Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  nodelist  faq  login

Advice is a dangerous gift; be cautious about giving and receiving it.


rocksolid / Hacking / DEUCALION BOTNET 2.54 | IRC | MOST POWERFULL LAYER7 AND LAYER4 | DESTROY ANY TARGET

SubjectAuthor
* DEUCALION BOTNET 2.54 | IRC | MOST POWERFULL LAYER7 AND LAYER4 | DESTR<Lythrum
+* Just looking for some good botnetsAnonymous
|`- Re: Just looking for some good botnetsAnonymous
`- Re: DEUCALION BOTNET 2.54 ...Retro Guy

1
Subject: Just looking for some good botnets
From: Anonymous
Newsgroups: rocksolid.shared.hacking
Organization: rocksolid2 (novabbs.org)
Date: Sun, 31 Jan 2021 06:17 UTC
References: 1
Path: i2pn2.org!rocksolid2!.POSTED.127.117.190.215!not-for-mail
From: pos...@anon.com (Anonymous)
Newsgroups: rocksolid.shared.hacking
Subject: Just looking for some good botnets
Date: Sat, 30 Jan 2021 22:17:53 -0800
Organization: rocksolid2 (novabbs.org)
Message-ID: <ha.920.ic584@anon.com>
References: <phfjlq$tuj$1@novabbs.com>
Content-Type: text/plain; charset=UTF-8
Injection-Info: novabbs.org; posting-account="def.i2p"; posting-host="127.117.190.215";
logging-data="23131"; mail-complaints-to="usenet@novabbs.org"
View all headers
Hey, just looking for some good botnets or dos/ddos clients

--
Posted on def2


Subject: Re: Just looking for some good botnets
From: Anonymous
Newsgroups: rocksolid.shared.hacking
Organization: Rocksolid Light
Date: Sun, 14 Feb 2021 11:21 UTC
References: 1 2
Date: Sun, 14 Feb 2021 11:21:14 +0000
Subject: Re: Just looking for some good botnets
X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on novabbs.org
X-Spam-Level: **
From: Anonym...@rslight.i2p (Anonymous)
Newsgroups: rocksolid.shared.hacking
X-Rslight-Site: $2y$10$08jWkKg3EbFdQqMpWF5jzeKAHczKAzSQGJro/ppYjye9YFnAz9Umu
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Rocksolid Light (news.novabbs.com/getrslight)
References: <phfjlq$tuj$1@novabbs.com> <ha.920.ic584@anon.com>
Organization: Rocksolid Light
Message-ID: <db52a92468665c6fed1fd30b387769d1$1@dkzerogt6z6ybhcj.onion>
View all headers
If you need some good botnets, try to use Mirai botnet, in 2016 this botnet downed almost all the internet. i think there's a new version of Mirai botnet.

or watch github for some other botnets.
--
Posted on Rocksolid Light
dkzerogt6z6ybhcj.onion



Subject: DEUCALION BOTNET 2.54 | IRC | MOST POWERFULL LAYER7 AND LAYER4 | DESTROY ANY TARGET
From:
Newsgroups: rocksolid.shared.hacking
Organization: RetroBBS II
Date: Tue, 3 Jul 2018 10:37 UTC
Path: rocksolid2!.POSTED.localhost!not-for-mail
From:
Newsgroups: rocksolid.shared.hacking
Subject: DEUCALION BOTNET 2.54 | IRC | MOST POWERFULL LAYER7 AND LAYER4 | DESTROY ANY TARGET
Date: Tue, 03 Jul 2018 10:37:46 +0000
Organization: RetroBBS II
Lines: 202
Message-ID: <phfjlq$tuj$1@novabbs.com>
Reply-To: <Lythrum@none.i2p>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 3 Jul 2018 10:37:46 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="localhost:127.0.0.1";
logging-data="30675"; mail-complaints-to="usenet@novabbs.com"
User-Agent: FUDforum 3.0.7
X-FUDforum: d41d8cd98f00b204e9800998ecf8427e <360359>
View all headers
## Welcome to Deucalion 2.54, the last IRC version of
Deucalion ##
First, what is deucalion?
Deucalion is a botnet IRC, known for its power and bypass
methods on the internet.
We can bypass any protection layer7 like
cloudflare/blazingfast/incapsula... with the methods
HTTPBYPASS/SMARTBYPASS
and in layer4 OVH Game/Blazingfast/NFO/Vox/Amazon... with
the methods GAMEUDP/GAMETCP
Once you order a build, you will be asked to fill what
options you want to use on the bot
Now we will be listing each one of them so you can pick the
ones you want :
-Startup, will add the bot to registry so its executed on
next windows boot.
-Startup persistence will make sure that such registry key
is not removed, adding it back in case its removed.
-Critical process will elevate the process so it causes BSOD
in case process is killed, this will require Admin
privileges, however in case user is not admin, no screen
will prompt.
-Task Scheduler will add a command in the windows task
manager so that the program starts automatically every X
time.
-Unkillable will exploit a windows 7 error, making the
process being impossible to close.
-UAC bypass will attempt to gain Admin privileges.
-Watchdog function injects shellcode into a remote x64
process that will act as a guardian of the bot, meaning that
in case process is randomly closed, it will be reopened and
botkiller will be executed. Note, unless you use native
version, this will make the stub x64 and wont execute on
x86.
-Native version makes the executable file native, when
executed it will load the needed dependencies at runtime,
deppending on the environment.
-Botkiller will attempt to clean the machine from malware,
it has two steps.
First one, is signature based, we've collected the most
common malwares and added them in the list. Here is a brief
example of the supported bots:
-Imminent monitor
-Nanocore
-Quasar
-Zyklon
-Darkcomet
-Remcos
-Ozone
-Luminosity
-Blackshades
-Cybergate
-Medusa IRC
-Neutrino
-Loki
-Sieren
-Betabot
Those are few of the many that are and will be added.
Second step focus more on the common behaviour of bots,
Deucalion will look up for folders such as APPDATA, and, the
files installed in there will be analyzed, if them match a
list of patterns that we've got, process will be killed.

## Methods Layer7: ##
Have been overall slightly modified to counter the possible
signatures that have been added to firewalls.
Socket's method were modified to be more stable, however i
will focus more on those for the next version 3.0, which i
expect will have more r/s, better https and more stability.
HTTP: Method makes http requests, waits for response and
closes the stream, a random useragent is picked once the
flood starts, and doesnt change till attack is resent.
HTTPKILL: Method made to crash webservers with low power,
easy to mitigate, yet lethal in some cases.
HTTPNULL: Makes small requests, meaning most of the headers
are not added, generating more requests per second.
HTTPPAGE: Will make similar requests to HTTP with the
difference that you might add %RAND% to the url, meaning
random paths will be hit.
HTTPDRAIN: Makes similar requests to http method, with the
different that the flow is not constant, the bot randomly
sleeps for X time before sending back the requests.
HTTPCOOKIE: COOKIE method generates a huge ammount of load
on the server by sending large requests.
HTTPSTRONG: Makes two different type of requests at the same
time, this might bugg some webservers making them crash with
small load. Such requests are small and lack of user agent.
HTTPRANDOM: Uses HTTPBYPASS emulation to solve challenges,
right after that, requests are built randomly attempting to
bypass signature based firewalls.
HTTPBYPASS: First, the bot will attempt to bypass any
possible firewall, including javascript challenges, click to
continue and even captchas, deppending on the machine,
different emulation is applied. (bypass
cloudflare/blazingfast/incapsula..)
SMARTBYPASS: Now, this might require a few explanations.
(bypass cloudflare/blazingfast/incapsula..)
Browser will allow you to type the browser to use, you have
the following options:
-Chrome
-Mozilla
-Opera
-IE
-Rand (will pick any of the above)

Cache will allow you to pick beetwen this:
-0 -> wont sent cache information
-1 -> will send cache information picking a random value
-custom -> meaning you will set the value that you want for
the cache header.

Referer, allows you wether to use referer or not
-0 -> wont set any referer
-1 -> will send random referer
-custom -> you pick the referer

-Upgrateinsecure, you pick when is this header enabled.
-0 -> disabled
-1 -> enabled
->2 -> random

-Ratelimit, will allow you to choose if you want to enable
rate limit bypass, this function will reduce or add speed to
the flood, current version might be adaptating itself slowly
due to the lack of data that i have, im sure that after
i review your comments it will get much better.
Overall, this method is made to bypass even the most
protected website, attemtping to recreate 1:1 browser
requests, it will be updated in 3.0, consider this first
version as a main preview of whats coming.

## Methods Layer4 : ##
where, host stands for the target, port ... , min and max
stand for the packet size, it will be random per each bot,
threads.. and time in second.
TCP/UDP: Not much to comment on those, basic floods that
will probably bypass most of the firewalls since them are
legit connections. might be limited by firewalls that accept
only packets from X service.
GAMETCP/GAMEUDP: Those methods will use pre-built packets
from games, few firewalls do filter so that the server only
allows game packets, this methods will attempt to bypass
such protections by sending legit packets from well known
games. (bypass OVH Game/Blazingfast/NFO/Vox/Amazon.. you
need minimum 500 bots windows connected)

## Finally, we will talk about the utility commands: ##
DOWNLOAD_EXECUTE: Will download and execute the file that
you've set.
UPDATE: Will update the bots version to the new one, if the
param that you set version does not match with the one that
the bot has, then it will procceed to update.
STOP target: Stops any running flood on that target
STOPALL: Stops all running floods
INFORMATION: Will display useful information, such as cores,
ram,  running floods, installed anti virus, country and
version of the irc.
LIST: Will display the running floods.
STATUS target: Will let you know the returning HTTP code of
the website, in case no response was received, it will
display NULL.
SPLITPERCENT: Will move the %percent of the channel to the
newchannel
SPLITCPU: Will move the bots that got same or higher cores
to newchannel
SPLITGEO: Will move bots by its geolocation, you might use
BR|USA in case you want to stack multiple locations.
KILL: Bot will leave
BOTKILLER: Botkiller will be manually executed, in case you
want to know if bots were killed, add 1 to the end of the
command, you will known the malware names and number of
removed malware.

## DSAT ##
Layer7 with 60 bots only :

You can buy as many bots as you want.
For example to bring down a big dedicated amazon server in
layer you need 300 Bots connected (~300 Kr/s)
Feel free to ask me questions I will answer them without
problem and you will help to down all your targets.

## Information: ##
Deucalion 2.54  price is 750$, updates and support included
(lifetime), feel free to ask me any question or suggestion
you might have.
I also sell windows bots $0.20 per bots


You have the right to resell your power for profit, I have
customer who pay $2,500 a month to feed their botnet with
bots, and who resell the power for $20,000 a month, just be
inteligient.

Version 3.0 comes out in about 3 weeks, the new price will
be 1350$
With each version the price increases.
But if you bought version 2.54 at 750$ for example, you will
not pay for the new version, it will be totally free.

## CONTACT ME ##
To contact me, add me on XMPP: mailto:lorax@exploit.im (use
OTR thanks.)
Posted on RetroBBS II


Subject: Re: DEUCALION BOTNET 2.54 ...
From: Retro Guy
Newsgroups: rocksolid.shared.hacking
Organization: Rocksolid Light
Date: Tue, 3 Jul 2018 11:01 UTC
References: 1
Path: rocksolid2!.POSTED.local_inn!not-for-mail
From: Retro ...@retrobbs.rocksolidbbs.com (Retro Guy)
Newsgroups: rocksolid.shared.hacking
Subject: Re: DEUCALION BOTNET 2.54 ...
Date: Tue, 3 Jul 2018 11:01:36 -0000 (UTC)
Organization: Rocksolid Light
Message-ID: <203bb9ba602fb5d55681f19dc306397c$1@rslight.i2p>
References: <phfjlq$tuj$1@novabbs.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
Injection-Date: Tue, 3 Jul 2018 11:01:36 -0000 (UTC)
Injection-Info: novabbs.com; posting-host="local_inn:10.13.0.7";
logging-data="5735"; mail-complaints-to="usenet@novabbs.com"
View all headers
I let this through as I found the detail interesting, it was posted in the proper forum, it wasn't cross posted all over the place, it was posted with a username, and it's not offensive. That's not meant to create a precedent, I'll do what I want each time I see posts soliciting.

If you want to pull it from other servers, here's the msgid:

<phfjlq$tuj$1@novabbs.com>

Retro Guy

Posted on Rocksolid Light.




1
rocksolid light 0.7.0
clearneti2ptor