by ?
Written in C++, compressed with UPX, source included
Released in March 2004
*Fixed; Nick length bug that caused some bots not to connect *Fixed; chankey support, didnt really have to do anything..(line 236, numbers only, you can easily make it alpha too but im not telling how, figure it the fuck out) *Enabled; bot creates a backdoor account on the box, find it and comment it out to turn it off commands: "*" beside a command means it isnt working correctly *NOTE* MAKE SURE YOU PUT IN CORRECT PARAMATERS, AS THE BOT MAY CRASH IF YOU DONT 1) ! version - request version of bot 2) ! moo - exit bot 3) ! spoof get - get current spoof address 4) ! spoof off - disable spoofing from ip, only spoof from current subnet (default) 5) ! spoof <ip> - set spoofing to an ip address (this can be used for example with ping, to create a smurf attack, or a syn flood to create a drdos attack) 6) ! icmp <ip> <time> - sends random icmp codes to an ip address for an allotted time (512 byte packets + spoofing) 7) ! ack <ip> <port> <time> - attacks an ip with ack packets (spoofing, VERY fast sending) 8) ! syn <ip> <port> <time> - attacks an ip with syn packets (spoofing, TURBO fast sending) 9) ! random <ip> <port> <time> - alternates between syn/ack packets (spoofing, REALLY fast sending) 10) ! enable <password> - attempts to enable commands on the bot, the password is what you set with the disable command 11) ! disable <password> - if bot is enabled, disables it, and sets the enable password 12) ! udp <ip> <port> <time> - sends udp packets (spoofed) to an ip, if port = 0 then it uses random desination ports 13) ! dns <ip/host> - resolve a host/ip 14) ! exec <file> [command line] - opens a file (no spaces) 15) ! uptime - get the system uptime 16) ! keyspy enable <number between 0 to 15> - enable real time irc based keylogger, the number is used as the colour for the messages (easier to read with many bots) 17) ! keyspy disable - disable real time irc keylogger 18) ! delete <file> - delete a file off victims hard disk 19) ! send <nick> <file> <send as> - sends a file to someone 20) ! active - returns the active window (usefull if your looking for an interesting screen capture) 21) ! capture screen <save as> - takes a screen shot 22) ! capture drivers - list video for windows device(s) 23) ! capture frame <save as> <index> <width> <height> - captures a frame (bitmap) from a video for windows device 24) ! capture video <save as> <index> <time> <width> <height> - captures a video (avi) from a video for windows device 25) ! pscan <subnet> <port> <type> [delay] - scan a subnet for open ports.. if type is 1 then subnet is X, if type is 2 then subnet is X.X, etc.. 26) ! sysinfo - gives you some info about the system 27) ! raw <command> - sends a raw command to the server 28) ! dload <http url> <file> [execute] - downloads a file, execute is a boolean of wether to execute 29) ! clone load <server> <port> - loads 1 clone onto a server 30) ! clone kill - disconnects all clones 31) ! clone raw <command> - sends a raw command to the server + you can dcc files to the bot + dcc chat console with basic file/process manager + socks4 server running on port 559 + basic plugin system to do: http request generator (banner clicking) find files command notes: the port scanner can preform various actions based on what port you are scanning.. - port 1433: it will auto check if the 'sa' account is present on an SQL server - port 80: it will auto check if the host is vulnerable to a version of the unicode IIS exploit dropped file: c:\WINNT\RUNDLL16.EXE size: 16.896 bytes c:\WINNT\temp.bat size: 92 bytes port: 559 TCP startup: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run "Windows DLL Loader" data: C:\WINNT\RUNDLL16.EXE tested on Win2000MegaSecurity