View Poll Results: Did you find this useful?
- 3. You may not vote on this poll
Yes, it was very helpful.
It was somewhat helpful.
No, this wasn't helpful.
Bah, you call this a tutorial? Don't quit yer day job...
December 20th, 2001 01:52 PM
DDoS - Litmus, Gt, Subseven, Xot, Evilbot....
One day i was on ICQ and one of my friends sent me a file. Being young and ignorant I accepted the file and proceeded to open it to notice a funny little error message stateing "BOO!". Turns out I opened a backdoor RAT server file my friend made up to have some fun. Later after learning about RAT and other things of the such i enjoyed toying with them. After a long *matter of years* i got into DDoS. I met a person by the handle Zendral, at the time had a pack of friends known as DrugScare. We quickly became friends and he showed me his botnet of subsevens. At the time ive never seen a good botnet but there was over 130 bots there and i was amazed at what they could do to bascily anything he attacked. Later they showed me how they were infecting so many bots.. Via newsgroups. I found this to work very well by gettin a good amount of bots myself (200). After a while of messing and playing with dif. crap i learned that the server file size was basicly the only thing keepin me from getting alot of bots. When i discovered a trojan named LITMUS who a man named DrGreen gave me to further my botnet, I discovered i could infect over 1500 bots in a 2 hours of postin and a night for the victems to be infected. This of course anyone can iamagine is alot of fire power. I later grew tired of being able to drop any connection to come my way and decided it was time to give it up, so i notifyed the friendly IRCOP on the network i was keepin the bots and requested him to kill my botnet. He was of course more then happy to do so knowing that i had so many bots but not knowin where i kept them and begging me dialy to rid his server of them. I have in my time tryed MANY of DDoS windows trojans, such as GLOBAL THREAT, SUBSEVEN, LITMUS, and many many others... But NONE will ever compare to the one i last used.. It is called XOT, a VERY powerfull DDoS program..
I am going to paste the read me file for XOT and the very end of this so that you can all see the power in this little baby...
Why? because it amazes me how much a little 50k file can pack into it...
DDoS is something i doubt we will ever rid of and it is security related so please no flames, we have enough of them on AO and we dont need more..
If you do not like my thread then just leave without makein a message... if you do like it give me AO points and reply with your own comments ;x
with no further delay i give you XOT
Xot v0.5 Beta 2 By: XenoZ
Well here it is, my first open beta version of my irc bot Xot. This bot has a ton of goodies for you script kiddies to play with. But let me warn you Xot is not a friendly channel bot. Xot is an attack bot and can possibly cause alot of damage if one choosed to do so. So basically im not to blame if you successfully take down yahoo.com somehow.
Xot has a main feature which i call DRSS (Dynamic Remote Settings Stub). DRSS is basically important bot settings that are appending at the end of any file you wish to append it to like a .JPG file or a .GIF file. This file that has the settings is then uploaded to a webspace you specify on EditServer and when the server.exe file gets executed on the victem's computer, Xot downloads the settings file periodically at a set interval (interval also specified in EditServer) and Xot syncs the settings in. The major benefits of this feature is that you can change the Irc Server or Channel which your bots idle on _Very_ easyly. The DRSS file is configured in the format of ircd.conf (if you're not familiar with ircd.conf it uses different letter lines like O:lines) when you enter the DRSS file maker program once you type the letter of line you want it will show the parameters to that line.
O-lines are the lines that add the userinfo on users that use your bot. You can have multiple Olines and all parameters for the O-line except for password are allowed to use wildcards.
I-lines are the lines that add the botinfo for the irc server that the bot uses, nickname username realname...
Example: I:@:XenBot:Xenny:W3 0wn j00:firstname.lastname@example.org:Xot
S-lines specify the server, server port and password that the bots will idle on. If there is no password leave the 3nd parameter blank but keep the colon.. (for parsing reasons)
C-lines specify the channel and channel key the bot uses when it connects to the IRC server. if there is no key leave the 2nd parameter blank but keep the colon.. (for parsing reasons)
Heres a nifty little feature that Overlord_45 gave me the idea for. Why not add Client to bot encryption to keep those bot stealers and spyers away? This line gives the bot encryption of for communication. the E-line specifys the Encryption key and the name of the dll file on your webspace which has the Encryption routines. (I included a DLL and mIRC script in the project for this feature). Thanks to Overlord_45 for this idea. thanks to say-tan and Quension and the rest of the RCforge crew for the encryption resources and thanks to Sarin for the script modifications.
The first parameter is your encryption key and the second parameter is the name of the dll (submitted in this package) that is in the _SAME_ directory as your DRSS file.
Format: E:<encryption key>:<DLL name>
N-lines give you the chance to submit a nicklist on you're webspace for the bot to download and use to randomly pick Nickname and Ident. the file data must have nicknames separated with a comma.. No Line Breaks! ... also there is no need to add numbers at the end of nick names in the nick list because when the bot randomly chooses a nickname it tacks on a random 2 digit number at the end. The First and only parameter is the name of the nicklist on the _SAME_ webspace directory as your DRSS file. (a sample nicklist has been given in the package)
Format: N:<name list source NOT A URL>
U-lines give you the chance to upload and run an program unto your bots. This feature is good Updating your bots or just adding a new trojan onto the computer. The first parameter is the URL of the file (you can give it any name any extension) the second parameter is what you want the file to be renamed to on download. (some webspace providers dont accept EXE files so this feature is for that reason.. give the exe file a JPG extension and the second parameter changes it back on download) and the third parameter is 1 or 0, 1 being run on download and 0 begin no run on download...
WARNING: make sure the file doesn't melt on execution other wise the bot will keep downloading it
Format: U:<url without http>:<filename on computer>:<1 or 0>
D-lines takes startup info out and shutsdown the bot.
PASSWORD is password on Server.exe for EditServer.exe
IRC Bot commands: (i'm using "!" as an example prefix)
!say <channel/user> <text to say> - makes the bot say something
!op <channel> <user> - makes the bot op someone
!deop <channel> <user> - makes the bot deop someone
!ban <channel> <hostmask> - makes the bot ban someone
!unban <channel> <hostmask> - makes the bot unban someone
!voice <channel> <user > - makes the bot voice someone
!devoice <channel> <user> - makes the bot devoice someone
!notice <channel/user> <text to say> - makes the bot send a notice
!action <channel/user> <text to say> - makes the bot do an action
!ctcp <channel/user> <ctcp command> - makes the bot ctcp someone
!nick <nickname> - makes the bot change its nickname
!raw <raw IRC command> - makes the bot do a RAW irc command
!id - makes the bot display its tag
!sync - makes the bot resync its DRSS file
!login <password> - logs into the bot
!exec <hide or show> <commandline> - executes a commandline
!ping <address> <packetsize> <times> - ICMP attack
!udp <ip> <packet size> <times> - UDP attack
!igmp <address> <packetsize> <times> <interval> - IGMP attack
!clone <server> <port> <# of clones> - clone attack
!cloneraw <raw IRC command> - send a raw IRC command to the clones
!clonekill - kills all clones
!info - gives computer info of the computer that the bot is on
!botinfo - gives bot version and such
This package comes with an mIRC script and a DLL for the encryption routines.. if you want your bot to communicate encrypted add your E:line with the first parameter as the key and the second parameter as the name of the dll file... Xot.dll ... then upload the dll file and upload the new DRSS settings. then in your mIRC client put Xot.ini and Xot.dll in your mIRC folder and do this in mIRC status... :
/load -rs Xot.ini
then get on your channel and right click the channel window and there should be a Xot submenu.. same thing with querys.
NOTE: XOT.INI ONLY WORKS WITH mIRC 5.9+
this is where we configure the SERVER.exe file to reconize the webspace of which the DRSS file is in.
File Location - the exact website url for your DRSS file
Interval in Min - the interval between DRSS updates
Password - password to read EditServer settings
ID tag - add your own little tag to know whos bots they are. or whatever you want in there.
No Read - this just means if on read should the EditServer read the already appended info or just append more info. (advanced) dont use it unless you know what your doing.
DRSS Config -
this is where you make your DRSS file.. you can append it to anything.. but i would use a GIF file because they are small... or you can use a blank txt file... it doesn't matter
the buttons in DRSS config are self explanatory.. in the memobox all you have to do is type out the letter of line you want and the parameter will automatically appear
Steps On Infection...
1. configure your Server.exe via Editserver.exe
2. Make your DRSS file and Upload it to your specified webspace in Editserver
3. Start infecting
Head Beta Tester/ideas for Development : Overlord_45
mIRC Script Creater/ideas/beta tester : Sarin
I just wanna give shoutouts to everyone at LCIRC (irc.lcirc.net), NetbioM, Overlord_45 , Sarin, DataSpy (good luck on your bot), Ritual33, ZenDraL and the rest of the Drugscare Crew (who infected like more than half of the cable IP range =P ) , RaYmAn (thanks for teachin me the raw UDP.. but i used TNMUDP =P ) , SilenceGold, Ganja51, narf, CyberFly, evilgoat and slim (good luck on your bots),Gwen and anyone else i missed.
P.S. This Version Is Dedicated To Rob And Is Released On His Birthday.. Happy Birthday Rob. -XenoZ and NetbioM
Well thats it for the Beta 2 release...
Expect more goodies in Beta 3 =D
Thanx for readin this post... If you would like to hear mroe about DDoS drop me a line email@example.com
Oh in closing , I made this post to prove that just about anyone can do a good amount of damage over the net with just a little bit of knowlege and a whole lot of spare time ^_^
WKD *The person who DDoSed www.grc.com* IS THE LAMEST **** ALIVE!!!!! common he hex edited evil bot to make it look like he made the trojan to he used to DDoS GRC.com and his irc network with his "wkd bots" has the /oper of /oper wicked realhack that right, the l33t hackers password was "realhack"! -NetBioM
YES this is a re-post to a old post... But i got so many positive replys from it that i am reposting it to allow more to get some info from it and maybe learn something new... No flame please... Keep it positive or if negative at least keep it to a general negativty to DDoS in general ;x