CONTACT ME AT SKYPE : zkby2013 to get this complete setup
Chapters : 1. Downloading xDDoSeR 2. No-IP Setup 3. Port forward 4. Exploring xDDoSeR 5. Building your bot 6. Testing + Installs
Chapter 1 : Downloading xDDoSeR 1. We'll start off by going to the download page, which is found here 2. When you're done, you should put all your xDDoSeR files into one folder like so :
3. Once completed and downloaded, proceed to the next step!
Chapter 2 : No-IP Setup 1. Head to : No-IP.com and make a new account. If you already have one, great! 2. Login with your newly created account and click on "Add a Host"
3. After that, you will be prompted with a screen that asks you for your hostname, domain, and all of that. Fill out only the hostname and the domain. Since xDDoSeR requires a 3 letter hostname and a domain as "no-ip.info", we will need to create a host with that layout. This is what mine looks like : 4. Now download the DUC client and install it. Login with your credentials and select the host you have created.
Chapter 3 : Port forward 1. Click your Start button and open up Command Prompt (cmd.exe). 2. Type in "ipconfig" and find your Default Gateway 3. Since my default gateway is 192.168.2.1, I will enter that in my URL bar. 4. You will need to forward ports : 81 and 1994 5. Depending on your router, you will have to look up a port forwarding tutorial. (IF YOU NEED HELP PORTFOWARDING I WILL BE HAPPY TO GO ON TEAMVIEWER)
Chapter 4 : Exploring xDDoSeR 1. When you open xDDoSeR, you will see this screen :
2. Enter in your desired username (mine will be Dark_Noodles) and click Add. 3. You will now see this very nice GUI :
4. As you noticed, there are 4 columns (Locations, Connections, Ping, and Status). Those columns list information on your bot. 5. If you right click on xDDoSeR, you will notice there are more commands such as : Download Execute, Uninstall, Info, and Passwords. 6. There are other options where you can change the GUI options, but those are not necessary. 7. After that, everything seems to be cleared out. Let's move on the the next step.
Chapter 5. Building your bot 1. If you noticed, there are 2 files that came with xDDoSeR.zip. xDDoSeR.exe and Bot Builder.exe 2. For this step, we will need Bot Builder, which will be building our bot. 3. Open it up and fill out your information. Mine looks like this :
4. Now click Build! If you encounter an error, please comment so I can help you fix it.
Chapter 6. Testing + Installs 1. Once your bot has been built, click on it and you should see yourself appear on the connection list. To uninstall, simply rightclick on a client and click "Uninstall".
2. To DDoS, put in the IP and the port and hit "DDoS". To stop, click "Stop" 3. If you wish to get installs, I suggest going to YouTube and start spreading on there.
This thread is purely for educational reasons. If you follow ANY of these steps and get arrested I am not responsible. This tutorial is designed from a theoretical prospective.
The world of botnets and blackhats is seriously messed up. Leave your morals at home.
Budget: What's your budget? To get a botnet started you'll need a minimal of 1.5k. This will include hosting,bot,FUD/Crypter. If you have good knowledge of c++ and how antivirus works you can most probably avoid purchasing a Crypter and create your own. This is the best option as only you have the Crypter+ stub (stub is the file you send to a potential vic).
Which bot? This part is entirely your choice. I highly recommend you avoid free bots as the builder (the part that inputs your domain ect into the stub) is most likely back doored. If you want a good public bot I'd recommend BetaBot from hackforums.net just create a account and search it. BetaBot is probably the only good thing that has and ever will come out of hackforums. HTTP bots are the only bots you should ever look at investing in. Irc uses more resources,less secure and easier to hijack. All a researcher has to do is to RE your stub and then they have your irc channel.
Hosting. Hosting is by far the most important part of building a successful and profitable botnet. The location of the servers is incredibly important. You'll need to avoid "the 5 eyes". America,UK,Canada,Australia and New Zealand. I prefer to host in a country that doesn't have strong relations to "the 5 eyes". I'd suggest china,Ukraine,Russia or Kenya. A good vps/dedi provider is http://www.dataclub.biz they're relatively cheap and you can choose where you'd like to host it. You don't really need bulletproof hosting (purchasable from ecatel.co.uk or cyberbunker.com) until you get around 25k-30k total bots.
Domain: A good botnet domain looks like random letters. I.e "djsoxneskfnsjxne". A good tip is to just bash your keyboard and see if its available lol. Honestly, the more random your domain looks the better. Namecheap.com is a good domain registrar. Another method is to create a legitimate looking domain I.e bitcointalk .com set the front page up as a legitimate forum and have the back end as your panel ect. This method will throw of 60% of researchers who for one reason or another found your domain.
Fast flux This is recommended if you start to exceed 25k bots total. If you don't know what fast flux is Wikipedia provides a accurate and in depth explanation.http://en.m.wikipedia.org/wiki/Fast_flux this will make it significantly harder for anyone to find and shut down your botnet. You can enable this feature (at additional cost) using namecheap.com via the DNS settings. It costs $100-200 but its well worth the cost.
Crypter/FUD If you understand c++ and how AV works then well done, you've saved yourself $200 a year. If not, purchase from crypters.net. Because its cheap you'll be sharing the crypting method with a lot of other people. You can increase the time from creation-detection by avoiding sample sharing AV scanners such as virustotal. A private Crypter with a method only you use will most likely cost you 500-600 a month. This is obviously not practical for beginners.
Money Making: I'll now explain several methods on how to make money. Lets all face the facts. Unless you're a Xbox booting skid the only reason you're going to create a botnet is to make money. If you do it correctly and make contacts with well connected people you can expect 25-50k a month. Don't expect any of these methods to be easy or for them to be " click and forget". You'll need to input hours of work into creating scripts ect for you to see any sort of decent return.
Crypto-coin mining. After the bitcoin boom mining bitcoins has become a lot harder. Crypto coins such as lite coins are becoming a lot more profitable. You'll most likely need to bind OpenCL with your miner as some laptops ect don't have OpenCL installed. I'd recommend mining using GPU instead of CPU. A proxy is a must, if you don't use a proxy your pool account will get banned due to high traffic. With 10k bots mining 24/7 you can probably expect 2-3k USD a month. I personally used to target gamers as they have better hardware stats increasing my average # rate.
Ad-click fraud. What I personally do here is create a blog about finances or insurance (higher ad rates and legit traffic) then get accepted for Adsense. If you have 1k bots I get them all to load a article then get 6 to click ads. You need to rotate which 6 click ads so google doesn't get suspicious. Changing the number of clicks is also a good idea to avoid pattern detection. I personally do this once every 48-72 hours so its less suspicious (make sure you still get views) Another good source for ad clicks is Coinurl.com. This company pays via bitcoin so it's perfect for ad fraud. A good tip is to disable ad filters to show adult content as these pay more. You can most likely expect to see about 1-2k a month dependent on how many bots you have.
Referral program's: This is incredibly easy and highly profitable. The network I used to be partnered with paid 1 USD for every download. 99.9% of bots have download and execute features so this is a definitely a method you should look into.
YouTube views: If you have a YouTube channel simply get your bots to load the URL and wait for the ad to end. Payment is higher if adverts last the entire duration instead of 5 seconds so this is recommended. To avoid detection sprinkle maybe 100 - 200 5 second skips into the mix for every 1k views. You could create and execute a .bat script on your bots to change their IP address if they're on a dynamic line. This avoids IP tabling and makes the view appear "fresh". This will bring anywhere from 100-300 USD a month.
DDoS service: I personally used to charge 40USD a month for 4GBps then $2 extra for every 1GBps addition. This is why I don't use banking Trojans. They don't have DDoS functions which is a rather large potential profit loss. I'd expect to see about 500-600USD a month from this. If you don't want to use your bots for DDoS purchase a dedicated server with a good port speed (10GBps). The server must allow spoofing and then use DNS ampflication.
Now for more malicious payment methods. Remember, this blog is purely theoretical. This is not instructions,I'm just simply raising awareness. If you don't want to steal people's money I suggest you stop reading. The next few methods are highly illegal and will almost definitely draw attention from the FBI,secret service ect.
Bank fraud: It's pretty obvious what happens here. A vic visits a website for example, PayPal.com. They enter their login details and because your bot has a FormGrabber you receive these details. You then just simply login and send the money to your PayPal account. Advanced bots like Zues used a feature called web inject. All web inject did was check the balance stated in the account and then "spoof" the account balance to say that even after the funds are gone.
DDoS extortion: By far the easiest method ever. I could most likely teach a three year old how to do it. You simply launch a DDoS attack on a website then tell them to give you money to stop. For example, the week before the Super Bowl take down X ( X being a betting website) for Y amount of time (usually 2-3 hours will do it). You want to be hitting the website with high amounts of traffic probably around 20-30GBps. You then ring or email the company and tell them they have to pay for you to stop the attack. 1-2k is a good fee for your "protection". Any company with a brain larger than a grain of sand will see that they most likely make 1-2k in a hour and will pay up.
Targeted Po*nography: This method involves infecting the personal computer of a business man,politician or public figure and catching them doing something embarrassing. The best results are to be had if the target is "self pleasuring". You simply take a picture via their webcam then send it to them via email with a ransom amount. If they don't pay (90% of the time they do) you sell the pictures to the media. Either way you earn money. Remember, you have the potential to ruin someone's career. They will pay almost anything within reason. You can expect around 10-15k from each hit.
Spam: You'll either need a lot of smtp servers or access to email accounts. You simply send emails to a list of email addresses. The newer the better. Anonymous is your new best friend, lol. 1 million emails will earn you $150 link+malware free and 1.5k if they contain a link to a exploit kit or attachment. The people who buy spam outputs are on private boards so this isn't a easily accessible method. if you want rat or botnet setup add me at skype : zkby2013