark Zukerberg. Facebook was expecting that this tool will be the prime weapon of #opfacebook .
But I believe Anon have somthing else planned for the social network giants.
Lets concentrate on the latest tool released by Anon.
Here is the complete code in perl. Later on they will release Javascript and Python script as well.
Click here to DOWNLOAD the script.
Well there is an important point to keep in mind while using this tool. This tool cannot be used against any website or any database server. This tool actually uses the SQLi vulnerability of database server and use the servers own resources to bring the website down. MySql is the prime target of this tool.
Once the downloading is complete, you will need a perl compiler to run the script. You can download it from here.
Once you are done with the installation of perl , you can check weather it is working fine or not. go to command prompt and type the following command
perl -v
You will see lot of information about perl. This will ensure that perl is working fine. Now place the downloaded script in any directory. In my example I have kept it in my d drive.
Now change your working directory to the directory where you saved the script.
Now execute the following command.
perl refref.pl HACK URL
Here Hack URL is the URL you want to target. The URL should be the link that executes some query on the database server.
The URL can be of the form http://example.com/index.php?id=3443
The below image shows #refref in action.
You can also view this video uploaded by anonymous to show refref in action.
In the next tutorial I will post the javascript version of this tool and we will also analyse the source code closely.
DARKLORD!!
Hey Bro....
ReplyDeletewhat is that MYSQL vulnerability you are talking about ?
The BENCHMARK() function may be used in a SQL Injection attack to cause a denial of service...
ReplyDeleteMysql Benchmark function...
Thank you Abhinav.
ReplyDeletesrinivas
ReplyDeletenice tut.. thank u
Can you help me guys?
ReplyDeleteIf i start an attack it runs for 2 secounds and then says refref hackingalert.blogspot and opens a new comment line. Wepsite is still up and it was not an attack..
very thanks for this tut...
ReplyDeleteDo these programs exist for Windows?
Please make sure that the website you are targetting is vulnerable to sqli..As i have said in the tutorial that you just cant target any website using this tool.....
ReplyDeleteWhen i tried to attack the site in the video it was not working. Can you give me some example sites?
ReplyDeleteHi guys, I have the same problem. I tryed on many websites but it's still doesn't work.
ReplyDeleteIt runs for 5s and then says "web off" and refref http://hackingalert.blogspot.com.
Thanks for reading
the site in the video might be patched by now.. There are some websites where I have tried this tool with success. I cant tell in comments. You can drop your mail Id here, I will share some sites. To ease your efforts, first look for a site that has sqli vulnerability, only then use this tool.
ReplyDeletesir my ref ref says WEB OFF , what can i do?? can you send me site wich is vulnerable ??
DeleteSend me some websites who're vulernable for this attack :
ReplyDeleteMikepall19@gmail.com
Thanks and im waiting for yours email.
What's the problem with this web off? How can i fix it?
ReplyDeleteweb off simply mens that either the site is not vulnerable or it is rejecting the datapackets through some firewall. The use of refref is limited..
ReplyDeleteklopapier0@web.de
ReplyDeleteWould be really kind if you could send me as well :>
When im using #refref, server admins can find me by tracking my IP address or... Or something else? What should to be tottaly anonymously 'cause i want to only test this script. Msg me with answer : arek.jekot@gmail.com
ReplyDeleteyes you cannot use this tool directily..the packets can be traced back..better use proxy :)
ReplyDelete@abhinav
ReplyDeleteI sent u an email. Read and answer as fast as u can. Thanks for help.
Mikepall~ here.
How about doing a tutorial on using proxy on RefRef? I'm fairly new to all this dos stuff so be patient as I am trying hard. :>
ReplyDeletei want some vulnerable site to test , please =) here my email , amir2665@yahoo.com , i will wait 4 ur email , plss dont make me wait too long !and show me , how to make me untraceable , u r the expert man and i love this blog ! =D thx again =)
ReplyDeleteis it possible to go throug a link you get from sites like proxify?
ReplyDeleteI did not quite understand how to run perl -v
ReplyDeleteI go to run -> CMd and type in perl -v? That did not work
Type perl -v into run? Perl is a unreconized file
it means the perl environment variables are not set...check your perl installation again..The other way can be to copy the refref.pl in the bin directory of perl and then execute it from the command line.
ReplyDeleteCould you please explain to me how to open this, as I'm struggeling hard.
ReplyDeleteI download the program. And code.
I paste the refref.pl into the perl\perl\bin
I go to CMD...
now what?
perl is not recognized as a intern or ekstern commando... etc.
nice, it took me a while, but i got the hang of it. how do you find vulnerable slq sites? because it seemes that it will only work on those...
ReplyDeleteHi I seem to have the same problem as many above. It ran for 2 sec, before it said [+] Web Off
ReplyDeleteBut the website was not down.
It has a SQL vulnerabillity, I managed to find usernames and passwords easily with the Havij tool. If you want URL pm me ;)
Thanks for reading, hope you know the solution.
@prayanthem : #refref will work with Mysql databases..there are basically two conditions that needs to be followed..First there should be an sqli vulnerability second it should use the mysql database.. If you look at the perl script closely you will find that #refref uses a vulnerability in Benchmark() function which is a part of mysql database..There are chances that firewall may block the datapackets as well..There are several challenges you will have to figure out while using this tool..I am happy that you finally found a sqli vulnerable site..seems you are learning fast :)
ReplyDeleteI followed a tutorial on how to install everything, and I'm getting some dmake.exe error after running the tests in command prompt. Someone please help, really frustrated
ReplyDeleteThank bro, Work it!
ReplyDelete1. Install Linux
ReplyDelete2. Install Perl
3. Read the script code source, it's just some lines of perl
4. Found a target (don't try http://google.fr), you have to find a page with a potential SQL leak (wordpress, CMS ... dont have)