API tools faq
paste
Advertisement
FluxTheGreat

Bashlite (Qbot) Debunk

FluxTheGreat
Aug 9th, 2017
240
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.65 KB | None | 0 0
raw download clone embed print report
  1. [BotMaster]
  2. \
  3. \
  4. ----
  5. | |
  6. | | [Botnet Server]
  7. ----
  8. \
  9. \
  10. ----|
  11. |
  12. [Bot]----[Bot]----[Bot]
  13. | P2P NETWORK
  14. |
  15. [Bot]----[Bot]----[Bot]
  16.  
  17.  
  18.  
  19. Username: Flux
  20. Password: *******
  21. Loading Banner
  22.  
  23. `7MMF' `7MMF' `7MM OO
  24. MM MM MM 88
  25. MM MM ,6"Yb. ,p6"bo MM ,MP'.gP"Ya `7Mb,od8 ||
  26. MMmmmmmmMM 8) MM 6M' OO MM ;Y ,M' Yb MM' "' ||
  27. MM MM ,pm9MM 8M MM;Mm 8M"""""" MM `'
  28. MM MM 8M MM YM. , MM `Mb.YM. , MM ,,
  29. .JMML. .JMML.`Moo9^Yo.YMbmd'.JMML. YA.`Mbmmd'.JMML. db
  30. [+] Welcom Flux to the Hacker Net [+]
  31. ~> Debunk
  32.  
  33. OK so BASHLITE, or more know as qbot, is a botnet that has been used in large ddos attacks. Bashlite was originally was created by Lizard Squad. Although The Malware hasn't been recreated (I don't think), many files have been created for it. Let's talk about the malware. Now the malware would exploit a bash bug in many devices. This bug was a shellshock software bug. This allows many devices to be exploited that run a busybox. Although this exploit was the largest, many variants have been created. Over 1 million devices were infected. From research and infection graphs, 90-96% of devices were IoTs (telnet devices). About only 4-10% were routers and a small handful were Linux Servers. Although most devices were IoTs, this botnet was NOT an IoT botnet (Mirai is An IoT botnet). The bots were connected to a c&c (command and control server via p2p). These bots would communicate one by one, like a game of PASS IT ON. Now these bots are permanently connected to the c&c. If one botnet doesn't respond in the given time, the session between the bots and the servers will close, causing the bot to "die". Now let's talk about what the botnet consists of. It consists of a server side (the connection handler) and a client side(the commander, more known as the bot, not be confused with the infected devices bots). Both of these files are .c file. The client is compiled into multiple Archs (not going into detail) and the server is compiled with a gnu compiler (gcc). If I'm wrong on this article feel free to correct it. Later on I will be explaining what "attack methods" this botnet consists of. (From experience and research, I was able to put this together)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!