Support

help --bug-report

back to chat

Report a Bug

Found an issue? Help us improve by reporting it! We read every report.

Click to upload or drag & drop
PNG, JPG, GIF, WebP (Max 5MB)

Getting Started

Creating Your Account

  1. On the login page, click $ register
  2. Fill in the email and confirm password fields that appear
  3. Click $ submit registration
  4. Check your email inbox (and spam folder) for a verification link
  5. Click the verification link to activate your account
  6. Return to the login page and sign in

Starting a Conversation

  1. After logging in, click + new chat in the left sidebar
  2. Click select models in the chat header and choose exploit.bot
  3. Type your message in the input box at the bottom
  4. Press Enter or click Send to get a response
Your conversations are saved automatically. You can return to any previous chat by clicking on it in the sidebar.

About exploit.bot AI

exploit.bot is our custom AI assistant, specifically trained and optimized for:

  • Coding & Development - Write, debug, refactor, and optimize code in any language
  • Security Research - Penetration testing guidance, vulnerability analysis, CTF help
  • Technical Problem Solving - Architecture decisions, system design, debugging
  • Documentation - Write technical docs, READMEs, and explanations
Example prompts:
  • "Write a Python script to scan open ports on a network"
  • "Explain how SQL injection works and how to prevent it"
  • "Debug this code: [paste your code]"
  • "Help me set up a reverse shell for a CTF challenge"

Special Features

Extended Thinking optional

Click the brain icon 🧠 in the chat header to enable extended thinking mode.

  • The AI takes more time to "think through" complex problems
  • Considers multiple approaches before answering
  • Provides more thorough, well-reasoned responses
  • Best for complex coding problems, architecture decisions, or detailed analysis

Web Search on by default

Click the magnifying glass 🔍 to toggle web search.

  • Searches the internet in real-time for current information
  • Looks up documentation, CVEs, recent news
  • Verifies facts with live data
  • Finds recent tutorials and references

Creativity Slider adjustable

Use the 🎨 slider to control response creativity (temperature).

  • Low (0.0-0.3): More focused, deterministic responses - best for code and factual queries
  • Medium (0.4-0.7): Balanced creativity and accuracy - default setting (0.7)
  • High (0.8-1.0): More creative, varied responses - best for brainstorming and creative writing

Drag the slider left for precision, right for creativity.

These features (🧠 🔍 🎨) are only visible when the exploit.bot model is selected.

Chat Features

Code Blocks

The AI formats code with syntax highlighting. You can:

  • Copy: Click the copy button on any code block
  • Save: Save code to your Code Files for later reference

Code Files & Projects

  • Save useful code snippets from conversations
  • Organize related code files into projects
  • Access from code files and projects in the sidebar

Chat Management

  • Rename: Click on a chat title to rename it
  • Delete: Remove chats you no longer need
  • New Chat: Click + new chat to start fresh

Attack Console Overview

The Attack Console is an AI-powered interface for network stress testing. Access requires a plan with attack privileges enabled.

How to Use

  1. Click Attack Console in the sidebar (if available for your plan)
  2. Type natural language commands to start/stop attacks
  3. The AI assistant will parse your request and execute it
Example commands:
  • "Start attack on 1.2.3.4 port 80 for 60 seconds"
  • "Hit example.com:443 with UDP for 30s"
  • "Stop the attack"
  • "What's my current status?"

Plan Limits

Your plan determines:

  • Max Time: Maximum attack duration per request
  • Cooldown: Wait time between attacks
Stopping an attack early does NOT bypass the cooldown. The cooldown timer starts when your attack BEGINS, not when it ends. This prevents abuse of the stop function.

How UDP Amplification Works

UDP amplification attacks exploit the connectionless nature of UDP and services that respond with larger data than they receive.

The Amplification Principle

You (small request) --> Reflector Server --> Target (large response) 50 bytes DNS/NTP/etc 500+ bytes (10x amplification)

How Reflectors Work

  1. Spoofed Source IP: The attacker sends UDP packets with the TARGET's IP as the source address
  2. Amplification Service: The packet goes to a vulnerable service (DNS, NTP, Memcached, LDAP, etc.)
  3. Large Response: The service responds to the spoofed IP (the target) with a much larger payload
  4. Multiplication: Using many reflectors multiplies the traffic hitting the target

Common Amplification Protocols

Protocol Port Amplification Factor
DNS 53 28-54x
NTP 123 556x
Memcached 11211 10,000-51,000x
LDAP 389 46-55x
SSDP 1900 30x
CharGEN 19 358x

Why UDP?

  • Connectionless: No handshake required - packets can be sent with any source IP
  • No verification: UDP doesn't verify the sender's identity
  • Stateless: Servers respond without establishing a connection first
TCP cannot be used for reflection because the 3-way handshake requires responses to return to the actual sender, exposing spoofed IPs.

Why It's Untraceable

UDP amplification attacks are physically untraceable due to how IP header spoofing works:

  • Forged Source IP: The attacker modifies the IP header's source field to contain the victim's IP address, not their own
  • Attacker IP Never Transmitted: The attacker's real IP address is never present in any packet that leaves their network
  • Reflectors See Only Victim: The amplification servers (DNS, NTP, etc.) only see the victim's IP as the "sender" and respond accordingly
  • Victim Sees Only Reflectors: The target receives floods of traffic from legitimate public servers, not from the attacker
  • No Return Path: Since UDP is connectionless, there's no handshake or acknowledgment that would require the attacker's real IP
Packet sent by attacker: ┌─────────────────────────────────────────────┐ │ IP Header │ │ Source IP: [VICTIM'S IP] (spoofed) │ │ Destination IP: [REFLECTOR SERVER] │ │ UDP Header │ │ Payload: [Small query] │ └─────────────────────────────────────────────┘ ↓ Attacker's real IP exists NOWHERE in this packet ↓ Reflector responds to the spoofed source (victim)
Result: No server, router, or log file ever contains the attacker's true IP address. The attack origin is technologically impossible to trace back through conventional means.

Attack Flow Diagram

┌──────────────┐ 1. Spoofed UDP packets ┌─────────────────┐ │ Attacker │ ─────────────────────────────▶ │ Reflector 1 │ │ │ (src IP = target's IP) │ (DNS Server) │ └──────────────┘ └────────┬────────┘ │ │ 2. Large response │ sent to target ▼ ┌─────────────────┐ Same process with │ │ many reflectors │ TARGET │ │ │ │ ▼ └─────────────────┘ ┌──────────────┐ ▲ │ Attacker │ ─────▶ Reflector 2 ──────────────────────┤ │ │ ─────▶ Reflector 3 ──────────────────────┤ │ │ ─────▶ Reflector N ──────────────────────┘ └──────────────┘

The target receives amplified traffic from many reflectors, overwhelming its bandwidth or processing capacity.

Understanding Tokens

What Are Tokens?

Tokens are the "units" that AI models use to measure text. Think of them as pieces of words:

  • Short common words = 1 token (e.g., "the", "is", "a")
  • Longer words = 2-3 tokens (e.g., "programming" = 2 tokens)
  • Code and special characters may use more tokens
Rough estimates:
  • 1 token ~ 4 characters or 0.75 words
  • 100 tokens ~ 75 words
  • 1,000 tokens ~ 750 words (about 1.5 pages)

How Token Usage Works

  • Input tokens: Your message + conversation history
  • Output tokens: The AI's response
  • Total usage: Input + Output tokens counted against your plan
Longer conversations use more tokens because the AI reads the entire chat history to understand context.

Usage Plans

Each account has a token limit. Usage is tracked over a rolling 5-hour window with weekly resets.

Plan 5-Hour Limit
Free 2,000 tokens
Beta Testers 8,000 tokens
Pro 100,000 tokens
Unlimited No limit

Context Window

The "context window" is like the AI's short-term memory - it's how much text the AI can "see" during a conversation.

  • If your chat gets very long, the AI may lose context from earlier messages
  • Start a new chat for unrelated topics
  • Share only relevant code snippets rather than entire files

Contact admin@exploit.bot for plan upgrades.

Tips for Best Results

Writing Good Prompts

  • Be specific: "Write a Python function to validate email addresses using regex" is better than "help with email"
  • Provide context: Tell the AI what you're trying to accomplish
  • Include examples: Show sample input/output if relevant
  • Specify constraints: Language, framework, style preferences

When to Use Features

  • Extended Thinking: Complex algorithms, architecture decisions, detailed analysis
  • Web Search: Current CVEs, recent documentation, news, tutorials
  • New Chat: When switching to an unrelated topic

Troubleshooting

  • AI seems confused: Start a new chat or re-state your question clearly
  • Response cut off: Ask the AI to "continue" or "finish the code"
  • Wrong language/framework: Specify what you want in your prompt
  • Token limit reached: Wait for the 5-hour window to pass or contact admin

Need More Help?

Contact the admin team:

admin@exploit.bot

Join our community:

Last updated: December 2025