Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Locked BYOB (Build Your Own Botnet)


itsMe

Recommended Posts

This is the hidden content, please

Disclaimer: This project should be used for authorized testing or educational purposes only.

This is the hidden content, please

BYOB is an open-source project that provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats.

It is designed to allow developers to easily implement their own code and add cool new features without having to write a RAT (Remote Administration Tool) or a C2 (Command & Control server) from scratch.

The RAT's key feature is that arbitrary code/files can be remotely loaded into memory from the C2 and executed on the target machine without writing anything to the disk.

Supports Python 2 & 3.

Client

  • Generate fully-undetectable clients with staged payloads, remote imports, and unlimited post-exploitation modules
  • Remote Imports: remotely import third-party packages from the server without writing them to the disk or downloading/installing them
  • Nothing Written To The Disk: clients never write anything to the disk - not even temporary files (zero IO system calls are made) because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process
  • Zero Dependencies (Not Even Python Itself): client runs with just the python standard library, remotely imports any non-standard packages/modules from the server, and can be compiled with a standalone python interpreter into a portable binary executable formatted for any platform/architecture, allowing it to run on anything, even when Python itself is missing on the target host
  • Add New Features With Just 1 Click: any python script, module, or package you copy to the ./byob/modules/ directory automatically becomes remotely importable & directly usable by every client while your command & control server is running
  • Write Your Own Modules: a basic module template is provided in ./byob/modules/ directory to make writing your own modules a straight-forward, hassle-free process
  • Run Unlimited Modules Without Bloating File Size: use remote imports to add unlimited features without adding a single byte to the client's file size
  • Fully Updatable: each client will periodically check the server for new content available for remote import, and will dynamically update its in-memory resources if anything has been added/removed
  • Platform Independent: everything is written in Python (a platform-agnostic language) and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application (macOS)
  • Bypass Firewalls: clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections
  • Counter-Measure Against Antivirus: avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning
  • Encrypt Payloads To Prevent Analysis: the main client payload is encrypted with a random 256-bit key which exists solely in the payload stager which is generated along with it
  • Prevent Reverse-Engineering: by default, clients will abort execution if a virtual machine or sandbox is detected

Modules

Post-exploitation modules that are remotely importable by clients

  1.     Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered
  2.     Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop
  3.     Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam
  4.     Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment
  5.     Outlook (byob.modules.outlook): read/search/upload emails from the local Outlook client
  6.     Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file
  7.     Persistence (byob.modules.persistence): establish persistence on the host machine using 5 different methods
  8.     Phone (byob.modules.phone): read/search/upload text messages from the client smartphone
  9.     Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges
  10.     Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports
  11.     Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host
  12.     iCloud (byob.modules.icloud): check for logged in iCloud account on macOS
  13.     Spreader (byob.modules.spreader): spread client to other hosts via emails disguised as a plugin update
  14.     Miner (byob.modules.miner): run a cryptocurrency miner in the background (supports Bitcoin & Litecoin)

 

Link to comment
Share on other sites

Guest
This topic is now closed to further replies.
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.