I wish to set up an IRCD on my server for botnet, but I don't know which software would be best for this purpose... Operating System is win2k... Just paste some download links and comment on why it is the best.. Thank you.
Stoney
Mar 21 2004, 08:18 PM
Unrealircd thats what i use. its easy to mod. like remove some commands like lusers and list so people cant find ur room. if ud like ill post the one i moded
here I will post some sentences I collected regarding Botnets.. Some might be usefull to further mod it..
*** Admin can +m the channel and use his op status to talk. Since you cannot talk, then you cannot directly control the bots.
*** Or, they will set the bots so that they will not activate/respond unless the person talking is an op.
*** If you do steal a botnet, just make sure the owner doesnt see the command you use to update their files, or he can download your pack, and then do just what you did
*** Someone can sniff your password unless you use a P2P botnetwork and use SHA-1 hashes with a master pass on different network "farms". There are botfarmers that will know if something is up and actually DDOS on alert.
*** I know theres some botnets where the password will depend on your nick and hostmask. ie make a md5 of your current nick!ident@host, and this is your password.
*** Only opers could see nicklists. No join/part messages, and other ways to save bandwidth
*** it'd be far better to write your own P2P code and have the bots communicate over that than connect to a shell account running IRCd.
*** most non essential cmds should be gutted.
pdf
Mar 21 2004, 09:38 PM
I have IRCD but I wonder how to install service! on the server
Richie
Mar 22 2004, 01:20 AM
You're really not thinking of running an ircd to HOST a botnet are you? That's a quick way to get busted.
Qlimax
Mar 22 2004, 08:05 AM
QUOTE (Stoney @ Mar 21 2004, 08:18 PM)
Unrealircd thats what i use. its easy to mod. like remove some commands like lusers and list so people cant find ur room. if ud like ill post the one i moded
dude, u can post tut or something about how to do a botnet plz?
wizy
Mar 22 2004, 05:42 PM
I dont mean to be rude, but unreal is horrible, especially for a botnet.
I have a massivly modded ratbox-ircd. if your not an oper you cant do ANYTHING, nor can you see other users. join a channel and no one is there, but if your an oper, you see it all. no commands from the /stats range, or like /list /who and so on, are available to you unless your an oper.
That is the only way to do it.
And you have to host it on something you dont own or have a link to (a friends server wont work.) Next you have to make sure never to direct connect to it, use proxies in chains...
fuze
Mar 22 2004, 06:09 PM
Unrealircd indeed seems to work fine @ my mate's place.. I dont know a thing 'bout ircd
xzibit
Mar 22 2004, 08:54 PM
well it would seem to me that u would want something good that saves bandwidth, a modded ircd that saves bandwidth because even with a 100mbit connection and using basic unreal.. u probably cant hold anymore than 20,000 on one particular server
extreme
Mar 22 2004, 09:08 PM
I already installed Unreal, but I might reconsider, if you can just upload your config file Wizy.. SO I don't have to wast time on modding it myself..
wizy
Mar 22 2004, 09:25 PM
Its not just a config file. mine also saves on a LOT of bandwidth. With one of them installed, and 1000 bots on it, total bandwidth use (with no actual commands being sent, just in the idle time) its going about 1KB/s.
But it doesnt run on windows, its for linux. If you want to talk to me about getting it setup private message me, im not just going to post it in here. Especially since I will have to tell you a few things about its setup and use for it to work well for you...
CloudyOne
Mar 23 2004, 06:34 AM
Yeah, see my ircd is good for running "invis" but it has no security whatsoever :/
services dont seem to like it, half the time my ircop doesn't work.
Seriously i need an alternative,
QUOTE
if ud like ill post the one i moded
Please do, i would love to secure my server, or more less have one that actually works half decent.
bioslippery
May 1 2004, 12:18 AM
You can't post a tutorial on how to do a botnet, then you'd become a script kiddy, that's lame. But stoney, you'd be doing many a favor by posting your modded version.
Loxy
May 1 2004, 12:34 AM
I'm going to have to agree with wizy on this one and say UnrealIRCd is horrible. (for botnet or not). I also use modded ircd-ratbox. For win32 I would suggest Hybrid IRCd 7.x. It proves stable under 4000+ users and can be modded fairly easily. Hope this informs *someone ; )
DevilishCheese
May 1 2004, 01:54 AM
QUOTE (Richie @ Mar 22 2004, 01:20 AM)
You're really not thinking of running an ircd to HOST a botnet are you? That's a quick way to get busted.
i agree, dont even try to run a ircd on your own server if your going to host a botnet. Its just asking for trouble when you host your own botnet. Take this advice and run it on a already hax0red server. Otherwise, Unrealircd should be good too.
bioslippery
May 3 2004, 04:24 PM
Dont you just modify the file it tells you to, before making the install? Or is that in the nix version only?
Nessuno
May 4 2004, 08:46 AM
i think unreal ircd is a good ircd, it runs on nix and win. and about services u can use anope, in the official site there is the nix ver, but u can find also a win version. here is a link to the win version (it isn't the last version, it is 1.5.10. nix last ver is 1.5.31, if i remember) good work with ur server
omol
May 4 2004, 02:06 PM
Umm i don't think you should do this as i hate ddos or anything else to do with botnet.
But i will tell you the best way of doing this just for resurch only!
firstly don't be stupid and run a server on your own comp. dalnet is a gd way of commanding bots but i would recomend setting one up in a shell account without your personal. sdf.eu.org you can send a check and make up your details and set up an irc server on there shell! (stolen credit cards is how some people do it!)
im not gunna even start with making the bots or commanding them!
chars then omol
aTa100
May 10 2004, 06:21 PM
QUOTE (omol @ May 4 2004, 02:06 PM)
firstly don't be stupid and run a server on your own comp. dalnet is a gd way of commanding bots but i would recomend setting one up in a shell account without your personal. sdf.eu.org you can send a check and make up your details and set up an irc server on there shell! (stolen credit cards is how some people do it!)
It's legal action ?
MpR
May 10 2004, 11:35 PM
Ive spent many months working on my IRCD was based off an Unreal base.. The IRCD youre going to be looking for is going to depend on what you have to host. Beware Sucks Ass in my opinion but thats me .. Conference Room is simplistic but good luck on getting any good src for it to mod if you wish .
Unreal Is nice if you know what youre doing many modules available . Ive only compiled mine to hold 18k per IRCD but I have had id hold that many . Alot of the times its not going to be the Bandwidth of the host its self that will cause lag crashes etc generally it comes down to the PC itself you ll want too look for tsomething that can spawn threads fairly quickly and easily soemthing with high CPU and RAM uptime is nice but dont be stupid and setup a 30 day uptime box as computer performance generally depreciates with longativity of usage.
Try to find something youve had for awhile laying around 1 week uptime is great if you know the boxes routing alot may only restart and be offfor 2 minutes its well worth the sacrifice if its going to host your babies longer and easier.
as per IRCDs back to it Unreal is what Ive found worked for me theres plenty modules available and even with 15 k on a box I rarely hit high traffic mode if ever
Enjoy
MpR
Jack28
May 13 2004, 10:07 PM
im using Unreal IRCD for 7 months now... i tried many ircd's and i can tell you, Unreal IRCD is the one u should use cuzz it's easy and has many usefull features and stuff... Unreal IRCD is one of the best IRCD software around there, you ask other people...
saetji
May 13 2004, 11:22 PM
large botnet: bahamut (modded) since it uses least b/w from wht ive seen OR ultimate - like unreal but optimised for b/w usage.
dont use unreal coz it will rape ur b/w
w0bbes
May 14 2004, 08:55 AM
We used conference room for a while, but if you wanna link some servers, you could use unreal. Though, i have been told that Unreal kills lotta rBOTs, so if youre running rbot i would suggest Conf room!
oYost
May 14 2004, 06:00 PM
About bircd :
I use it and i have put it on a remote machine, this is working fine and it isnt very hard to config, i u have any questions on it, PM me
The interest of bircd is that it is invisible
bioslippery
Feb 10 2005, 07:03 PM
Stoney, you never did post your own modded version, any particular reason why not?
crackie
Feb 10 2005, 10:36 PM
QUOTE(pdf @ Mar 21 2004, 11:38 PM)
I have IRCD but I wonder how to install service! on the server
dont do such "hacking stuff" anymore but my botnet is now up for 6 month on win32 machine dont use it anymore but still got 4000 connections a day think again b00
tibbar
Feb 10 2005, 10:58 PM
hmm doesn't this thread break a number of GSO rules?
here's a nice paper on botnets which may be of interest to ppl with whiter hats.
tibbar
Feb 10 2005, 11:03 PM
actually, if we are going to have a botnet discussion, maybe you should look at p2p botnets, which are much harder to track down and are not so easy to destroy:
QUOTE
P2P Functionality What sets Phatbot apart from its predecessors is the use of P2P to control the botnet instead of IRC. Although Agobot has a rudimentary P2P system, IRC is still the main control vector. The author(s) of Phatbot chose to abandon Agobot's IRC and P2P implementations altogether and replaced them with code from WASTE, a project created by AOL's Nullsoft division (and subsequently canceled by AOL).
WASTE uses an encrypted P2P protocol designed for private messaging and file transfer between a small number of trusted parties. interestingly, the encryption has been removed from the WASTE code used in Phatbot. This may be due to the fact that sharing of public keys has been a stumbling block in the adoption of WASTE - currently it must be done manually. Rather than devise a system for distributing keys among infected hosts (or giving all hosts the same public/private keypair) the author(s) decided to scrap the encryption altogether.
Since there is no central server in the WASTE network, the infected hosts also have to find each other somehow. This is accomplished by utilizing Gnutella cache servers - anyone can use the CGI scripts provided by these servers to register themselves as a Gnutella client. The Phatbot WASTE code registers itself with a list of URLs pretending to be a version of GNUT, a Gnutella client. Other Phatbot hosts then retrieve the list of Gnutella clients from these cache hosts using the same CGI scripts. The Phatbots differentiate themselves from the Gnutella clients by using TCP port 4387 instead of the standard Gnutella port.
To connect to the Phatbot WASTE network, one only needs to have a custom WASTE client and connect to a peer found on the cache servers. At this point it is only necessary to have the correct username and password (stored as an md5sum in the Phatbot binary) in order to control the entire Phatbot network.
One problem with the WASTE approach is scalability; WASTE was not designed with large networks in mind. The protocol specifications state that WASTE is intended for nets with 10-50 nodes. For the typical IRC botnet, 1000 nodes would be on the small side.
rageinc
Feb 11 2005, 12:36 AM
I use spybot v1.1. It alows you to encrypt the channel. channel pass, and anything else so that your file cannot just be hex-edited. This is pretty old so it makes it easier to mod to be undetectable. I have done so and it never gets detected. There are not many commands but it is the best in my opinion. If u cant find it i cant upload it to some site so u can download it. hope this helps peace
Xcalibre
Feb 16 2005, 05:48 AM
yeh i g0t modded ircd pm ur email n ill send =]
vnet576
Feb 18 2005, 01:12 AM
I think its time to close this thread.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.
think again b00
