Wednesday, August 21, 2013

Cythosia DDoS Botnet

Cythosia is a typical shit DDoS bot.

As advertised:
http://www.hackforums.net/showthread.php?tid=1415489
Controlled via: Webpanel
Found at: Opensc.ws
Language: C# (2.0)
Developed by: Post.Mort3m
Current Version: 1.0.8
# Runs on Win2k - Win7 / x86 and x64
~ Limited/Guest/Administrator Acconts
# Various Autostart Names and Entries
Main Functions:
+ Download & Execute
+ Update
Distributed Denial of Service Functions (DDoS)
+ Syn
~ 20 Bots can kill little Sites
~ Customizeable Port & Strength(Http, Sql, Gameserver)
+ UDP
~ Perform attacks on homeconnections
~ Highly customizeable
+ HTTP
~ Multithreaded GET Requests - Generates Traffic as hell
~ Keeps GET Requests open
Socks5 Proxy
+ Opens Port with UPnP if router supports it
+ Redirects all TCP requests multithreaded -> very good speed
+ Configureable Username and Password
Control Panel
+ Nice looking Ajax Panel
+ Hardcoded Password -> secure
+ Taskmanagement System
+ Export Online SOCKS5 LIST

@Blixx on HF - nice TUT - http://www.hackforums.net/showthread.php?tid=1418263

But I'm confused. Why do the H4X0r$ on HF not know how to setup a simple shitty bot panel?
Oh.. right.. LMAO

I downloaded the archive and inside is a .NET obfuscator. Why? Was this bot was written in C# or not?? (See above in advert, Language: C# )

Was bored so I kept looking... the source of index.php:

<?php
session_start();
$crypt_pw = md5("admin");
if(isset($_POST['submit']))
{
if(isset($_POST['pw']) && md5($_POST['pw']) == $crypt_pw)
{
$_SESSION['hydra_loggedin'] = 1;
header("Location: admin/index.php");
}
else
{
header("Location: index.php");
}
}
?>

Hahaha!
Is this a joke?
Either way, I'm laughing


15 Cythosia DDoS Botnet Panels 

I decided to gather all the panels I could find and have a look inside.

hxxp://fixed-ao.com.ar/Webpanel/admin/index.php
hxxp://myfiles.besaba.com/admin/index.php
hxxp://www.kazekiki.com.nu/Webpanel/admin/index.php
hxxp://zjomzjom.freehost.pl/admin/index.php
hxxp://mucomucox4.bedavahost.biz/Botnet/admin/index.php
hxxp://testingsecuritybyv0id.com/91287521985/admin/index.php
hxxp://boucraa.no-ip.org/bot/admin/index.php
hxxp://monit-css.vv.si/admin/index.php
hxxp://tigerromnci.eb2a.com/Webpanel/admin/index.php
hxxp://bouxss.juplo.com/1/admin/index.php
hxxp://evcorp.xtreemhost.com/Webpanel/admin/index.php
hxxp://www.l2eyes.com/Webpanel/admin/index.php
hxxp://xxxpass.netsons.org/Webpanel/admin/index.php
hxxp://www.micr0soft.tk/
hxxp://www.eocgroupz.com/aldi/Webpanel/admin/index.php


Ok, I have a TUT for all the Ubers at HF.

Step 1. Use shared free hosting for your bot panels, that's a really good idea. I like having adverts on my C&C panels.

Good grief...


Step 2. Another great thing about free hosting is they rate limit or simply cut off your MySQL usage. Thankfully the panel has a hard coded PW so I can see a panel of error messages. Yay.


Lol 


Lol again...


and again.


hmmm...not working?

Step 3. Be sure to use the included Eazfuscator.NET .NET Obfuscator and Optimizer - That shiz will FUD you up..












Step 4. Profit.


Summary

15 panels on different domains, using different bot builds.

0 bots online.

30 mins. of my time wasted.

At least I had a good laugh.


1 comment:

  1. :p
    if you renamed the title of page to anhother name
    the security of website cannot detect you :p
    and suspend your account for abuse

    change it in index.php
    and in admin/index.php

    open it with word pad and edit it
    sharch title
    and change the name in < title > ..... < title > without space
    and save it
    and for your bot execute your bot generator as administrator :D

    ReplyDelete