- Detail Coded in Delphi XE2 (Pascal)
- Detail DLLs relocate themself
- Detail Uses custom CRC32 API loader
- Detail Uses BeaEngine Disassembler for x86 and x64
- Detail Uses named pipes for inter-process communication
- Detail Multpiple layers of encryption and compression
- Detail Global Ring 3 rootkit
- Detail No own process
- Detail Fully Unicode
- Detail No dependencies (Only standard system DLLs)
- Detail Multiple Anti-Debug methods
- Detail Unique Server->Bot traffic encryption
- Detail Anti bot installation
- Feature Internet Explorer Formgrabber
- Feature Mozilla FireFox Formgrabber
- Feature Google Chrome Formgrabber
- Feature SPDY Grabbing
- Feature FTP and POP3 Grabber
- Feature SlowLoris DDOS
- Feature SlowPost DDOS
- Feature GET Flood
- Feature UDP DDOS
- Feature Update and Download System
- Feature MD5 Verified Update and Download System
- Feature Reverse Socks 5
- Feature Browse URL (Visible)
- Feature Browse URL (Hidden)
These screenshots are screenshots of the actual webpanel of Solar
November 15th Update
After posponing sales for some weeks, the November 15th update is finally out and sales are resumed. The bot is recoded from the ground up in Delphi XE2, the structure of the binary changed and a lot of improvement has been made. The bot should be a lot faster and more stable. Existing customers can just download their binary in the 'Download' section, because just like with other updates, all binaries on the site are updated automatically with each update.
Released on November 22th, 2013
- New Plugin system done for Delphi XE2 version!
Released on November 15th, 2013
- New Recoded in Delphi XE2
- New Modular Base (Encrypted DLL's)
- Fix Uninstall bug when using SlowLoris
- New Faster and more Efficient
- New Registry Startup Method
- Fix Bug in parsing PE32 header with MD5 download
- Fix Main semaphore checking bug
- New Startup Persistance
- Fix Small Memory Leak
- New Registry Rootkit
- Fix Two handle leaks
- New Improved compatibility with crypters
- New More use of native functions
- New Random Pipe Name (for IPC)
- Fix Restricted blacklist to 50
- New No delay in log upload
- Fix Main process bug (x86 Main on x64)
Released on October 21th, 2013
- New Formgrab Filter (for own host)
Released on October 10th, 2013
- Fix Uninstall bug (due to decentralised main process)
Released on October 4th, 2013
- Fix Google Chrome Crash Bug (since previous version)
Released on October 3rd, 2013
- New Decentralized main process instead of static
- New Watchdog for processes
- Fix Small handle leak
Released on September 30th, 2013
- New The bot now uses a semi-random filename
- New Bot uses more Native API instead of normal API
- New Coded alternatives for some APIs
- Fix Fixed a parsing bug in the connection loop
- New Plugin directory has a random name
- Fix Plugin directory is now hidden by the rootkit
Released on September 10th, 2013
- New Download and Inject a RC4 encrypted binary (with MD5 verification)
- Fix Exception handler
Released on August 29th, 2013
- New Plugin System (see plugin SDK)
- New MessageBox Plugin Example
- New Get AntiVirus Name Plugin Example
- Fix Random process crash after uninstall
- New Get Computer Info Plugin Example
- New Steal BitCoin Wallet Plugin Example
- Fix Random FTP & POP3 grab error
Released on August 12th, 2013
- New Clientside Formgrabber Blacklisting
- Fix Added better FTP/POP3 account filter
- New Database export as .csv
- New View logs by clicking the dialog
- Fix Panel layout update
Released on July 29th, 2013
- New Trusteer Rapport Bypass (Internet Explorer, Chrome and FireFox)
Released on July 18th, 2013
- New NtResumeThread hook update (Injection via context manipulation)
Released on July 10th, 2013
- New Windows 8 support (Desktop)
- Fix Named pipes security improvement
- Fix Suspended domain fix
Released on July 5th, 2013
- Fix Firefox version 22.0 support (Firefox doesn't use NSPR4 anymore)
Released on July 1st, 2013
- New Solar Remover Released
- New Multiple Domain Support (Backup Domains)
- Fix Protection Updated (64-bit)
Released on June 25th, 2013
- New MD5 Verification for downloads
- Fix Changed parsing in the main loop
- New MD5 Verification for updates
- New Dynamic knock time
Released on June 21th, 2013
- New Visit URL on bot (visible)
- New Visit URL on bot (hidden)
- Fix Bot is now easier to crypt
Released on June 14th, 2013
- New SPDY support for all browsers
- New Reverse Socks 5 Proxy
- Fix Critical section bug in FireFox
Frequently asked questions
Q. What is the price of Solar? Can I get a discount?
Solar is only $200 and there will be no discount given, even if you don't want certain functions
Q. What are the payment methods?
The only payment method is Bitcoin. Other payment methods are not accepted.
Q. I like the program, where can I buy it?
To buy Solar, you can use the 'Buy' section on this website.
Q. I want to make a donation!
Donations are always welcome! You can send them to 1P8odUASoR3q9UaWAF5ASZivwSTtwe9uQ1.
Q. What language is Solar programmed in and does it have dependencies?
Solar is coded in Delphi XE2. Solar does not have dependencies other than the normal system DLL's that are on every system; I.E. it does not rely on the VB6 runtime or the .NET runtime.
Q. Is Solar Fully Undetected when I purchase it?
No, Solar is not FUD when you purchase it. Also I do not sell crypters to make it FUD, because I want to spend time on improving the bot, not making it FUD.
Q. Can Solar be installed with another bot on the same system?
Just like any bot with a Ring 3 rootkit, Solar could conflict with other bots that have Ring 3 Rootkits. So if you want to update from another bot, don't use download & execute, but install.
Q. What crypter can I use for Solar?
All crypters that are based on uExecFromMem and RunPE should in theory work if not injected into an other binary. Solar does use TLS for some reasons, so make sure the crypter supports that. If you have a crypter and you want to know if it supports Solar, contact me on Jabber
Q. Can you add a function for me?
I am not your personal coder and will thus not implement any function that you want, but I'm always open for suggestions and improvements and if there are more people asking about the same function, I might add it.
Q. How do I install the panel and use the commands?
To install the panel and use the commands, please read the Manual
If you have a question that is not listed here, add me on Jabber and I will respond to your answer.
Download Web Panel
To use Solar, you need to install the Web Panel first. Please install the Web Panel before you contact me on Jabber as this will both save us time. You can download the panel from Here
Download Extra Gate
If you don't have backup hosts, you might want to install seperate gates on compromised hosts or free hosts to prevent your main domain from being shut down. This gate requires no MYSQL, no setup or anything, just the URL to your main domain to forward the bots to. You can download the gate Here
Download Plugin SDK
If you want to develop Plugins for Solar, you will need the plugin SDK. The plugin SDK got a tool to convert your x86 and x64 DLLs to a working Solar plugin. Be sure to read the Plugins page on how to use and develop plugins. The Plugin SDK also contains four different example source codes of various plugins from a simple MessageBox to a Bitcoin Wallet Stealer. You can download the Plugin SDK Here
Download Solar Binary
Here you can download the Reverse Proxy Client and your Binary. To do this, you need to fill in the unique username and password that you got when you purchased Solar.
If your domain is banned, blacklisted, or your hosting is suspended, you can get a rebuild. To request a rebuild, do not ask me on Jabber, but use the form on the bottom of this page. You need to fill in your username and password, the reason why you need a rebuild and the new config you want in your rebuild. The config should be in this format. If you do not use this format, you won't get a rebuild. As soon as you click the 'Request' button, the information will be saved and a unique ticket number will be provided. To see if your new rebuild is ready and uploaded on the server, check the ticket section to see if your ticket is listed. If the ticket is in the list, you can download your new build.
Fill in your username and password from this site, along with the reason you need a rebuild and the new config for your build.
If you requested a rebuild, you have received a unique ticket number. If your ticket is in the list below, you can download your updated binary.
Check panel installation
On this page you can check if your panel installation was successfull. Just fill in the full path to your Solar directory (including http://) and press 'Check'. A binary on this server will try to connect to your server and fill in a couple of test bots and sample formgrabs. If you can see the bots and logs in your panel, the panel was installed successfully.
If you have any questions, please first consult the Questions section. If you contact me with a question that is on that list, I will not respond. If your question is not listed on the Frequently Asked Questions list, feel free to contact me on Jabber.
Buying The Source Code
The source code of Solar is not for sale, but everything has it's price. If you want to make a serious offer, add me on Jabber.
Installing the panel
To install the panel, you will first have to edit config.php. In the config.php you will have to edit the following items:
After filling in these fields, you can upload the panel to your host and go to the Login Page. If you everything is done like stated before, the tables are automatically installed in the database and the panel is installed.
When you have bots on your panel, you want to start using commands. To issue commands, you go to the Commands Page. On the left side you can see a widget with a dropdown list. In the dropdown list you can see which commands Solar supports. Every command needs a parameter, which will be explained later. The limit box is for specifying how many bots that should execute your command (0 = unlimited) and with the GUID box you can specify one unique bot to execute the command by inserting it's GUID.
Every commands has a different parameter. All commands are listed below and if you hover over the commands, the parameters and explanation will be shown.
Down & Exec
Down & Exec MD5
Browse Url Hidden
Down & Exec MD5 RC4
Using the Reverse Socks
To use the reverse proxy, you will need to open up a port if you are behind a router. First open up the reverse proxy client and press ‘Listen’. The client will now listen on the default ports 8080 and 8081. Now that you have the client listening, you will need to check if you have your port open. You can check that on CanYouSeeMe.org. If it does not tell you that it had success seeing your service on port 8080, your ports are not forwarded and you will need to do that before being able to use the reverse proxy. If canyouseeme.org tells it can see your service, you are ready to go. Go to the command tab on your panel and use the reverse socks command to get a connection. Don't forget that you need to fill in your IP address with port 8080, limit 1 and the GUID of the bot which’ IP you want. After that, the bot will connect to you and you can use the reverse socks 5 proxy on 127.0.0.1:8081.
What is a plugin system
The plugin system is a system which makes it possible to add features to Solar without having the actual code. The plugin system can be used to add specific features developed by third party developers to increase the functionality of the bot.
How the plugin system works
As Solar is a x86 and x64 bot, the plugins should also be x86 and x64. To solve this, there is a Plugin Creator that can bind x86 and x64 DLLs to form a plugin. Plugins can be added on the web panel and the bots will download and install them clientside. To prevent a bandwidth flood for your server, the plugins are cached on the computer and thus will be downloaded only once which is favourable for your server's bandwidth. Even when the bot is updated, the plugins will still be cached on disk and ready to use by the new updated bot. Also, the plugins will never touch the disk unencrypted and they are encrypted with a random password unique to each bot, to prevent AntiVirus companies to detect the plugins. To remove the plugins, you can use a special command on the panel.
To use plugins, be sure to update your bots and panel to the version of 29th of August 2013. If you have updated the panel, go to the plugins Tab on the web panel. To install a plugin, it is crucial to fill in the correct plugin name that is used to identify the plugin, because this name is used by the bot to check if it already has cached the plugin. Also, the direct URL to the plugin file has to be provided, so the bot can download the plugin if it hasn't got the cached plugin on the disk.
To create plugins, you will need programming knowledge and know how to compile and create DLLs with exports. Solar Plugins are no more than binded x86 and x64 DLLs prepended with a small header. To bind the x86 and x64 DLLs and prepend the header, there is a tool in the plugin SDK that is called Creator (the Delphi XE2 Source of the Creator is also in the SDK). In the 'Creator' tool you can also specify if the plugin should be loaded inside all processes, or only in the main process. This manual's screenshots are for Delphi programmers, but plugins can be written in any programming language (C++, Masm, Fasm, Delphi XE, ..)To create a plugin, your DLL project needs to have at least two exports, called 'PluginStart' and 'PluginStop'. These exports are called upon loading/unloading your plugin. Make sure you do all initialization in 'PluginStart' and make sure all threads and objects are destroyed in 'PluginStop' to prevent data leaks and crashes.The exports 'PluginStart' and 'PluginStop' are called with a parameter, which is a pointer to a structure containing some usefull information and functions.
To make your life a bit easier, four sample projects have been included inside the plugin SDK ('MessageBox', 'ComputerInfo', 'GetAntiVirus' and 'WalletSteal').
To buy Solar, fill in your information in the order form below, along with the configuration of the bot. The configuration should be in this format. After submitting the form, you will be redirected to the payment page. If a payment has been made, but your configuration is invalid, the money will be resent to the bitcoin address you filled in. If your order is processed and the payment has arrived, you will receive an email with your account details of the website.Please make sure all your information is correct to avoid errors.