********RESEARCH ONLY – DO NOT TRY ANYTHING I AM ABOUT TO DO AS YOU WILL MOST LIKELY END UP IN JAIL, I DO NOT ENDORSE NOR CONDONE DoS ATTACKS OR HACKING WEBSERVERS YOU DO NOT HAVE PERMISSION TO DO SO – HOWEVER IF THEY ARE AGAINST IRAN OR NORTH KOREA I WOULD LOOK THE OTHER WAY – I TAKE IN NO WAY RESPONSIBILITY FOR ANYTHING ILLEGAL YOU ARE ABLE TO DO WITH THIS INFORMATION *******
So, basically, I did some research on DoS webshells and quickly found some popular ones such as phpDOS, Grenshell and a few other less popular labeled *PRIVATE* *NOT FOR RELEASE* which that obviously didn’t turn out well. Additionally, kiddies are arrogant and lazy so I wanted to do searches for file names that ended or included “ddos, dos, attack, stresser, packet, etc” *.php|.asp|.jsp|.cfm. But why stop there, I also wanted to include in text strings such as “Start the attack” “Flood victim” “DoS Victim” “Victim IP”, etc.
So armed with some information, it was time to see if I could build a botnet, using a custom python script and a multiple TOR nodes through a VPN I could link all hacked shells and launch a single DDoS at any target I desired.
So, just to prove my point, here are a few screen shots, I was able to locate 178 available bots and judging by uplinks combined they should deliver well over 50gbs/sec – maybe more. This took me less than 4 hours to build a botnet and be able to control it without hacking a thing. The internet is broken, kiddies can repeat the same type of actions and take down large networks with ease.