Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Hybrid Botnet System V.1.0 & QuadNX/NT

  1. #1
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Hybrid Botnet System V.1.0 & QuadNX/NT

    Couldn't really find a proper place for this request as I am unsure of the issues involving this request, but would like to see Hybrid Botnet System and QuadNX/NT. I have Hybrid Botnet System V.1.0, QuadNX v.Qx2, QuadNT v.Qn1 and Malheur-0.4.6 installed on Backtrack4 Final and thought they may be useful tools for Web Stress testing apps. Personally I feel any tool that can help a pentester is useful, but I don't know the policy/issues dealing with malware analysis/ botnet creation and Backtrack 4. I use them to stress test XP/7 in VMworkstation and would be more than welcome to shed any light on how to get all of it installed if need be.

    These tools all come from x1machine.com and if you just follow the install instructions, verifying that you have the correct dependencies, they will compile with little problem.

    If I am out of line requesting such tools, I am sorry. I just don't know the opinion/stance on the Backtrack Dev team.

  2. #2
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    I'm by no means a contributor or admin etc, this is just one guy. I would just like to point out that, despite my own Nematode work (NOTE: I do NOT work for or with Immunity, I built on their work years ago and created my own worms. It was a time of writing virus' and then writing an AV to defeat them, modifying the virus and moving along. The Nematodes were the next logical step), I'm having a little trouble understanding the justification for having them put in.

    Is it possible you give a bit of a write up on it? I'm sure the people in charge of all this wouldn't mind that either, and it might help the system look a little less circumspect.
    Last edited by Gitsnik; 01-25-2010 at 12:28 AM. Reason: Added the "NOTE" field
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  3. #3
    Member Mr-Protocol's Avatar
    Join Date
    Jan 2010
    Location
    Ohio
    Posts
    142

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Hybrid Botnet System is not RIP as of Jan 17, 2010. Might not get added due to that simple fact it wont ever be updated. Not only that, like Gitsnik said, there is no real explaination for what it is.
    Last edited by Mr-Protocol; 01-24-2010 at 10:43 AM.

  4. #4
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    I read your article Gitsnik and thought it was very informative, thank you.

    Features of Hybrid Botnet System:
    - Sleep
    - TCP Storm
    - SYN Storm
    - UDP Storm
    - Delete bot from remote machine
    - Reverse Shell
    - E.R.T.E
    - FTP Crack
    - Download & Execute

    We can configure it in virtual machines for testing of devices like firewall, IPS, IDS, log co-relator etc. and check handling of TCP and UDP packets by our customized application or pre-installed ones. Botnets are not viewed as as a security product but for a change we use them to find potential of security products we can use disadvantage of botnet into advantage use it in a controlled environment.


    As far as Hybrid is concerned, as they aren't updating it anymore, there is no sense in this being a request for it to be added any more. I was unaware of the Jan 17th notice posted on their site, I've been using Hybrid for a while now to stress test web server apps, loading the bot with SQL Injection Payloads XSS payloads, FTP Cracking, reverse shell, IDS/IPS and Firewall stress testing, download and execute, password file retrieval, floods, etc.

    Here is a good link on SQL Injection and Bots to give a simple explanation.
    http://www.darkreading.com/security/...leID=211201082

    Running on a 12gb ram test C&C server you can emulate thousands of attacks thus producing different results with your payload options. It could be seen as a useless skriddie tool for the construction of crimeware, I simply utilize it to stress test apps using as many prongs as I can.

  5. #5
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Quote Originally Posted by Gitsnik View Post
    Nice reading, Gitsnik. Really learned something new today. Thanks!

    Just as a side note, I believe you made a typo on the pdf. -> Page 44, 5th line, "192.68.2.*"

  6. #6
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Quote Originally Posted by Snayler View Post
    Nice reading, Gitsnik. Really learned something new today. Thanks!

    Just as a side note, I believe you made a typo on the pdf. -> Page 44, 5th line, "192.68.2.*"
    Not me!! Tell the boys at Immunity if you like, I just took their work and wrote my own - I've been building the basic systems for the last 5 or 6 years now.

    But yes, highly interesting, and actually useful when going after a box (if you are careful) - one can fire the "head" of the system at a box, wait for it to penetrate and then make use of different payloads (rather than letting one of those get out of the network)!

    Still, you've never seen management soil their pants until you suggest releasing a worm onto the system

    And apologies to all for not mentioning that I don't work for or with Immunity, now I see how it looks, so I'm editing the post to correct.
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  7. #7
    Member skinnypuppy's Avatar
    Join Date
    Jan 2010
    Location
    09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
    Posts
    154

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    And here I was going to complement on you for working for Immunity as I use the Immunity Debugger and Hydrogen on Backtrack 4 final and find them to be very useful tools in exploit development. Wish I could afford Immunity Canvas, but going to school and such... I'll stick with Metasploit and Immunity Debugger for my exploits. Again, very good .pdf, I've added it to my collection of texts and hope I can give back to the community on my research of Botnets and various injection techniques.

  8. #8
    My life is this forum Snayler's Avatar
    Join Date
    Jan 2010
    Posts
    1,418

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Quote Originally Posted by Gitsnik View Post
    Not me!! Tell the boys at Immunity if you like, I just took their work and wrote my own.
    You should be ashamed, you copycat!

    Well, it's not that big deal since anyone who can read up until page 44 should know what 192.168.x.x means.

    Quote Originally Posted by Gitsnik View Post
    And apologies to all for not mentioning that I don't work for or with Immunity, now I see how it looks, so I'm editing the post to correct.
    No problem.

    Quote Originally Posted by Gitsnik View Post
    It was a time of writing virus' and then writing an AV to defeat them, modifying the virus and moving along. The Nematodes were the next logical step.
    Indeed. I never thought of using a worm for security purposes. Kinda like using a brainwashed thief to protect a safe.

  9. #9
    Very good friend of the forum Gitsnik's Avatar
    Join Date
    Jan 2010
    Location
    The Crystal Wind
    Posts
    851

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Quote Originally Posted by Snayler View Post
    brainwashed thief
    It's pronounced pen-e-tray-shon tes-turr :P

    I actually find the Nematodes to be too strong - they work great on my internal networks and within the inner DMZ, but if they are put too close to the internet they tend to be a little over-restrictive in nature. This could just be my code of course, but when implementing them at a company I was netadmin for, they were forcing reboots and application halts just to ensure that things were under control and secure.

    Basically making it unusable for the clients - kind of a bad thing.

    If you go the route of trying to write your own, please PM me with your notes for your C&C server - the last thing I want to see is someone write one and release it (even by accident). It would be a bad thing if it somehow got blamed on Immunity (OR ME!!)
    Still not underestimating the power...

    There is no such thing as bad information - There is truth in the data, so you sift it all, even the crap stuff.

  10. #10
    Junior Member roybatty's Avatar
    Join Date
    Jan 2010
    Location
    Tannhauser Gate
    Posts
    55

    Default Re: Hybrid Botnet System V.1.0 & QuadNX/NT

    Quote Originally Posted by Gitsnik View Post
    Not me!! Tell the boys at Immunity if you like, I just took their work and wrote my own - I've been building the basic systems for the last 5 or 6 years now.
    Sure, That's exactly what I'd say should my resume included working 6 years for the NSA.

    How's the weather today in NYC?

    Just kidding ...
    I've seen things you people wouldn't believe.

Page 1 of 2 12 LastLast

Similar Threads

  1. Replies: 2
    Last Post: 01-14-2010, 11:04 AM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •