How to build your own botnet in less than 15 minutes

How to build your own botnet in less than 15 minutes

How to build your own botnet

Today on How to build your own botnet in less than 15 minutes-

Firstly Step 1: Find a builder kit (3 minutes)
Using a combination of search terms, you can usually find a link to a version of a popular builder kit in 3 minutes or less. Our chosen kit was originally an underground – yet commercial – product based on the ZeuS code, and originally cost $600 for a hardcoded command-and-control (CnC) server and $1,800 for an unlimited builder license. But considering that you’re building a botnet to steal massive amounts of sensitive data, we’ll assume that you have no qualms about using a pirated copy.
Our bot has the following core components:

  • A settings.txt file for configuring the CnC callback channel
  • The Full_builder.exe file for compiling the bot payload
  • CnC host files. This is a PHP-based website used for reporting and CnC functions
  • bot-bc.exe. This process allows your malware to back-connect through the Socket Secure (SOCKS) protocol for remotely controlling compromised machines


Figure 1: The builder kit’s settings.txt file

Figure 1 shows the settings.txt file, highlighting a number of options. The “URL Masks†section lets you specify certain actions if the user of the compromised machine visits a website whose URL matches a given text string. These URLs can be anything you want. In Figure 1, the URL masks include and OWA (Outlook Web access, for gaining control of the target’s corporate email account).

The “URL Masks†options enable any of the following when the user visits any of the sites defined in the URL Masks section:


  • N — does not write data in reports
  • S — make a screenshot with mouse clicks on the page area
  • C — preserve all cookies associated with that site and block access to it
  • B — block access to the site

The injects.txt file highlighted in Figure 1 is arguably the killer feature of the Zeus family of bots. Essentially, the “injects†capability lets you interact with any site that the compromised machine accesses. Because it works on the infected user’s machine directly, the feature renders meaningless security features on those sites, such as two-factor authentication and SSL/TLS encryption. Forget man-in-the-middle attacks — this is an “man-at-the-keyboard†attack!


Figure 2: Example use-cases of the “Injects” functionality

In Example 1, the contents of the account overview section are uploaded to the CnC server whenever the compromised host goes to a URL containing “*/webscr?cmd=_login-done*.†With this handy report of users’ account balances, you can focus on targeting those with the most money in their accounts.

Furthermore, in Example 2, a “Big Bank Corp” site viewed by a compromised system would show an additional field on the password page asking for user’s “ATM PIN.†Because your grafted-in field is designed in the same style as the standard page, it looks like it belongs there. Sensing nothing amiss, many computer users would not hesitate to enter this information — which is immediately sent to you, the attacker.

Those are only two examples. As a botnet owner, you could create all sorts of targeted injects files to steal new and useful information. If that’s too much work, you can download ready-to-use injects definitions that serve as recipe books of sorts for specific attacks. Need to target end-users in France? Simply download the French Banks injects pack containing recipes for the purely illustrative and imaginary “La Banque Centrale†or “Crédit Françaisâ€, among others.
Step 2: Build your payload (5 minutes)
Once your injects file is ready, open the easy-to-use GUI interface to build the executable malware file (see Figure 3).
Lastly, you’ll need two pieces of information to build the malware:


  • Firstly The URL to your setting.txt file (you’ll store the file on your CnC server so you can change it at will)
  • Then A symmetric-key encryption key to embed in the payload, so that it can communicate securely with your CnC server. This key can be any string of characters


Figure 3: The builder GUI for compiling the malware payload

After you have compiled the malware, you’ll run your executable through a file compressor or obfuscator, also known as a packer or a crypter. Originally designed to reduce the file size of an executable file, these packers have the added benefit of disguising files when scanned by anti-virus software. For this example, I have used popular compressors which this example I have called packers “A” to “C”.
Furthermore to see whether the compressed files are sufficiently camouflaged, you’ll submit your files to VirusTotal, a free site that scans uploaded files using a number of anti-virus engines. “(Note: if you were a real cybercriminal, you’d probably choose a different virus-scanning site such as Scan4You, Chk4Me, or ElementScanner. VirusTotal shares its scanning results with anyone — including IT security companies — which could.

Lastly, That’s all on How to build your own botnet in less than 15 minutes

Payment is Upfront, Our services are not free


Contact us for support. We sell fresh ATM Hacking, Paypal/Cashapp accounts & Transfers, Dumps with Pin, Western Union Transfers, ATM Skimmers, Bank logins, and lots more

We have other services like bank transfers to any bank account. We have helped change the lives of people from different continents in South America and across Europe. We can Card anytime for you and ship for half the price, Carding iPhone, Botnet setup service, Carding Classes where you will learn everything that will help you make money

Get Sameday Money Transfer Service From Our Professional Hackers

Leave a Reply