Creating a BotNet

Hello all! :D


A month ago this website I use was down for a few days. The owner contacted us saying they were "DDoSed". I knew nothing about the term so I googled it and read, and read and read and read. I became very interested and wanted to try "DoSing" someone myself, knowing one person can't do anything I figured 'hey, what's the harm?' So I downloaded a port scanner, and udp/syn/http flooder. I was very sure one person can't do anything to a website without a botnet or a group of people DoSing at the same time, but I was interested nonetheless. I figured I wouldn't be able to down a website but maybe bring a friend offline - I told him what I was going to do and he gave me his IP and I took a shot at it, failed. I knew I needed more people. That was the end of it for me, I forgot all about this and moved on with my life.

On monday, I was minding my own business on IRC and someone spoke of DoSing and I told him everything I knew because the guy was clueless lol, he had spoken of which port to attack with his SYN flooder to down a website and I told him it was wasting his time without a botnet. He obviously replied "HOW CAN I BOTNET LOL!" I told him a botnet was out of reach for him (I am sure they have to be created, not downloaded). So 20 minutes later someone I know and don't really like messaged me saying "botnets are possible faggot" and boom, I was offline. I netstat'd and I had a bunch of incoming SYN requests. I was being SYN flooded. So I got offline for a few hours. I was angrier than I'd ever been. I told some friends and they linked me this:

http://partyvan.info/index.php/Botnet

I did EVERYTHING that guide asked, and at the VERY end. TsunamiOverHost.exe wouldn't work. Scratch what I said earlier about being the angriest, NOW I was angry.


I seen a year+ old post on here where someone had a guide to a botnet with a bunch of dead links, so I decided to make my own thread.


I am interested in creating a Botnet. I need some help, I am not lazy and I'm willing to be patient, learn, and read. I will look myself if you provide me with a name of a program or something that will help me. I will work as hard as I can, I NEED to do this.


And before I start over on creating a botnet, is there anyway to carry on with what I've done? All I'm missing is TsunamiOverHost and it's like NOWHERE on the internet besides that website.


I am willing to paypal someone a few dollars if they'd like, for helping me of course.

I hope I put this in the right forum >.<



Thank you all, for helping a fellow human out ^.^

Where are you hosting off of? If you are using a free host to run TsunamiOverhost, it's most likely not gonna work. Free hosts disable many of the functions needed for it to work, like fsockopen(). Also, a widespread botnet tool like TsunamiOverhost can probably be detected by the webserver and your account will be terminated. This is evident even more so on a paid host.

If I were you, I'd either use RFI to get on another site's server and go from there, or install WAMP on your own PC and run it off of there.

Well, let me show you what I get when I try and open it TsunamiOverHost.exe

[IMG]http://img*56.imageshack.us/img*56/*557/2***6246*7252kv8.png[/IMG]



Also, the host I am using is drivehq, and I am having problems giving "777" permission Update.txt to begin with lol..


DriveHQ is like the only free host that supports ftp ><

Like I said, you have two choices really. A free host won't work for a botnet **% of the time.

You can either host off your own PC using WAMP, or you can try to hack into a server and use it for yourself.

Can you please elaborate a little bit? I'd LOVE to do that. Because DriveHQ is sorta pissing me off, not letting me edit this. I notice you said you used TsunamiOverHost in another thread, I let out a sigh in relief lol.. Do you use WAMP for your Tsunami? Also, looking for WAMP now, will it require me to use an FTP client to connect to it? Like flashfxp, filezilla, etc.


On top of that, how can I solve my TsunamiOverHost.exe problem?

WAMP is just a collection of Apache webserver, PHP, and MySQL in one. It lets you easily start up a webserver on your computer. Find more details here.

[url]http://www.wampserver.com/en/[/url]

And no, WAMP will be running on your own computer, so you don't need FTP, lol.

I am the admin of my computer, why do I get that message when I open up Tsunami? You think my copy may be corrupt?

What message are you getting? Can you post a screenshot?

[url]http://img*56.imageshack.us/img*56/*557/2***6246*7252kv8.png[/url]



does that link work for ya? I tried [IMG] tagging like I usually do but they were thrown off, dunno why.


Update: Yeah if I try to open TsunamiOverHost.exe or any DoS tool that I got from this ([url]http://rapidshare.com/files/5*88**6*/**_DDoS_Tools_by_-_Player_-.rar[/url]) I get:

Windows cannot access the specified device, path, or file. You may not have the appropriate permissions to access the item.

I can't copy it either I get this:

Cannot copy: filename

Make sure the file isn't write protected or in use etc etc

I know it isn't in use.. and I can edit it's name so idk about write protected.. Can you help me with this? I'd really appreciate it.

I am administrator btw, I tried right clicking and selecting "run as" and going on administrator. I disabled all antiviruses/firewalls as well. Not helping.

Well, I can't think of anything specific to help you, so let's just do a little checklist to make sure any obvious reasons are out of the way.

Do you have the latest version of the .NET Framework? Is the .exe file in the same directory as the other files?

I've tried running the exe from different folders, from C:\ directly, and from the .rar it's in. Same message lol.. I basically can't run any file that has this icon:

[IMG]http://img265.imageshack.us/img265/5**5/exeicontu*.png[/IMG]

I am using .NET Framework 2.0

It looks like the standard warning when a security app disables an exe. Some free security apps are difficult to disable totally. Try booting in safe mode and go from there.

Alright bro, I'll try that now then. Thanks.

Okay, they worked in safe mode :D

It's most likely my antivirus, I'm using AVG Free Edition 7.5, what do you recommend I do?

Uninstall AVG. :D If it still continues to operate even after you disable it, that's pretty much the company telling you that they think they know more about your security needs than you do. I'd trash such a program.

As far as antivirus goes, you shouldn't need it if you have some common sense, but if you are suspicious of a file, just scan it online with VirusTotal.

Okay, so the only thing keeping me from my TsunamiOverHost Botnet, is not having a host, and not being able to change the CHMOD on update.txt to 777.


I downloaded WAMP, I don't know how to go about configuring this, I suppose I'll look online for a tutorial lol

There's not much to 'configuring' WAMP. It's easy.

Also, you'll have to infect victims with the server.exe or whatever file was generated by TsunamiOverhost.exe. That's the harder part and requires you to find idiots dumb enough to open random .exe files.

What exactly happens when the .exe is double clicked? It doesn't make it obvious at all does it? "DO YOU WISH TO BECOME PART OF THIS BOTNET?" Rofl xD! That was a joke of course. Okaayyyy I'm gonna follow this guide on setting up my WAMP: [url]http://www.lunarforums.com/lunarpages_php_mysql/wamp_windowsapachemysqlphp_setup-t228*0.0.html[/url] . Do I need both Apache AND MySQL? They sorta seem like the same thing if I'm not mistaken

To be honest, I've never clicked server.exe on myself before. I don't know what happens other than the clicker's system becomes part of the botnet. If they have a good AV or something maybe it'll catch it.

Apache and MySQL are two very different things. Apache is a web server, MySQL is a database manager.

Ughhhh there are SO many downloads on apache website.



Could you possibly point me to what i'd have to download for WAMP to work? I don't have any options or anything for my WAMP, just says server offline in my taskbar. I can't open up any menus or anything, I'm guessing this is how it works, which means it has to be configured using something else? I'm guessing apache because I already have MySQL


Also for the "online.php" file, since I'm not using an FTP; what do I put in the $online_db_host field? This is what it looks like now.

// Set MySQL database variables
$online_db_host = "ftp.drivehq.com";
$online_db_name = "MYSQLDATABASENAME";
$online_db_user = "MYSQLNAME";
$online_db_pass = "MYSQLPASSWORD";

WAMP comes with MySQL, Apache, and PHP already. There's no reason to download anything else.

Since you'll be hosting from your computer, you can set your db host to localhost.

To make sure WAMP is working properly, go to [url]http://localhost[/url] and see if you get the WAMP start page. If you don't, that means something's wrong.

Okay it's working properly, how can I upload my botnet folder to it


Taking an educated guess and saying it's c:\wamp

Now where in there, do I put my botnet folder? and how can I edit the CHMOD's after they are uploaded?




Also, I've already did this:


CREATE TABLE botnet (
date int NOT NULL,
ip varchar(40) NOT NULL,
b_id int unsigned primary key NOT NULL auto_increment
);


Into mysql 5.0 before I installed WAMP, Do I have to do this again for the WAMP version of mysql?

I don't think you'll have to worry about CHMOD and all that.

Also, there should be a folder like wwwroot or something like that with an index page in it. Put your files in there.

So I am safe to open up TsunamiOverHost now?


It says


Enter URL to your panel


do I just put [url]http://localhost[/url] ?


I did that, it created server.exe, Now I gotta look for it.


I hope I am doing it right ><


I'll infect a few friends, see if it goes up :P




Update: Holy shit it's a mess in there, this is what "http://localhost/Xylophone" looks like.


[url]http://img*00.imageshack.us/img*00/5*06/ffsfc2.png[/url]



ughh.. what did I do :(

Moonbat, since you also have Tsunami can I get your msn and I can go over what I have and match it to what you have? I can paypal you some ***** for all of this, you have helped out so much.

I don't have Tsunami anymore. The server I had it on wised up on their security.

Also, for some reason I'm getting a 400 Bad Request for ImageShack. Can you host the pic somewhere else?

If you have a 2nd computer, you can try infecting yourself. I don't think your friends will appreciate it.

I barely get on MSN.

K i'll host on tinypic:

[url]http://tinypic.com/view.php?pic=2z57ib*&s=*[/url]


Do you still have any of the files when you had Tsunami? Do you know where you got yours from? >< Maybe this one I got off partyvan has messed up .txt's and .php's?



Sent it to GF who barely uses the computer, just to see if anything would change :P I'm gonna post some information

C:\wamp\www\Xylophone

index.php
online.php
update.php
update.txt

That's what's in there.

hmmm, here, lemme open up mysql;

show databases;

information_schema
mysql
test
xylophone



use xylophone;

database changed



show tables;

botnet


explain botnet;

[url]http://tinypic.com/view.php?pic=2zekppe&s=*[/url]

I got my copy of Tsunami off of h4cky0u. I don't have a link, and I think the thread is lost anyway because of the whole h4cky0u vs h4ck-y0u split.

Let's do another checklist before we start.[LIST=*][*]Are you able to login normally? It doesn't matter if the page looks messed up, as long as it works it's fine[*]Are you able to access your WAMP page from another computer using your computer's IP address? For example, if the computer w/ WAMP has IP 28.*04.54.2*0, type in [url]http://28.*04.54.2*0[/url] on another computer and see if it gets to your WAMP page. [/LIST]

If you need any more information I can give it to you;

Here are the originals of the txts/phps and what they were after I edited them, maybe I screwed up here?

under index.php, original first, then my copy

<?
// SETTINGS FOR ADMIN ACCESS
$login = "admin"; // your login

//You must set it!
$password = ""; // your password


and mine:

<?
// SETTINGS FOR ADMIN ACCESS
$login = "x*mpr0x"; // your login

//You must set it!
$password = "thisismypwlol"; // your password



And now to look at online.php:

// Set MySQL database variables
$online_db_host = "";
$online_db_name = "";
$online_db_user = "";
$online_db_pass = "";

and my copy:

// Set MySQL database variables
$online_db_host = "http://localhost/";
$online_db_name = "Xylophone";
$online_db_user = "x*mpr0x";
$online_db_pass = "thisismypwlol";

Ah, wait, hold on. Find the line:
[CODE]$online_db_host = "http://localhost/";[/CODE]
And put in your computer's IP address:
[CODE]$online_db_host = "http://YOURIPHERE/";[/CODE]
Sorry for my mistake telling you to put localhost, but I just realized that it won't work unless you put your own IP. Like I said, I've never used WAMP to host Tsunami.

So yeah, replace localhost with your IP. Then wait for someone to open up the server.exe or whatever. Then see if you can attack a site with it.

EDIT: Make sure you keep WAMP online. Always, otherwise your botnet won't work :)

Login? If I go to [url]http://localhost/[/url] I'm automatically in. There are no logins.



if someone goes on they get this:

Forbidden

You don't have permission to access / on this server.

WAMP is offline :S how do I get it online.

No, go to the directory that Tsunami is in. There should be a control panel of some sort. I think you might've already logged in.

Is your WAMP server online? Do you have an index page in the main directory?

[url]http://tinypic.com/view.php?pic=*6s*6w&s=*[/url]

That's what [url]http://localhost/[/url] is


and in my taskbar, when I highlight WAMPSERVER it says "WAMPSERVER - server Offline"


Lemme ask you, do TsunamiOverHost.exe and server.exe have to be in a certain place? They are nowhere near c:\wamp\... in fact they are on d:\ lol

I think you have to right-click the taskbar icon and put it online.

All your files are in the wwwroot folder right? So go to [url]http://localhost/WHATEVERDIRECTORYTSUNAMIISIN[/url] and post a screenshot.

okay, [url]http://localhost/Xylophone:[/url]


[url]http://tinypic.com/view.php?pic=2z57ib*&s=*[/url]


and in c:\wamp\www\Xylophone:

index.php
online.php
update.php
update.txt

Hm.. okay, do you have IRC? If so, come to:

[U]IRC server[/U]
irc.web******.com

[U]Channel[/U]
#all-net-tools

Yep, the WAMP didn't work, me and moon tried.



I can't run it properly from any FTP either, I'd need a specific name.



Gotta look around I guess.

I have read ENTIRE THREAD.

After reading the issues that ur facing with the WAMP. I am pretty positive that even if u can get the botnet to work. The part to spread ur virus would be tougher. And if u try to goto learn hexing to make ur virus undetectable i think u'd be in a big mess. As u said in ur first thread, u have patient and willing to learn.

If you want to learn how to HEX.. then check [URL="http://www.techmafias.com"]THIS WEBSITE [/URL] out. A video tutorials is there under "video tutorials"

The only reason botnets are so effective is they are distributed. When they come from all over the place, you have to do a ton of individual blocks. If they are all from the same IP space, ok just black hole China's space and that's it. Wouldn't take a block from very many top level providers and they'd be doing nothing at all.

People do this for many reasons.Maybe to tell others look I can hack your site or they want to take info, such as license keys from Kaspersky's site (which one romanian hacker succeeded with ease i heard).But some just do it to prove that they can do it, or because they are angry and want revenge.This subject can be largely discussed but you can never know for sure.