.

Botnet design and construction (legal, read inside)

<<

Thaorius

Newbie
Newbie

Posts: 3

Joined: Wed Aug 05, 2009 2:17 am

Post Wed Aug 05, 2009 2:52 am

Botnet design and construction (legal, read inside)

Hi, I'm new here, so let me tell you a couple things about me before hands. I am, plain and simply, a black hatter(as in Blackhat SEO), so my morals and ethics tend to "bend" when there is money in the middle, however, I'm also a programmer at hearth and I'm not into illegal things (I would not have registered with my usual nickname if I were to use any information on the site for illegal purposes to begin with).

So, the thing is, I'll be needing to control a relatively large amount of computers (corporate offices of mine with a total of about 100 computers) with mixed operative systems(mostly windows and linux).

I want to use this computers for a particular purpose, server testing (not to be confused with any kind of DDoS). For instance, right now I have an small project in hands and in order to take it to the next stage I need to know how much traffic my server can take per second(all those apache processes spawning as fast as I can say fork! running a Zend Framework based application can't be light weight) so I won't have any costly downtime. I figured if I have 100 computers doing the test, I should get fairly accurate stats.

Now, you might wonder, why does he need a botnet when a simple bash script calling a few curl instances should be enough, or a simple threaded socket app. The answer is, I don't, it's personal curiosity mostly. Botnets have always attracted my attention.

So, I figured I would kill 3 birds with one stone. I would design a world-class botnet(taking away the usual spam, ddos and related functionality as I'm mainly interested in the network communication and effective control and command authorization), I would get accurate stats on server capacity(or redundant servers arrays for that matter), and I would learn a new programming language(thinking of Python or Ruby).

I have been reading quite a lot about redundant networks and distributed protocols such as the edonkey protocol, xmmp, irc(somewhat), etc. I'm pretty sure however, that you guys could probably recommend me a few good books or articles online.

On the programming language, in a real world scenario, I would probably want to write it in C/C++(language in which I'm a "native", so to speak) simply because the final executable must be small; however, I have decided to allow for a bigger executable "baggage" in order to program it in a new language.

Speaking of the language, I'm leaning towards Python, however, I do not wish to learn an old version of Python(2.x) since it's just destined to slow, imminent death now that Py3k is out but Py3k is so new there are basically no libs or support for pretty much anything for it; so I would probably be better off waiting 6 months or so before learning Py3k. So this means Ruby, so I looked at the syntax, etc. It doesn't quite fit me, but that's probably because I'm mainly used to program in C++/PHP, and ruby introduces a myriad of new concepts.

So, I would appreciate any feedback you could have, recommendations, good reads, etc.

Thanks for your time,
T.
Last edited by Thaorius on Wed Aug 05, 2009 3:00 am, edited 1 time in total.
<<

Thaorius

Newbie
Newbie

Posts: 3

Joined: Wed Aug 05, 2009 2:17 am

Post Fri Aug 07, 2009 5:19 pm

Re: Botnet design and construction (legal, read inside)

Common guys, someone, please, give me a hand.
<<

Ketchup

User avatar

Hero Member
Hero Member

Posts: 1021

Joined: Fri Jul 04, 2008 7:44 pm

Location: Philadelphia, PA

Post Sat Aug 08, 2009 8:12 am

Re: Botnet design and construction (legal, read inside)

As far as I understand, a botnet is just an elaborate client-server application.  Clients and server communicate, passing commands back and forth.  Whenever I write client server apps, I usually do all my communication in XML format.  It's very easy to parse and there are quite a few classes written in C/C++ that make this easy.  So, to sort of answer you question, I would look into client-server programming books to get you started.  Make sure you understand socket programming in C/C++. 

You would basically have a small curl app that sends requests to your app.  That small curl app would be multiplied and distributed to many many machines.  Then you have a server app that controls all them and tells them what to do. 
~~~~~~~~~~~~~~
Ketchup
<<

UNIX

User avatar

Hero Member
Hero Member

Posts: 1244

Joined: Mon Apr 28, 2008 9:20 am

Post Sat Aug 08, 2009 9:44 am

Re: Botnet design and construction (legal, read inside)

Hello and welcome to EH-Net, Thaorius.

The only book I am aware of which if focusing on botnets is Botnets: The Killer Web App (Amazon-Link). This should give you at least an overview of botnets.

You will hardly find any other books or public resources which offer specific details on botnets. Some other books I read cover botnets too (e.g. those about honeypots) but only as a side-chapter and not in detail.

Also, depending on the machines and network infrastructure, you maybe won't get reasonable results, as usually botnets are much bigger than 100 pcs. Especially if the network was equipped with appropriate hardware and designed well-thought you shouldn't be able to harm it with 100 computers.
I assume that the project you mentioned is for your work where I would further assume that your employee won't be happy if he knows what you are going to do (respectively the way you want to achieve this).

When you have good programming skills it shouldn't be hard to build a botnet not only because the concept is very easy to understand. As recommended already by Ketchup, you have to study network programming and networking generally in detail.

In terms of the programming language - it really doesn't matter. Use whatever you like. Depending on your seriousness about it you may have to use more than one languages anyway, e.g. C++ for the framework, Assembler for some protection stuff and obfuscation (which would maybe not be needed in your scenario), php and css for a web-interface, sql for communication with database etc.
Both Python and Ruby have their advantages and disadvantages, however, both are definitely capable for a PoC botnet.
<<

Thaorius

Newbie
Newbie

Posts: 3

Joined: Wed Aug 05, 2009 2:17 am

Post Sun Aug 09, 2009 3:41 pm

Re: Botnet design and construction (legal, read inside)

I have a considerable amount of experience in general, embed and web programming and networks. My main concern is how to design a network that can re-shape itself, and at the same time not be shutdownable (meaning,it doesn't know of any other sibling) without using "master" servers for obvious reasons.

I'll read that book as soon as I can.

For now, I'm looking into the freenet project, which is the closest thing so far. I could just "connect" the peers, and have them perform hourly searchs on the network for encoded resources, which would be normal things like images, chunks of text, etc with embed messages, which would be RSA(or similar) encrypted. Looks like a good model to me, but I'm not convinced just yet.

About the 100 computer thing, yes, it is true that they are unlikely to take down a server, however, if I can get 2 hits per second per computer, that means, a sustained 200 hits per second, which means the server can take 17.280.000 hits per day. Honestly, I doubt my apache will be able to fork() 200 times without degrading the quality of service by a big factor.
So yes, I see it as a very practical way to test load :).

And no, employees can't be angry, I'll be including in their contracts that their workstations will be monitored and the unused resources in them will be put to good use.

Any other advise appreciated :).

See you.

Return to Malware

Who is online

Users browsing this forum: No registered users and 1 guest

.
Powered by phpBB® Forum Software © phpBB Group.
Designed by ST Software