[C++] DomainFlux

[Zer0Flag]

I saw someone selling something like that in a forum and I thought that can***180;t be true.

DomainFlux is a way to secure a bot net , web server , HTTP rat or any other service witch could use a domain. It just generates a unique domain for each day , month , year or even hours depending on the algorithm witch is used. As an example this generated domain can be used in a bot net. The bot will connect to this domain every time he is executed and so the Master has the possibility to get his bot back if the main address ( witch isn***180;t even needed ) gets locked. Of course this is only a very simple example and easy to be reversed ( in fact all are it just takes more time if they are more complex). But I think it is easy to understand how it works ( and not worth 75$ by this guy).

Code: [Select]

// Zer0Flag @ drunken-nanomites.org
#include <Windows.h>
#include <string>
#include <time.h>

using namespace std;

string DomainFlux(string sEnd)
{
    char tmpbuf[128];
    _strdate_s(tmpbuf);
    string sDomain = (string)tmpbuf;

    for(int i = 0; i < sDomain.length(); i++)
    {
        sDomain[i] ^= 13;
        sDomain[i] += 37;
        sDomain[i] >> 42;
    }
    return sDomain + sEnd;
}
int main(int argc,char** argv)
{
    MessageBoxA(NULL,DomainFlux(".com").c_str(),"New Domain each day....",MB_OK);
    return 0;
}
~Zer0Flag

[Kulverstukas]

That code is the algorithm for DomainFlux...? or am I missing something ?

[Zer0Flag]

Well there are millions of ways how you can design such a algorithm. This one is one of the easiest and well he is easy to reverse. For example could you implement a grab of the top day news and generate something with them. So this is only a example how you could do it. I made this with a short explanation what DomainFlux is since one user wanted to sell something like that for 75$ O_o

~Zer0 

[xzid]

the one for today returned an underscore in the name, not valid for domains. The one for tommorow wasn't so bad. But would recommend something like this:

Code: [Select]

#define MAX_LABEL_NAME 63

string DomainFlux()
    {
    string prefix[] =
        { "www.", "", "ftp.", "irc.", "foo.", "bar." };

    char valid_chars[] =
        "0123456789"
        "abcdefghijklmnopqrstuvwxyz"
        "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
        "-";

    string suffix[] =
        { ".com", ".net", ".org", ".info", ".etc" };

    time_t timer; char temp[7];

    // seed random with current day/year, drop the hours/mins/secs
    time(&timer);
    strftime(temp, 7, "%j%Y", localtime(&timer));
    srand( atoi(temp) );

    string name = prefix[rand() % (sizeof(prefix) / sizeof(string))];

    for(int i = 0; i < (rand() % MAX_LABEL_NAME); i++)
        name += valid_chars[rand() % sizeof(valid_chars)];

    return name + suffix[rand() % (sizeof(suffix) / sizeof(string))];
    }


[Zer0Flag]

Yeap that was for the case somebody just wants to copy it and do shit. Its thought for peoples to understand a bit more about domainfluxx ( and worked great for some users as we see ).

~0

[ande]

Ahh, domainflux. Read about this a few years back. It does have some weak spots tho. But nice little post. Lacks a little bit of theoretical description tho.

[Huntondoom]

as far as I understand is
you take the date of say today, and if you export that in numbers
then you can use things like Encryption or algorithm to turn it into something random
then you can interpreted it as Byte and use it with stuff like Encoding.ASCII.GetString() so you can Convert into text for a Domain Name (of course you'll have to filter out a certain range of bytes since not everything is accepted).

is this how it works or am I totally wrong here XD?

[ande]

as far as I understand is
you take the date of say today, and if you export that in numbers
then you can use things like Encryption or algorithm to turn it into something random
then you can interpreted it as Byte and use it with stuff like Encoding.ASCII.GetString() so you can Convert into text for a Domain Name (of course you'll have to filter out a certain range of bytes since not everything is accepted).

is this how it works or am I totally wrong here XD?

The whole point is to generate a random, valid, non-existing domain every x time, which is also equal on all machines. So that the domain cannot be sniffed out and shut down etc.