Command 1: --------- Request status. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x1 (cmd. #) | -4096, -4095 +---------------+---------------+ Response: Command 2: --------- Initialize communication parameters. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x2 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Response mode | IP1 | -4094, -4093 +---------------+---------------+ 4 | IP1 | IP1 | -4092, -4091 +---------------+---------------+ 6 | IP1 | IP2 | -4090 +---------------+---------------+ 8 | IP2 | IP2 | +---------------+---------------+ 10 | IP2 | IP3 | +---------------+---------------+ . . . +---------------+---------------+ 38 | IP9 | IP10 | +---------------+---------------+ 40 | IP10 | IP10 | +---------------+---------------+ 42 | IP10 | | +---------------+---------------+ Response Mode: 0: Send responses to provided IP address 1: Send responses to 10 random IPs 2: Send responses to the provided IP as well as 9 random IPs Command 3: --------- Execute remote command and send back results (stderr and stdout.) 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x3 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Command | Command | -4094, -4093 +---------------+---------------+ 4 | Command | Command | -4092, -4091 +---------------+---------------+ 6 | Command | Command | -4090 +---------------+---------------+ 8 | Command | Command | +---------------+---------------+ 10 | Command | Command | +---------------+---------------+ . . . +---------------+---------------+ 38 | Command | Command | +---------------+---------------+ 40 | Command | Command | +---------------+---------------+ 42 | Command | | +---------------+---------------+ Response: Command 4: --------- DNS DoS. Similar to command 9. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x4 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Victim IP | Victim IP | -4094, -4093 +---------------+---------------+ 4 | Victim IP | Victim IP | -4092, -4091 +---------------+---------------+ 6 | Src. port hi | Src. port lo | -4090 +---------------+---------------+ 8 | Use hostname | Hostname | +---------------+---------------+ 10 | Hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None. Command 5: --------- UDP or ICMP echo flood. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x5 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | 0:UDP, 1:ICMP | Dst. port | -4094, -4093 +---------------+---------------+ 4 | dst1 | dst2 | -4092, -4091 +---------------+---------------+ 6 | dst3 | dst4 | -4090 +---------------+---------------+ 8 | src1 | src2 | +---------------+---------------+ 10 | src3 | src4 | +---------------+---------------+ 12 | Use hostname | Hostname | +---------------+---------------+ 14 | Hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None. Command 6: --------- Open remote shell on TCP port 61786. Password is "SeNiF". Use netcat to connect. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x6 (cmd. #) | -4096, -4095 +---------------+---------------+ Response: None. Command 7: --------- Execute remote command (don not send back results.) 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x7 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Command | Command | -4094, -4093 +---------------+---------------+ 4 | Command | Command | -4092, -4091 +---------------+---------------+ 6 | Command | Command | -4090 +---------------+---------------+ 8 | Command | Command | +---------------+---------------+ 10 | Command | Command | +---------------+---------------+ . . . +---------------+---------------+ 38 | Command | Command | +---------------+---------------+ 40 | Command | Command | +---------------+---------------+ 42 | Command | | +---------------+---------------+ Response: None. Command 8: --------- Kill task currently executing. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x8 (cmd. #) | -4096, -4095 +---------------+---------------+ Response: None. Command 9: --------- DNS DoS. Similar to command 4. 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0x4 (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Victim IP | Victim IP | -4094, -4093 +---------------+---------------+ 4 | Victim IP | Victim IP | -4092, -4091 +---------------+---------------+ 6 | Src. port hi | Src. port lo | -4090 +---------------+---------------+ 8 | Num. of times | Use hostname | +---------------+---------------+ 10 | Hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None. Command 10: ---------- TCP SYN flood 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0xa (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Victim IP | Victim IP | -4094, -4093 +---------------+---------------+ 4 | Victim IP | Victim IP | -4092, -4091 +---------------+---------------+ 6 | Dst. port hi | Dst. port lo | -4090 +---------------+---------------+ 8 | use_real_ip | Src. IP | +---------------+---------------+ 10 | Src. IP | Src. IP | +---------------+---------------+ 12 | Src. IP | Delay | +---------------+---------------+ 14 | use_hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None. Command 11: ---------- TCP SYN flood with delay 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0xb (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | Victim IP | Victim IP | -4094, -4093 +---------------+---------------+ 4 | Victim IP | Victim IP | -4092, -4091 +---------------+---------------+ 6 | Dst. port hi | Dst. port lo | -4090 +---------------+---------------+ 8 | use_real_ip | Src. IP | +---------------+---------------+ 10 | Src. IP | Src. IP | +---------------+---------------+ 12 | Src. IP | Delay | +---------------+---------------+ 14 | use_hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None. Command 12: ---------- DNS DoS specifying server 1 1 1 1 1 1 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 +---------------+---------------+ | 0x2 | No used | (Bytes 0 and 1 of IP data - not encoded) +---------------+---------------+ 0 | Not used | 0xc (cmd. #) | -4096, -4095 +---------------+---------------+ 2 | DNS server | DNS server | -4094, -4093 +---------------+---------------+ 4 | DNS server | DNS server | -4092, -4091 +---------------+---------------+ 6 | Victim IP | Victim IP | -4090 +---------------+---------------+ 8 | Victim IP | Victim IP | +---------------+---------------+ 10 | num. of times | Src. port hi | +---------------+---------------+ 12 | Src. port lo | use_hostname | +---------------+---------------+ 14 | Hostname | Hostname | +---------------+---------------+ . . . +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | Hostname | +---------------+---------------+ xx | Hostname | '\0' | +---------------+---------------+ Response: None.