SEKURITY Blog | Hacking News, Tools, Malware

Monetize Bot Progress & Results

In the past couple of weeks, more and more has been added to mBot (Monetize Bot), with a new additional feature of ‘XSS (Cross-Site Scripting) Vulnerability Scanner’. With the testing of this feature on a single computer alone, returned some very nice results. Some of which are included below.

1. [ASK.COM]

2. [A1VBCODE.COM]

3. [NAVY.MIL]

The victims of the vulnerabilities have been informed and hopefully they should be fixed soon. Testing is still underway and Monetize Bot should be ready for sale in the near future!

Monetizing Malware - mBot

After my popular release of MassXploit, it has come to my attention that there is lack of malware that generates the user money, obviously without having to go into banking trojans and credit card fraud. This is what brought the development of my newest project, mBot, standing for ‘Monetize Bot’, the bot that generates you a cash-flow from your botnet.

It has many unique features of which allow the compromising of webservers, remote desktops, databases and more, that can be sold on for some good cash. these features include:

[-] BitCoin Miner - Mine BitCoins with CPU.
[-] BitCoin Wallet Stealer - Steals BitCoin wallet.
[-] FTP Stealer - Steals FTP credentials.
[-] WebDav Scanner - Scan random range.
[-] RDP Scanner - Scan for RDP enabled servers.
[-] SQLi Scanner - Scan random websites for SQLi vulnerabilities.
[-] LFI Scanner - Scan random websites for LFI vulnerabilities.
[-] RFI Scanner - Scan random websites for RFI vulnerabilities.
[-] Visit Website - Visit website visibly/invisibly.
[-] CD-Key Stealer - Steals game CD-Keys.

It’s extensive list of features allows you to take advantage of mass amounts of bots to carry out attacks on hundreds or even thousands of websites every minute.

The bot is still under development and has no release date released, the development thread can be found here: mBot Development Thread.

Elemental Forums

Elemental Forums is a fresh new forum created within the past few days, concentrated on the topic of coding. Although the community is small at the moment, it is planned to grow, and I would like you to be part of that growth by signing up now and getting in on the action! You can learn to code through the tutorials provided, or share your knowledge and help others.

ElementalForums.com was established to bring great coders together.
I have seen many groups claim to be ‘coding’ groups but there is no talent whatsoever.
Many of the owners are selfish and groups are mismanaged so I hope to turn that around.

Join now: http://www.elementalforums.com/

MassXploit - WebDav Exploitation In It’s Mass

MassXploit is a tool I’ve been recently working on, and is still in progress. It takes advantage of one of the most simple exploits available, the WebDav exploit, which is simply when a web server keeps the default “wampp/xampp” credentials on their WebDav configuration, we can login, and upload whatever we want.

This exploit has not been very effective recently as it has become saturated and there is a downfall in the amount of vulnerable servers, however there are still many vulnerable servers out there to be found.

The difference with this tool is that it is to be used over a botnet. All the victim systems will scan for vulnerable websites, exploit them, then upload the exploited server data to a MySQL database. So it’s just the general exploit, apart from doing it over mass amount of PC’s rather than one, having a great effect.

Discussion & Development Thread: http://www.hackforums.net/showthread.php?tid=1658055

50 Free DoS Shells

Exploited these today using my MassXploit tool, which I shall blog about soon once it is finished, so stay tuned!

Shell List: http://pastebin.com/dfBgTLNx

Shell Jacking

There is a new concept of gaining shells (compromised web servers used in DoS attacks), the main stream method was the WebDav exploit, if you can call it that, which was simply using default credentials of WebDav, allowing you to upload files such as a DoS Shell.

With the BooterDown project in full swing, this new service appeared, under the name ‘Shell Jacking’. It steals the Shells being used by the Shell Booters meaning you can gain access to up to thousands of compromised websites within minutes, instead of months.

The method of how he is jacking the shells is not disclosed, however my guess would be his ‘tool’ is listening for connections, he gets the Booter to DDoS his own connection, the tool then listens on the port he DDoS’d on, once the packet is received, stores the IP it came from and closes the connection. He then has all the shells connected IP addresses and exploits them himself using the well known WebDav exploit - and there you have it, thousands of shells.

The service thread can be found here: http://www.hackforums.net/showthread.php?tid=1650574

Project “Booter Down”

Project Booter Down is something new, you may or may not of heard of ‘Shell Booters’, a product widely sold in the online black market, used for short term DDoS attacks using compromised websites and servers. The idea of ‘Booter Down’ is that they take down all booters that are of poor quality, run by scammers etc. which the majority are, as it is seen as a quick and easy income for the ‘n00b h3ckerz’.

Booter Down uses a simple, yet effective, method to take down Shell Booters which is by simply reporting the illegal content to their host, which often succeeds as these low-life 12 year olds host their booters on $5/month hosting with Terms of Service disallowing the content they have uploaded. 

The beauty of this project is that they openly show the other booters on their website, with a list of 20+ links to booter control panels, all of which are either down, suspended or claiming to be ‘under maintenance’. The fun part is, you can also get involved, they encourage you to report booters to hosts and upload pictures of successfully managing to take down booters through reporting them to their host.

On this blog post, we won’t say much. We just want to see screenshots of you guys sending in abuse reports to hosts that are hosting shitty booters. Leave the screenshots in the comments.

This project is ran by ‘Orgy’ and ‘BV1’, and I wish them the best of luck with the project, you can visit the website at: http://www.booterdown.com/