Forum Thread: How to Botnet

How to Botnet

So lets say ive created my own little botnet with pcs that I own and some family ones..
What can I do with them...

Lets say if I have about 30 of em.. then if I want to run sonething ill have to open each session seperately and run commands on each of them??

And can I do something like when I open the payload on a pc.. the persistance script is automatically run?? And if I had my own scriot that would autorun too??

And exactly what all can I do with my botnet?? Like wpa cracking but how??

9 Responses

i don't know much about botnets, but there are generally 2 things you can do with a botnet: DDoS attacks and password cracking.

since you have only 30 bots, using it to DDoS might mostly be ineffective (unless you are attacking a small host or a normal router.) but you could use it to speed up cracking hashes. if you have a WPA2 hash, and you divide the dictionary by 30 and put them on the 30 bots, your cracking speed will increase 30 times!

i don't mean to be rude, but you seem like you are still a little new. perhaps it's a good idea to learn other things like scripting first before trying anything like this, which could let you end up in jail (yes, even if those infected bots were owned by family members, it remains highly illegal!)


Oh even if I have consent??
I didnt do it right now but was plannin to..

But the problem is.. I dont do dictionary... how can I do a bruteforce... I cant find about it...

And yea im still new and im learning all possible... many series are half so it takes the interest out sometimes... but its great overall ;);)

Bruteforce is useful with 8 sign passwords (min pass length in WPA2). Bruteforcing 10 digit password mixedalphanumeric will take years. Even on clusters with a hundreds of teraflops per second. So I suggest you to create some custom dictionary with JTR permutations. When you have that, try to divide it and use on all boxes. If you seriously want to bruteforce - try to create wordlist (yeah, bruteforce-wordlist hah) with all possible combinations and split it. Use on multiple boxes. The fastest method of cracking hashes is to use GPU power. So if your small botnet has multiple Nvidia you can use CUDA verion of hashcat - oclshashcat. Then you can run brute force or dictionary. I suggest you to grab crackstation dictionary, add some custom "templates" in JTR and then run in on Oclhashcat. If you do not succed, try to pwn client, by fake ap. Then you can grab stored WPA2.

you MUST do dictionary first! Brute force is A LAST RESORT!! brute force is if you have tried everything (dictionary attack, social engineering...) and it all failed. only then should it be allowed to use.

Null Byte isn't the only place to learn hacking. just google around.


Well I was cracking my own wpa and I know the password is crazy hard lol.. 2 letters capital and 20 numbers... you wont find em in any dictionary..

Well so you have to make bruteforce worslist?? Oh thatll take months alone haha.. and size.. omg the size..

No, it's not obligatory. You can start hashcat with bruteforce mode, special mask (specify what digits, letters, lowercase, uppercase) and length. You can save session and then resume later. But having "botnet" I would recommend you to generate wordlist with all permutations of 8-digit long passwords and then split it on several machines to run different parts on each box. Then run some big wordlist and at the end use JTR masks to modify for example to leet and stuff like that. You can use IRC chat to moderate your botnet. Bruteforcing 22 digits length password is impossible today, so you have to use another method (SE, try to pwn box and then steal credentials from WZC or import "profile" from third-party programs). If your WPS is off, your router is pretty secure, from "air", but... still remember that some boxes can be compromised from the Internet. That allows to log in from outside.

Leaving default router password or simple by using router pwn or metasploit there is possibility to dump config of router with all passwords to router, delivered by vendor/isp, or just simply leak admin password. Then... well use your own creativity what to do next. Manipulate with firmware, DNS, add some "updates", have fun.


And one last thing.. lets say I split dictionary in 30.. id have to open each session one by one and type the commands??

Ofc not! Install netcat and write script in python, to connect and run hashcat command on all boxes one by one automatically. Just deliver (automatically too, after pointing file on your own box) handshake in cap or hccap (if hashcat/oclhashcat) and run it by simple command. This is the easiest way that comes to my mind. You can also create IRC channel and then use some popular botnets clients.

As I always mention, I am not pro, I am still learning but try to privde solutions that I'd use and I have some knowladge about, so if Pro see any mistakes, jut point them please :) .

Share Your Thoughts

  • Hot
  • Active