p2p Bot-net architecture in Tor -unstoppable

gAtO been doing some research in botnets and found out some cool things. The basics IRC- http – p2p and twitter botnets architecture and bots are becoming easier to find and use, tutorials and videos are all over the place and in any language. So the task of becoming a bot-master is easy.  Bot’s can be used for good also but nobody want’s to hear about that…Imagine bot’s being used with Amber alerts to or other emergencies tools were thousands of computers are needed, bot’s can be used for good things too.

Botnets are a big problem they allow anyone to have thousand, millions  of computers at their beck and call, a kid in a basement, or an enemy of the state these bot’s are a real danger. These bot’s have 4 different attack vector: 

Kenetic – Distribution – Information – cyberTools 

kinetic -zombie computer are used to Ddos attack a site or Click-fraud advertisement scams.

distributors – sending spam email- (Adware/ Spyware) – infecting other computers – co-workers, friends and families

information Keylogger, data exfiltration, key stealing from games -for sale $$ – email, social network — friends — banking – payPal – Work -Corporate spying and IP (intellectual property) plus emails of co-workers, friends and family.

cyberTools – we see bot’s become DNS servers, c&c servers, infection distribution servers, proxies, Tor (exit/entry) nodes or just a ftp site for storage.

I have seen lot’s of different bot’s but only four (4) basic types of botnet Command and Control (C&C) architecture: IRC (Internet Relay Chat) based, HTTP (or Web) based and P2P (Peer-to-peer) based – and Now Twitter controlled botnet’s.

Todays bot’s can be used in Intelligence Gathering, Monitoring and surveillance with the ability to turn on WebCam and Microphone without the victim knowing and recording it makes them even more dangerous and any digital cell device is hackable.

Here is a new one for me a private Twitter account is being used as the (C&C) command and control for bots. Once the bots are installed in the machine they go out and friend their botMaster they accept the friend and now send coded messages that are the commands for the bot’s. This is pretty cool and since it’s Twitter is kinda normal communication tool even in business machines, groups use twitter all the time to communicate.

In my research I found bots and video, tutorials and everything I need. On top of that we have Tor and other anonymized (custom Tor network) for these bot’s to communicate untraceable and cannot be found.

Here is were the metal hit’s the road because in this environment the p2p Botnet Architecture used with Tor would be an unstoppable solution and it’s becoming reality today: I included a thread from a hacker site in Tor discussing this very subject //.

these are some of the bot’s I found free source code to play –

G-Bot 1.7 Ddos-Bot – Zues – ClientMesh 4.0 – DarkComet 5.3.1 – BlackShades 4.8 – SpyEye 1.3.45

Below are some of my notes on this I hope they may help – gAtO oUt 

botnet basics

There are basically 3 types of Bot net technologies. The first botnets started back about a decade ago with IRC bots

it’s more a continual connection at all times

IRC – HTTP – P2P – note p2p is the best meshed no central C&C

With HTTP botnets you can communicate async – things can be schedule a meeting and then log of and do the work then at a pre arrange time you call home (C&C) and check in with mamma.

Then you have p2p botnet’s they have no central C&C so are much harder to find the source and kill it.

Here we see were some of the bot’s may become proxies or some units may be used to cascade out spam interactions, one may also become a download location, one a dns server. The key thing to take away from a Peer to Peer networks is it’s very difficult to take them down because of their mesh network. There is no central point of failure, it’’s a simple file sharing protocol

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=  p2p Tor Bot -message hacking board in Tor-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


Hey guys, just thought I would leave a thread here to announce a new bot that I am working on at the moment, Kronos.

Kronos is an http bot that runs through tor, each bot will launch its own tor process and then connect to your panel (which is a hidden service) using tor.

Current Features

  • The bot will act as a hidden service on the tor network
  • Socks5 proxy. Because of the above feature you are able to connect to the bot and use it as a proxy through tor, this removes the need for the bot to use upnp to open a port for you to connect through as tor handles NAT traversal by having the server connect out to the network itself, meaning there are no incoming connections. You can read here for more if you don’t already know how this works https://www.torproject.org/docs/hidden-services.html.en
  • Torrent seeder, not a shitty seeder that adds torrent files to the users torrent client, bots will work as real torrent clients.
  • Various flooding abilities (useless in my opinion)
  • Form grabber
  • Possibly mailing capabilities

I am also playing with some p2p code

=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-hacking board in Tor=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

// So now that we know a bit about botnets let’s look at how they can make a profit for the criminal, below I listed of some of the stuff that you can harvest from your botnet empire.

Revenue Generated


Adware/ Spyware Scare-ware

Crimeware – Keylogger, data exfiltration, key stealing from games -for sale $$ – email, social network — friends — banking – payPal – Work -Corporate spying and IP plus emails of friends and work buddies..





http://www.youtube.com/watch?v=RsDtlqT4Zd4 Zeus BotNet Tutorial 2012

 http://www.xylibox.com/2011/08/cracking-spyeye-13x.html  SpyEye Tutorial 2011



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: