Botnet with problems.

firewall · Post by **firewall** » Tue Dec 14, 2004 9:16 pm

Hi,

I'm trying to do a botnet, with 2 bots I have... I've did some commands, to configure the botnet, but, when i type '.link BOT', I get an error...

My bots: Links and PHPHelp

'.whois PHPHelp' in Links:

(23:11:04) [firewall] .whois PHPHelp
(23:11:06) [Links] [22:26] #firewall# whois PHPHelp
(23:11:07) [Links] HANDLE PASS NOTES FLAGS LAST
(23:11:07) [Links] PHPHelp no 0 bf never (nowhere)
(23:11:07) [Links] BOT FLAGS: h
(23:11:07) [Links] ADDRESS: yyy.xxx.zzz.hhh(fake)
(23:11:07) [Links] users: 6977, bots: 6977
(23:11:07) [Links] HOSTS: *!PHPHelp@Ya5QjNebfio.PwVU3il3A2o-virtualife.com.br

'.whois Links' in PHPHelp:

(23:12:04) [firewall] .whois Links
(23:12:05) [PHPHelp] [22:27] #firewall# whois Links
(23:12:07) [PHPHelp] HANDLE PASS NOTES FLAGS LAST
(23:12:07) [PHPHelp] Links no 0 bf never (nowhere)
(23:12:07) [PHPHelp] BOT FLAGS: h
(23:12:07) [PHPHelp] ADDRESS: yyy.xxx.zzz.hhh(fake)
(23:12:07) [PHPHelp] users: 4445, bots: 4445
(23:12:07) [PHPHelp] HOSTS: *!Links@links.bots.virtualife

I see no problems... So, when I type '.link PHPHelp' in Links, I get it:

(23:13:20) [Links] [22:28] Linking to PHPHelp at 200.138.216.82:6977 ...
(23:13:20) [Links] *** [links] Couldn't link to PHPHelp.
(23:13:20) [Links] [22:28] Failed link to PHPHelp.

I tryed to do a botnet with others 2 bots I have, and I got the same error. I think I have to change something in the .conf file of the bots, am I right? The computer that are running these bots has IPTABLES configured... Maybe, it can be not trusting the connections among the botnet, am I right?
Is it... I hope that you understood me.

cya.

demond · Post by **demond** » Tue Dec 14, 2004 10:31 pm

what does PHPHelp's log say?

firewall · Post by **firewall** » Tue Dec 14, 2004 10:40 pm

Nothing appears in PHPHelp's partyline.
And, when I type the same command at PHPHelp, to the bot link with the bot Links, I get the same error.

demond · Post by **demond** » Tue Dec 14, 2004 11:03 pm

firewall, you have got a firewall problem

check your firewall; if you aren't admin of that machine, ask the admin

firewall · Post by **firewall** » Tue Dec 14, 2004 11:09 pm

Oh, I was thinking that my problem could be the firewall.
I will talk to the admin...
But, this problem is about tcp connections, udp connections, ctcp of irc? Do you know?

* Both are running in the same machine...

Thank u

firewall · Post by **firewall** » Fri Dec 17, 2004 12:17 pm

I'm with this problem yet

... Who may help me?

demond · Post by **demond** » Fri Dec 17, 2004 12:25 pm

what did the admin say?

demond · Post by **demond** » Fri Dec 17, 2004 1:31 pm

paste the results of .dccstat on both bots

and try to set the botaddress to localhost (you said they run on the same machine)

firewall · Post by **firewall** » Fri Dec 17, 2004 3:53 pm

I will see with de admin how is the iptables, and ask him if something can not trust the botnet...
The botnet uses the same port of the telnet port?

-
'.dccstat' in Links:
(17:43:46) [Links] [16:59] #firewall# dccstat
(17:43:46) [Links] SOCK ADDR PORT NICK HOST TYPE
(17:43:46) [Links] ---- -------- ----- --------- ----------------- ----
(17:43:46) [Links] 3 0A01010A 4445 (telnet) * lstn 4445
(17:43:46) [Links] 4 00000000 0 (dns) dns (ready)
(17:43:46) [Links] 6 D035A077 6667 (server) 208.53.160.119 serv (lag: 0)
(17:43:46) [Links] 9 C8D77DF4 1024 firewall mercedes-benz.com chat flags: cPtEp/0
-
-
'.dccstat' in PHPHelp:
(17:47:37) [PHPHelp] [17:03] #firewall# dccstat
(17:47:37) [PHPHelp] SOCK ADDR PORT NICK HOST TYPE
(17:47:37) [PHPHelp] ---- -------- ----- --------- ----------------- ----
(17:47:37) [PHPHelp] 3 0A01010A 6977 (telnet) * lstn 6977
(17:47:37) [PHPHelp] 4 00000000 0 (dns) dns (ready)
(17:47:37) [PHPHelp] 6 D035A077 6667 (server) 208.53.160.119 serv (lag: 0)
(17:47:37) [PHPHelp] 5 C8D77DF4 1027 firewall mercedes-benz.com chat flags: cPtEp/0
-

Both are in the same server and in the same machine...
But...

and try to set the botaddress to localhost (you said they run on the same machine)

I have to do it at 'set my-ip' and 'set my-hostname'? I'm a little confused

If I change this lines at .conf, the bot will not connect in the server, cuz they have an i-line at the server, and it requires that lines how they are now... Understood?

That's all.

demond · Post by **demond** » Fri Dec 17, 2004 4:16 pm

in Links: .chaddr PHPHelp 10.1.1.10:6977
in PHPHelp: .chaddr Links 10.1.1.10:4445

firewall · Post by **firewall** » Fri Dec 17, 2004 4:30 pm

Done. Than, I did .save and .rehash in both bots... Than, I got it:

(18:27:19) [PHPHelp] [17:43] Telnet connection: 10.1.1.10/42000
(18:27:19) [PHPHelp] [17:43] Timeout/EOF ident connection
(18:27:19) [PHPHelp] [17:43] Denied telnet: telnet@10.1.1.10, No Access
-
(18:28:02) [Links] [17:44] Telnet connection: 10.1.1.10/42030
(18:28:02) [Links] [17:44] Timeout/EOF ident connection
(18:28:02) [Links] [17:44] Denied telnet: telnet@10.1.1.10, No Access

Isn't better if I use 127.0.0.1 instead of 10.1.1.10?

demond · Post by **demond** » Fri Dec 17, 2004 4:41 pm

add *!telnet@10.1.1.10 to both bots' hostmasks

firewall · Post by **firewall** » Fri Dec 17, 2004 4:57 pm

Done!!!
They linked, thanks!

I added the hostamask in both and than I did .save and .rehash, and than I got:

-
(18:54:03) [PHPHelp] [18:10] Telnet connection: 10.1.1.10/42983
(18:54:03) [PHPHelp] [18:10] Timeout/EOF ident connection
(18:54:03) [PHPHelp] [18:10] Timeout/EOF ident connection
(18:54:03) [PHPHelp] [18:10] Refused telnet@10.1.1.10 (invalid handle: PHPHelp)
(18:54:03) [PHPHelp] [18:10] Lost Bot: Links
(18:54:03) [PHPHelp] [18:10] Challenging Links...
(18:54:03) [PHPHelp] [18:10] Linked to Links.
(18:54:03) [PHPHelp] *** Linked to Links
-
-
(18:54:03) [Links] [18:10] Received challenge from PHPHelp... sending response ...
(18:54:03) [Links] [18:10] Linked to PHPHelp.
(18:54:03) [Links] *** Linked to PHPHelp
-

They linked, but PHPHelp shows some problems, that I paste, how can I solve this little problems?