rocksolid / Hacking / Re: DEUCALION BOTNET 2.54 ...
Just looking for some good botnetsFrom: AnonymousNewsgroups:
Sun, 31 Jan 2021 06:17 UTC
View all headers
Hey, just looking for some good botnets or dos/ddos clients
Posted on def2
Re: Just looking for some good botnetsFrom: AnonymousNewsgroups:
Sun, 14 Feb 2021 11:21 UTC
References: 1 2
View all headers
If you need some good botnets, try to use Mirai botnet, in 2016 this botnet downed almost all the internet. i think there's a new version of Mirai botnet.
or watch github for some other botnets.
Posted on Rocksolid Light
DEUCALION BOTNET 2.54 | IRC | MOST POWERFULL LAYER7 AND LAYER4 | DESTROY ANY TARGETFrom: Newsgroups:
Tue, 3 Jul 2018 10:37 UTC
View all headers
## Welcome to Deucalion 2.54, the last IRC version of
First, what is deucalion?
Deucalion is a botnet IRC, known for its power and bypass
methods on the internet.
We can bypass any protection layer7 like
cloudflare/blazingfast/incapsula... with the methods
and in layer4 OVH Game/Blazingfast/NFO/Vox/Amazon... with
the methods GAMEUDP/GAMETCP
Once you order a build, you will be asked to fill what
options you want to use on the bot
Now we will be listing each one of them so you can pick the
ones you want :
-Startup, will add the bot to registry so its executed on
next windows boot.
-Startup persistence will make sure that such registry key
is not removed, adding it back in case its removed.
-Critical process will elevate the process so it causes BSOD
in case process is killed, this will require Admin
privileges, however in case user is not admin, no screen
-Task Scheduler will add a command in the windows task
manager so that the program starts automatically every X
-Unkillable will exploit a windows 7 error, making the
process being impossible to close.
-UAC bypass will attempt to gain Admin privileges.
-Watchdog function injects shellcode into a remote x64
process that will act as a guardian of the bot, meaning that
in case process is randomly closed, it will be reopened and
botkiller will be executed. Note, unless you use native
version, this will make the stub x64 and wont execute on
-Native version makes the executable file native, when
executed it will load the needed dependencies at runtime,
deppending on the environment.
-Botkiller will attempt to clean the machine from malware,
it has two steps.
First one, is signature based, we've collected the most
common malwares and added them in the list. Here is a brief
example of the supported bots:
Those are few of the many that are and will be added.
Second step focus more on the common behaviour of bots,
Deucalion will look up for folders such as APPDATA, and, the
files installed in there will be analyzed, if them match a
list of patterns that we've got, process will be killed.
## Methods Layer7: ##
Have been overall slightly modified to counter the possible
signatures that have been added to firewalls.
Socket's method were modified to be more stable, however i
will focus more on those for the next version 3.0, which i
expect will have more r/s, better https and more stability.
HTTP: Method makes http requests, waits for response and
closes the stream, a random useragent is picked once the
flood starts, and doesnt change till attack is resent.
HTTPKILL: Method made to crash webservers with low power,
easy to mitigate, yet lethal in some cases.
HTTPNULL: Makes small requests, meaning most of the headers
are not added, generating more requests per second.
HTTPPAGE: Will make similar requests to HTTP with the
difference that you might add %RAND% to the url, meaning
random paths will be hit.
HTTPDRAIN: Makes similar requests to http method, with the
different that the flow is not constant, the bot randomly
sleeps for X time before sending back the requests.
HTTPCOOKIE: COOKIE method generates a huge ammount of load
on the server by sending large requests.
HTTPSTRONG: Makes two different type of requests at the same
time, this might bugg some webservers making them crash with
small load. Such requests are small and lack of user agent.
HTTPRANDOM: Uses HTTPBYPASS emulation to solve challenges,
right after that, requests are built randomly attempting to
bypass signature based firewalls.
HTTPBYPASS: First, the bot will attempt to bypass any
continue and even captchas, deppending on the machine,
different emulation is applied. (bypass
SMARTBYPASS: Now, this might require a few explanations.
Browser will allow you to type the browser to use, you have
the following options:
-Rand (will pick any of the above)
Cache will allow you to pick beetwen this:
-0 -> wont sent cache information
-1 -> will send cache information picking a random value
-custom -> meaning you will set the value that you want for
the cache header.
Referer, allows you wether to use referer or not
-0 -> wont set any referer
-1 -> will send random referer
-custom -> you pick the referer
-Upgrateinsecure, you pick when is this header enabled.
-0 -> disabled
-1 -> enabled
->2 -> random
-Ratelimit, will allow you to choose if you want to enable
rate limit bypass, this function will reduce or add speed to
the flood, current version might be adaptating itself slowly
due to the lack of data that i have, im sure that after
i review your comments it will get much better.
Overall, this method is made to bypass even the most
protected website, attemtping to recreate 1:1 browser
requests, it will be updated in 3.0, consider this first
version as a main preview of whats coming.
## Methods Layer4 : ##
where, host stands for the target, port ... , min and max
stand for the packet size, it will be random per each bot,
threads.. and time in second.
TCP/UDP: Not much to comment on those, basic floods that
will probably bypass most of the firewalls since them are
legit connections. might be limited by firewalls that accept
only packets from X service.
GAMETCP/GAMEUDP: Those methods will use pre-built packets
from games, few firewalls do filter so that the server only
allows game packets, this methods will attempt to bypass
such protections by sending legit packets from well known
games. (bypass OVH Game/Blazingfast/NFO/Vox/Amazon.. you
need minimum 500 bots windows connected)
## Finally, we will talk about the utility commands: ##
DOWNLOAD_EXECUTE: Will download and execute the file that
UPDATE: Will update the bots version to the new one, if the
param that you set version does not match with the one that
the bot has, then it will procceed to update.
STOP target: Stops any running flood on that target
STOPALL: Stops all running floods
INFORMATION: Will display useful information, such as cores,
ram, running floods, installed anti virus, country and
version of the irc.
LIST: Will display the running floods.
STATUS target: Will let you know the returning HTTP code of
the website, in case no response was received, it will
SPLITPERCENT: Will move the %percent of the channel to the
SPLITCPU: Will move the bots that got same or higher cores
SPLITGEO: Will move bots by its geolocation, you might use
BR|USA in case you want to stack multiple locations.
KILL: Bot will leave
BOTKILLER: Botkiller will be manually executed, in case you
want to know if bots were killed, add 1 to the end of the
command, you will known the malware names and number of
## DSAT ##
Layer7 with 60 bots only :
You can buy as many bots as you want.
For example to bring down a big dedicated amazon server in
layer you need 300 Bots connected (~300 Kr/s)
Feel free to ask me questions I will answer them without
problem and you will help to down all your targets.
## Information: ##
Deucalion 2.54 price is 750$, updates and support included
(lifetime), feel free to ask me any question or suggestion
you might have.
I also sell windows bots $0.20 per bots
You have the right to resell your power for profit, I have
customer who pay $2,500 a month to feed their botnet with
bots, and who resell the power for $20,000 a month, just be
Version 3.0 comes out in about 3 weeks, the new price will
With each version the price increases.
But if you bought version 2.54 at 750$ for example, you will
not pay for the new version, it will be totally free.
## CONTACT ME ##
To contact me, add me on XMPP: mailto:firstname.lastname@example.org (use
Posted on RetroBBS II
Re: DEUCALION BOTNET 2.54 ...From: Retro GuyNewsgroups:
Tue, 3 Jul 2018 11:01 UTC
View all headers
I let this through as I found the detail interesting, it was posted in the proper forum, it wasn't cross posted all over the place, it was posted with a username, and it's not offensive. That's not meant to create a precedent, I'll do what I want each time I see posts soliciting.rocksolid light 0.7.0
If you want to pull it from other servers, here's the msgid:
Posted on Rocksolid Light.