Jump to content
YOUR-AD-HERE
HOSTING
TOOLS
SERVICE

Search the Community

Showing results for tags 'h.t.t.p'.

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • Staff Control
    • Staff Announcements
  • General doubts | News
    • General doubts
    • News
  • Hacking | Remote Administration | Bugs & Exploits
    • Hacking
    • Remote Administration
    • Bugs & Exploits
  • Programming | Web | SEO | Prefabricated applications
    • General Programming
    • Web Programming
    • Prefabricated Applications
    • SEO
  • Pentesting Zone
    • Pentesting Accounts
    • Reverse Engineering
  • Security & Anonymity
    • Security
    • Wireless Security
    • Web Security
    • Anonymity
  • Operating Systems | Hardware | Programs
    • Operating systems
    • Hardware
    • PC programs
    • iOS
    • Android
  • Graphic Design
    • Graphic Design
  • vBCms Comments
  • live stream tv
    • live stream tv
  • Marketplace
    • Sell
    • Services
    • Request
  • Pentesting Premium
    • Pentesting Accounts
  • Modders Section
    • Source Codes
    • Manuals | Videos
    • Tools
    • Others
  • PRIV8-Section
    • Exploits
    • Accounts|Dumps
    • Crypter|Binder|Bots
    • Tutorials|Videos
    • Cracked Tools
    • Make Money
    • More Tools
    • Databeses
    • Ebooks
  • Pentesting Zone PRIV8
    • Pentesting Accounts
    • Reverse Engineering
    • Cracker Preview Area
  • Carding Zone PRIV8
    • Carding
    • Phishing
    • Defacing
    • Doxing
    • Special User Premium Preview Area
  • Recycle Bin
    • Recycle
  • Null3D's Nulled Group

Product Groups

  • PRIV8
  • Advertising
  • Access Basic
  • Seller
  • Services

Find results in...

Find results that contain...


Date Created

  • Start

    End


Last Updated

  • Start

    End


Filter by number of...

Joined

  • Start

    End


Group


About Me

Found 1 result

  1. Zyklon HTTP Botnet Zyklon HTTP is a botnet that is currently being sold on the Darknet (see Figure 1), HackForums and available on a number of member only communities. This botnet supports Tor for anonymization and comes loaded with a number of additional features. It allows its users to execute various types of DDoS attacks, data theft and fraud. It also features secure operation mechanisms to detect other malware and assure its availability. Zyklon HTTP Botnet targets PCs and spreads itself via a number of different methods including phishing attacks. Figure 1: Zyklon H.T.T.P for sale on the darknet Attack Methods Distributed Denial of Service HTTP Flood The Zyklon HTTP botnet consists of seemingly legitimate session-based sets of HTTP GET or POST requests that are designed to consume a significant amount of server's resources, and can result in a denial-of-service condition - without necessarily requiring a high rate of network traffic. TCP flood Sending numerous SYN packets to the victim. In many cases, attackers will spoof the SRC IP so the reply (SYN+ACK packet) will not return, thus overwhelming the session/connection tables of the targeted server or firewall. Servers need to open a state for each SYN packet that arrives and store this state in tables that have limited size and are easily filled. Once this happens, the server drop new requests, including legitimate ones. UDP Flood The Zyklon HTTP botnet attacker sends large UDP packets to a single destination or to random ports. Since the UDP protocol is “connectionless” and does not have any type of handshake mechanism, the main intention of a UDP flood is to saturate the Internet pipe. Usually, the attackers spoof the SRC IP. SYN Flood Overwhelming a target machine by sending thousands of connection requests to it using spoofed IP addresses. The target machine attempts to open a connection for each malicious request and subsequently wait for an ACK packet that never arrives. Since a SYN-ACK packet never arrives, the massive number of half-open connections quickly fills up the server’s TCB table before it can time any connections out. SlowLoris By sending HTTP headers in tiny chunks as slow as possible (just before the server would time out the request), the target server is forced to continue to wait for the headers to arrive. If enough connections are opened to the server in this fashion, it is unable to handle legitimate requests. Malware Contamination Cloud-based malware inspection Zyklon HTTP botnet will enumerate all startup files and upload them to the VirusTotal online malware scanner. This will lead to analyzing of samples of malicious software that resides on the system. If the file is found to be malicious, Zyklon HTTP botnet will terminate all processes associated with that file and remove the file along with the registry keys from the system. This is a great option for perpetrators to ensure that their enslaved client systems are running without disruption. The botnet user can specify files to exclude from VirusTotal, and by calculating the MD5 hash of the file Zyklon HTTP botnet will skip it while scanning. Botkiller While the Cloud-based malware inspection relies on VirusTotal, Botkiller uses its own algorithm to determine if a file is malicious or not. This method tends to have more false-positive detections. When using this feature, Zyklon HTTP botnet will scan all processes and will check common locations that malwares reside in. It will attempt to detect injected processes and it will try to identify malware by behavioral analysis. If a file is detected as malicious the program will follow the settings specified in the botkiller feature, leading to the process termination and deletion of all associated files and registry keys. Like the Cloud-based malware inspection, this feature is keeps an enslaved client machine secure and available. Keylogger Keylogger is a great feature when it comes to client surveillance. It will record all keystrokes and log them to a database. The logs are sorted by dates and can be accessed from almost anywhere in the C&C panel. The control panel also lets one specify the window titles to record keystrokes for, as opposed to bloated logs with all kind of entries. Keylogger supports most if not all languages and keyboard layouts. The user can specify the maximum amount of characters that will client hold in a buffer before they are sent to the panel, or set an interval at which the logs are being uploaded to the panel. Automatic updater Zyklon HTTP botnet features automatic update function that ensures that all enslaved clients are running up to date software. When executed, it compares the update file hash and installed file hash and if found different – an updated file will be downloaded and installed. This comes very handy when controlling many clients. Figure 2: Zyklon HTTP Panel Data Theft Browser password recovery Zyklon botnet is able to recover passwords from popular web browsers. Most noticeable ones are Google Chrome, Mozilla Firefox, Internet Explorer, Opera Browser, Chrome Canary/SXS, CoolNovo Browser, Apple Safari, Flock Browser, SeaMonkey Browser, SRWare Iron Browser and Comodo Dragon Browser. FTP password recovery Currently supports FTP password recovery from following FTP applications: FileZilla, SmartFTP, FlashFXP, FTPCommander, Dreamweaver, WS_FTP Gaming software key recovery Currently supports around 50 PC gaming software’s including Battlefield, Call of Duty, FIFA, NFS, Age of Empires, Quake, The Sims, Half-Life, IGI, Star Wars and many more. License key recovery Automatically detects and decrypts the license/serial keys of over 200+ popular software’s including Office, SQL Server, Adobe, Nero and many more. Socket Secure 5 proxy Turn your bots into proxy servers - The Zyklon HTTP botnet automatically checks and updates a list of active proxy servers, and features reverse socket secure proxy servers, facilitating the creation of a proxy server on any client. Email password recovery Currently it can recover your lost email passwords from following applications: Microsoft Outlook Express, Microsoft Outlook 2002/XP/2003/2007/2010/2013, Mozilla Thunderbird, Windows Live Mail 2012, IncrediMail, Foxmail v6.x - v7.x, Windows Live Messenger, MSN Messenger, Google Talk, GMail Notifier, PaltalkScene IM, Pidgin (Formerly Gaim) Messenger, Miranda Messenger, Windows Credential Manager. Encrypted communication Connection between client and server is encrypted using RSA asymmetric encryption algorithm (Valid key sizes are 512-bit, 1024-bit, 2048-bit, 4096-bit) that is paired with AES-256. AES-256 keys are dynamically generated on the client and are encrypted before being stored in a session variable in the panel. After the initial key exchange, the whole communication is encrypted with AES-256. Figure 3: Zyklon Builder * In its previous version, Zyklon was able to perform crypto mining services but this feature has been removed in the latest update. It is likely to return more mature and sophisticated in a future version, as it used to turn the infected computers into Bitcoin miners for profit – a very popular competence. How to install Zyklon H.T.T.P BotNet on your server [Hidden Content] Download: [HIDE][Hidden Content]]
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.