Saturday, October 29, 2011

Complete Guide to #RefRef DDOS tool - Tutorial+Tool download

Hello Friends. Finally @Anonops or the Anonymos group has raised curtains from the most talked about tool in recent few months. Finally the source code has been revealed by the group and the most troubled person will be Mark Zukerberg. Facebook was expecting that this tool will be the prime weapon of #opfacebook .

But I believe Anon have somthing else planned for the social network giants.
Lets concentrate on the latest tool released by Anon.

Here is the complete code in perl. Later on they will release Javascript and Python script as well.

Click here to DOWNLOAD the script.

Well there is an important point to keep in mind while using this tool. This tool cannot be used against any website or any database server. This tool actually uses the SQLi vulnerability of database server and use the servers own resources to bring the website down. MySql is the prime target of this tool. 

Once the downloading is complete, you will need a perl compiler to run the script. You can download it from here.

Once you are done with the installation of perl , you can check weather it is working fine or not. go to command prompt and type the following command

perl -v

You will see lot of information about perl. This will ensure that perl is working fine. Now place the downloaded script in any directory. In my example I have kept it in my d drive.

Now change your working directory to the directory where you saved the script.
Now execute the following command.


Here Hack URL is the URL you want to target. The URL should be the link that executes some query on the database server.

The URL can be of the form
The below image shows #refref in action.

You can also view this video uploaded by anonymous to show refref in action.

In the next tutorial I will post the javascript version of this tool and we will also analyse the source code closely.



  1. Hey Bro....
    what is that MYSQL vulnerability you are talking about ?

  2. The BENCHMARK() function may be used in a SQL Injection attack to cause a denial of service...
    Mysql Benchmark function...

  3. Can you help me guys?

    If i start an attack it runs for 2 secounds and then says refref hackingalert.blogspot and opens a new comment line. Wepsite is still up and it was not an attack..

  4. very thanks for this tut...
    Do these programs exist for Windows?

  5. Please make sure that the website you are targetting is vulnerable to sqli..As i have said in the tutorial that you just cant target any website using this tool.....

  6. When i tried to attack the site in the video it was not working. Can you give me some example sites?

  7. Hi guys, I have the same problem. I tryed on many websites but it's still doesn't work.

    It runs for 5s and then says "web off" and refref

    Thanks for reading

  8. the site in the video might be patched by now.. There are some websites where I have tried this tool with success. I cant tell in comments. You can drop your mail Id here, I will share some sites. To ease your efforts, first look for a site that has sqli vulnerability, only then use this tool.

    1. sir my ref ref says WEB OFF , what can i do?? can you send me site wich is vulnerable ??

  9. Send me some websites who're vulernable for this attack :

    Thanks and im waiting for yours email.

  10. What's the problem with this web off? How can i fix it?

  11. web off simply mens that either the site is not vulnerable or it is rejecting the datapackets through some firewall. The use of refref is limited..


    Would be really kind if you could send me as well :>

  13. When im using #refref, server admins can find me by tracking my IP address or... Or something else? What should to be tottaly anonymously 'cause i want to only test this script. Msg me with answer :

  14. yes you cannot use this tool directily..the packets can be traced back..better use proxy :)

  15. @abhinav

    I sent u an email. Read and answer as fast as u can. Thanks for help.

    Mikepall~ here.

  16. How about doing a tutorial on using proxy on RefRef? I'm fairly new to all this dos stuff so be patient as I am trying hard. :>

  17. i want some vulnerable site to test , please =) here my email , , i will wait 4 ur email , plss dont make me wait too long !and show me , how to make me untraceable , u r the expert man and i love this blog ! =D thx again =)

  18. is it possible to go throug a link you get from sites like proxify?

  19. I did not quite understand how to run perl -v

    I go to run -> CMd and type in perl -v? That did not work

    Type perl -v into run? Perl is a unreconized file

  20. it means the perl environment variables are not set...check your perl installation again..The other way can be to copy the in the bin directory of perl and then execute it from the command line.

  21. Could you please explain to me how to open this, as I'm struggeling hard.

    I download the program. And code.

    I paste the into the perl\perl\bin
    I go to CMD...

    now what?

    perl is not recognized as a intern or ekstern commando... etc.

  22. nice, it took me a while, but i got the hang of it. how do you find vulnerable slq sites? because it seemes that it will only work on those...

  23. Hi I seem to have the same problem as many above. It ran for 2 sec, before it said [+] Web Off

    But the website was not down.

    It has a SQL vulnerabillity, I managed to find usernames and passwords easily with the Havij tool. If you want URL pm me ;)

    Thanks for reading, hope you know the solution.

  24. @prayanthem : #refref will work with Mysql databases..there are basically two conditions that needs to be followed..First there should be an sqli vulnerability second it should use the mysql database.. If you look at the perl script closely you will find that #refref uses a vulnerability in Benchmark() function which is a part of mysql database..There are chances that firewall may block the datapackets as well..There are several challenges you will have to figure out while using this tool..I am happy that you finally found a sqli vulnerable site..seems you are learning fast :)

  25. I followed a tutorial on how to install everything, and I'm getting some dmake.exe error after running the tests in command prompt. Someone please help, really frustrated

  26. Thank bro, Work it!

  27. 1. Install Linux
    2. Install Perl
    3. Read the script code source, it's just some lines of perl
    4. Found a target (don't try, you have to find a page with a potential SQL leak (wordpress, CMS ... dont have)

  28. hey the download link to media fire is no longer there plzz can u send me the files as i love to use it as im part of annon well in aus im holding a million mask rally and one other dos attack but need a good one and powerfull i dont know how to p[ing

  29. Yea, download link for the script is gone. And @Annonymous-0xide, you don't know how to ping?? Ping (

  30. check
    It definitely has a SQL vulnerabillity

  31. Perl online training|Perl training|call us+919000444287 ...
    Perl Online Training, Perl Scripting online training by real time Experts from Hyderabad, India. Call 9000444287 for online training demo. Online Perl training ...

  32. thanks for your information
    For more information click here:
    hacking course in hyderabad