
A Simple, Timed Distributed Attack Kit

Author denies all responsibility. This is Beta, and there will - if my sanity is
well, be no more updates and no technical support - ie, NOT FOR USE. I was curious
at how easy it would be to write a timed distributed attack tool for the Windows
platform. Timed - because of the dynamic IP's - distributed, because, hell, read
the papers at http://packetstorm.securify.com. I realize that many people have
picked up hundreds of Windows systems merely by putting a subseven or a bo2k in
with a warez game, etc. And, I wanted to express this concept... because someone
else has probably already thought of it. Or, they will.


Forward:

Okay, so you have a thousand windows 98 and NT systems from sending a post
to the 150 pedophile newsgroups, and you wondering, "What can I do today?"

Here's what you can do: you can set the following files on their systems,
and on a certain date, at a certain time - the target of your choice will
be bombarded with your killer flood from all of your infected targets.

Some might say, "Hey, like a terrorist bomb, but no one get's hurt!" Actually,
THAT is NOT the case. You could potentially harm the global economy with
something like that, and that may hurt a lot of rich people, but the poor
will be hit the hardest. 

So... this is merely "concept code". Quickly written, sloppy, portions of it
are not so tested... and it could be done better as a single application.

First step on Windows NT and 95/98 systems: Change the default host 
in the file 'funtime.txt' to "www.microsoft.com" to your target, 
ie "www.mcavee.com" or "www.nai.com" or "www.cubanministryofdefense.com"
or "www.antionline.com"... you get the picture.

Second Step on both versions: change timer98.bat or timerNT.bat, respectively
to the time you want for the attack to commence.

Usage for Window 95/98 target hosts:

Upload all of the files except 'funtimeNT.hta' to Windows\System32 directory
and run funtime95.hta. Then, run like hell.

Usage for Windows NT system target hosts:

Do the same as for Windows 95/98 targethosts, except - surprise, surprise - 
upload funtimeNT.hta and timerNT.bat.


Technical Details:

What concerned me most in this was expressing my, "GAWF!", when reading about
the Unix threat in the Distributed Attack Scenario. I didn't want to spend
all week working on some sweet app... though, I started to. 

The HTA file makes a runonce reg entry so that it is run on startup. On
the target date, for NT, it will run an AT command which instructs it to run
- someone else's app called bmb2.exe ported by G0tMilk coded by? - with
the given target and port (port 12 used as an for instance). On Windows  95/98
likewise is this done, only a choice with a 60 second pause is run in a loop,
constantly watching the clock.

The reason these files are run through the hta document is because of the wsh
command will run them and their children invisibly... so, except for some
process usage, and despite them being console programs, they are run invisible
to the naked eye.

The Pull (aka, OsioniusX) 