More Decompile – Nuclear DDoSer

Seeing as it is the weekend, and I had promised this, here goes nothing… Yesterday you saw my decompile of the lame HTTP Flooder – see HERE – and today, I have decompiled Nuclear DDoSer.

I previously wrote about “Nuclear DDoSer” HERE , comparing it to the SlowLoris and Slowpost tools.

This thing, as a point of interest, operates in a similar way to how I theorize “XerXes” works, and with some modification and improvement could actually do a considerable amount of damage.

SO I will not be bothering making those improvements.

Go get it here…
http://insecurety.net/Downloads/NUCLEAR_DOS_DECOMPILE.tar.gz

MD5: c8248c60b438fe544c7dfdd847f53692
SHA1: c3757099dead3a3f7656c33a49072a8126174929

AS always, we decompile and release this stuff so you don’t have to, for purely educational purposes, and to satisfy our sense of schadenfreud toward the skidiots out there. “We do not like them very much”.

3 thoughts on “More Decompile – Nuclear DDoSer

  1. Pingback: [REQUEST] *.net Skidware to fuck with

  2. What is the purpose of the HDD class? It looks like it looks like it populates the HardDriveInfo model with the serial number, model and type of hard drive; and encrypts/decrypts this information. Does it have something to due with linusofts.net, perhaps using stored hard drive info as a key to authenticate and use linusofts’ bots?

    In fact it seems like there is a large amount of seemingly unnecessary encryption code, for a DoS program.

    • Well the version I got was called “cracked” version, so I assumed the extra random code is to do with some kind of licence key checker that was patched over somewhere. That LOOKS like HWID system code to auth to some kind of licence management.

      What makes the software interesting to me is how, for a skiddy tool, it actually does something interesting – correctly implementing Slowloris/slowpost over SOCKS, with rapidly changing proxy so the attack “looks” like a DDoS of some kind, masking the attacker.

      Oh, and some of the crypto is doubltlessly because it seems to allow attacking of SSL.

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>