Introducing BYOB (Build Your Own Botnet)

reverseshell
backdoor
botnet
encryption
python

(Daniel Vega Myhre) #1

https://github.com/colental/byob

Built this to teach myself Python. Any thoughts?


(Community & PR manager) #2

I already met the project thanks to this guy on twitter, he doesn’t think highly of it. But hey, look at this way: bad publicity is still publicity :stuck_out_tongue:. And he has been put in his place by various commenters, so you got that going for you.

But seriously, good job man!


(Community & PR manager) #3

BTW, is it possible for us to also make our own modules for this thing?


(Daniel Vega Myhre) #4

Yeah I saw that - MalwareTech also tweeted about the project and he has 127k followers! My jaw was on the floor. He was critical of the quality of my code but the fact that someone of his stature would take notice of it and actually find it to be worth discussing + critiquing is crazy to me.

Thanks for the response and any feedback is always welcome, I’m still learning so I appreciate it!


(Daniel Vega Myhre) #5

Yep, you definitely can write your own modules - just add them to the ./byob/modules/ directory and your modules can be remotely loaded into memory and directly imported into the currently running process, without writing anything to the disk!


(Command-Line Ninja) #6

I spoke about my thoughts on this project on twitter and I disagree with what a lot of people are saying.

Learning this kind of thing is really useful to understanding how a C2 works. This is the entire thing of offensive security.

Good job dude! This could even be used for engagements to demonstrate and test the impact of a potential botnet. Red Team simulations are everything to some top companies.

I must say, I’ve read through the code and it looks pretty good man. You’ve used sensible function names, you’ve used functions, and you’ve used classes. All that stuff is good coding practice. I’ve seen a lot worse code in my time. Don’t listen to those tryna knock the hustle.

Keep it up, man! You should check out IRC too. webchat.0x00sec.org / irc.0x00sec.org:6697+, we’d all love to chat with you about it and ethics and stuff.


(Command-Line Ninja) #7

In fact mate @colental, you should definitely do a write-up here on your tool. How to use it and how you’ve designed it.

That would be amazing.


(707) #8

Damn dude… this is cool. Nice share. As pry0cc suggested, please do a write up. That would be awesome!


(Guess, there's a solution I'm not seeing.) #9

Really nice tool! Can’t wait to look over and play with it!
Besides that I totally agree with @pry0cc. A write up would be phenomenal! Especially, I would like to read more about your design and development process (e.g. what was your initial idea, how has it changed during development, what kind of problems did you encountered etc.).


(Daniel Vega Myhre) #10

Thanks man, I can’t tell you how much I appreciate you taking the time to look over the code and share your thoughts on it.

I will definitely do a write up on how to use the tool and how I’ve designed it (and I’ll check out IRC today too)!


(Daniel Vega Myhre) #11

Awesome, thanks! I’m getting started on a write-up right now - hope to hear your thoughts on it after I post it!


(Daniel Vega Myhre) #12

Glad to hear you’re interested in it man - I’m getting started on a write-up now!


(Sergeant Sploit) #13

I’ll prolly read through your code and merge ZeroSpy with it. Good job and forget the haters.

#Sergeant


#14

Awesome project man, looking forward to reading your writeup! But what’s the reason you went for python2 instead of 3?


#15

Same here. Actually, I was pretty surprised when I saw that this project belongs to someone from 0x00sec. I’ll check the source code as soon as I can. Thanks for such a great project.


(Daniel Vega Myhre) #16

Good question - support for python3 may be implemented in the future, and my reasoning for choosing python2 may be flawed, so please let me know if I have over-looked something.

One goal I had for this project was for it to “just work” without needing to install/configure anything - so basically the decision came down to the fact that, to the best of my knowledge, python2 is installed by default on Linux & macOS, where as python3 is not installed by default on any major platform that I’m aware of.


(MNG) #17

Well Done bro , I’ve made my own botnet long time ago and after reading your source code i think you really made it well .
it would be fun to work with you bro just tell me if u need any help .


#18

Well to my knowledge it’s installed on all major distros. Guess the exception is RHEL/CentOS and a lot of servers run that. So you have definitely made the right decision. Great work!


(fxbg) #19

reminds me of the early 00’s when ryan1918 was around, we had pretty much huge chunks of ‘plug n play’ type code that noobs were just slapping together and running. (he was arrested btw, and the scene moved on)

I think a project like this should help move security forward, it may not be the “pc” way of doing it, but as we all know the best way to get something fixed is to break it and show people it’s broken.

i like it. (but i dont like your haircut lol)