Saturday, October 29, 2011

Complete Guide to #RefRef DDOS tool - Tutorial+Tool download




Hello Friends. Finally @Anonops or the Anonymos group has raised curtains from the most talked about tool in recent few months. Finally the source code has been revealed by the group and the most troubled person will be Mark Zukerberg. Facebook was expecting that this tool will be the prime weapon of #opfacebook .


But I believe Anon have somthing else planned for the social network giants.
Lets concentrate on the latest tool released by Anon.

Here is the complete code in perl. Later on they will release Javascript and Python script as well.

Click here to DOWNLOAD the script.

Well there is an important point to keep in mind while using this tool. This tool cannot be used against any website or any database server. This tool actually uses the SQLi vulnerability of database server and use the servers own resources to bring the website down. MySql is the prime target of this tool. 

Once the downloading is complete, you will need a perl compiler to run the script. You can download it from here.

Once you are done with the installation of perl , you can check weather it is working fine or not. go to command prompt and type the following command

perl -v

You will see lot of information about perl. This will ensure that perl is working fine. Now place the downloaded script in any directory. In my example I have kept it in my d drive.

Now change your working directory to the directory where you saved the script.
Now execute the following command.

perl refref.pl HACK URL




Here Hack URL is the URL you want to target. The URL should be the link that executes some query on the database server.

The URL can be of the form  http://example.com/index.php?id=3443
The below image shows #refref in action.



You can also view this video uploaded by anonymous to show refref in action.




In the next tutorial I will post the javascript version of this tool and we will also analyse the source code closely.

DARKLORD!!

34 comments:

  1. Hey Bro....
    what is that MYSQL vulnerability you are talking about ?

    ReplyDelete
  2. The BENCHMARK() function may be used in a SQL Injection attack to cause a denial of service...
    Mysql Benchmark function...

    ReplyDelete
  3. Can you help me guys?

    If i start an attack it runs for 2 secounds and then says refref hackingalert.blogspot and opens a new comment line. Wepsite is still up and it was not an attack..

    ReplyDelete
  4. very thanks for this tut...
    Do these programs exist for Windows?

    ReplyDelete
  5. Please make sure that the website you are targetting is vulnerable to sqli..As i have said in the tutorial that you just cant target any website using this tool.....

    ReplyDelete
  6. When i tried to attack the site in the video it was not working. Can you give me some example sites?

    ReplyDelete
  7. Hi guys, I have the same problem. I tryed on many websites but it's still doesn't work.

    It runs for 5s and then says "web off" and refref http://hackingalert.blogspot.com.

    Thanks for reading

    ReplyDelete
  8. the site in the video might be patched by now.. There are some websites where I have tried this tool with success. I cant tell in comments. You can drop your mail Id here, I will share some sites. To ease your efforts, first look for a site that has sqli vulnerability, only then use this tool.

    ReplyDelete
    Replies
    1. sir my ref ref says WEB OFF , what can i do?? can you send me site wich is vulnerable ??

      Delete
  9. Send me some websites who're vulernable for this attack :
    Mikepall19@gmail.com

    Thanks and im waiting for yours email.

    ReplyDelete
  10. What's the problem with this web off? How can i fix it?

    ReplyDelete
  11. web off simply mens that either the site is not vulnerable or it is rejecting the datapackets through some firewall. The use of refref is limited..

    ReplyDelete
  12. klopapier0@web.de

    Would be really kind if you could send me as well :>

    ReplyDelete
  13. When im using #refref, server admins can find me by tracking my IP address or... Or something else? What should to be tottaly anonymously 'cause i want to only test this script. Msg me with answer : arek.jekot@gmail.com

    ReplyDelete
  14. yes you cannot use this tool directily..the packets can be traced back..better use proxy :)

    ReplyDelete
  15. @abhinav

    I sent u an email. Read and answer as fast as u can. Thanks for help.

    Mikepall~ here.

    ReplyDelete
  16. How about doing a tutorial on using proxy on RefRef? I'm fairly new to all this dos stuff so be patient as I am trying hard. :>

    ReplyDelete
  17. i want some vulnerable site to test , please =) here my email , amir2665@yahoo.com , i will wait 4 ur email , plss dont make me wait too long !and show me , how to make me untraceable , u r the expert man and i love this blog ! =D thx again =)

    ReplyDelete
  18. is it possible to go throug a link you get from sites like proxify?

    ReplyDelete
  19. I did not quite understand how to run perl -v

    I go to run -> CMd and type in perl -v? That did not work

    Type perl -v into run? Perl is a unreconized file

    ReplyDelete
  20. it means the perl environment variables are not set...check your perl installation again..The other way can be to copy the refref.pl in the bin directory of perl and then execute it from the command line.

    ReplyDelete
  21. Could you please explain to me how to open this, as I'm struggeling hard.

    I download the program. And code.

    I paste the refref.pl into the perl\perl\bin
    I go to CMD...

    now what?

    perl is not recognized as a intern or ekstern commando... etc.

    ReplyDelete
  22. nice, it took me a while, but i got the hang of it. how do you find vulnerable slq sites? because it seemes that it will only work on those...

    ReplyDelete
  23. Hi I seem to have the same problem as many above. It ran for 2 sec, before it said [+] Web Off

    But the website was not down.

    It has a SQL vulnerabillity, I managed to find usernames and passwords easily with the Havij tool. If you want URL pm me ;)

    Thanks for reading, hope you know the solution.

    ReplyDelete
  24. @prayanthem : #refref will work with Mysql databases..there are basically two conditions that needs to be followed..First there should be an sqli vulnerability second it should use the mysql database.. If you look at the perl script closely you will find that #refref uses a vulnerability in Benchmark() function which is a part of mysql database..There are chances that firewall may block the datapackets as well..There are several challenges you will have to figure out while using this tool..I am happy that you finally found a sqli vulnerable site..seems you are learning fast :)

    ReplyDelete
  25. I followed a tutorial on how to install everything, and I'm getting some dmake.exe error after running the tests in command prompt. Someone please help, really frustrated

    ReplyDelete
  26. Thank bro, Work it!

    ReplyDelete
  27. 1. Install Linux
    2. Install Perl
    3. Read the script code source, it's just some lines of perl
    4. Found a target (don't try http://google.fr), you have to find a page with a potential SQL leak (wordpress, CMS ... dont have)

    ReplyDelete
  28. hey the download link to media fire is no longer there plzz can u send me the files as i love to use it as im part of annon well in aus im holding a million mask rally and one other dos attack but need a good one and powerfull i dont know how to p[ing

    ReplyDelete
  29. Yea, download link for the script is gone. And @Annonymous-0xide, you don't know how to ping?? Ping (Insertwebsitenamehere.com)

    ReplyDelete
  30. check http://www.canada.ru
    It definitely has a SQL vulnerabillity

    ReplyDelete
  31. Perl online training|Perl training|call us+919000444287 ...
    www.21cssindia.com/courses/perl-online-training-36.html
    Perl Online Training, Perl Scripting online training by real time Experts from Hyderabad, India. Call 9000444287 for online training demo. Online Perl training ...

    ReplyDelete