Register
It is currently Mon Jul 28, 2014 10:26 am

Bash script Hacking Simulation


All times are UTC - 6 hours


Post new topic Reply to topic  [ 10 posts ] 
Author Message
 PostPosted: Tue Apr 08, 2008 2:32 pm   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
Hey everyone,

I've been wanting to create a bash script cracking sim game forever now. This is just a start...this is less of a game and more of a prank to make people who are watching what you are doing think you are a hardcore blackhat systems cracker. When you run the script you will get a command prompt. There are only a few commands that work right now. Type "help" at the prompt to view them. They have to be entered exactly in order to work. Feel free to add more functions to this! I think this one could be fun! let me know if you have any ideas on how to make this into an actual game.

Dex

Code:
#!/bin/bash
#lethal.sh
#a script by DeX to make anyone look like a real haxor! OMG!!1
############

#emulate the prompt
clear;

read -p "root@slax:~$ " command

while [[ $choice != 0 ]]
do
   
case $command in
    'nslookup nsa.gov') sleep 1;
    echo "Server:      204.14.141.218";
    echo "Address      204.14.141.218#53"
    echo
    echo "Non-authoritative answer:"
    echo "Name:      nsa.gov"
    echo "Address:   67.15.6.98"
    ;;
    'ping 67.15.6.98') sleep 1;
    echo "PING 67.15.6.98 (67.15.6.98) 56(84) bytes of data."
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=1 ttl=52 time=68 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=2 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=3 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=4 ttl=52 time=92 ms"
sleep 1;
    echo "--- 67.15.6.98 ping statistics ---"
    echo "4 packets transmitted, 4 received, 0% packet loss, time 334ms"
    ;;
    'nmap -sS 67.15.6.98') echo
    echo "Starting Nmap 4.53 ( http://insecure.org ) at" $(date)
sleep 4;
    echo "Interesting ports on 67.15.6.98:"
    echo "Not shown: 1712 closed ports"
    echo "PORT   STATE   SERVICE"
    echo "80/tcp   open   http"
    echo "443/tcp   open   https"
    echo "MAC Address: 00:11:25:99:17:22 (Fortress Networks)"
    echo
    echo "Nmap done: 1 IP address (1 host up) scanned in 4.399 seconds"
    ;;
    'dscan -fS 67.15.6.98:443') echo
    echo "dScan probing 1 host"
    sleep 4
    echo "https on port 443 is vulnerable!"
    echo "please run updates to correct this security problem!"
    ;;
    'metasploit -script https443.sh -i 67.15.6.98') echo
sleep 1
echo "        -module -export-dynamic   -o rlm_perl.la  "
echo "        -rpath /usr/local/lib rlm_perl.lo rlm_perl.c bradius.la"
echo "        `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv  -lpthread"
echo "metasploit framework searching for vulnerable port"
sleep 3
echo "metasploit script successfull!"
echo "run dump to view results"
    ;;
    'dump -script https443.sh -c pw -U root') echo
sleep 1
echo "root - 0xC23413A8A1E7665fAAD3B435B51404EE"
    ;;
    'hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE') echo
sleep 5
echo "password match found!"
echo "aRrf349J$"
    ;;
    'ssh -l root 67.15.6.98') echo ""
sleep 5
echo "         WARNING!"
echo "This is a Government computer system.  Any"
echo "attempts to access this system by unauthorized"
echo "persons is against the law and will be prosecuted."
echo
    ;;
    'help')
echo "Commands"
echo "nslookup nsa.gov"
echo "ping 67.15.6.98"
echo "nmap -sS 67.15.6.98"
echo "dscan -fS 67.15.6.98:443"
echo "metasploit -script https443.sh -i 67.15.6.98"
echo "dump -script https443.sh -c pw -U root"
echo "hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE"
echo "ssh -l root 67.15.6.98"
echo "clear"
echo "exit"
;;
    'clear')
clear;
;;
    'exit')
exit;
;;
    *)
echo "bash: command not found"
;;
esac

#term again

read -p "root@slax:~$ " command

done


Top
 Profile  
 PostPosted: Sat Apr 12, 2008 10:44 am   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
has anyone given this one a try? I'd love to get some suggestions with it!


Top
 Profile  
 PostPosted: Mon Apr 14, 2008 10:10 am   
Site Admin

Joined: Tue May 17, 2005 7:31 pm
Posts: 251
Location: Georgia
perhaps make it seem like the "hacked" computer's admin realized your intrusion and counter-hacked you... then shut you down... you can turn off your monitor with:
Code:
xset dpms force off


Top
 Profile  
 PostPosted: Mon May 19, 2008 10:55 pm   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
i played around with this some more and I'm finding that using bash for something like this is entirely too bulky and restricted. I'll probably try to write this in c++ to add some more realism to it. If anyone has any suggestions for features please feel free to let me know.


Top
 Profile  
 PostPosted: Thu Oct 30, 2008 12:14 am   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
well...I changed my mind again. I'm back at it, with this one. The latest version adds some cool realism. When you ssh into the nsa server, the hostname changes to nsa.gov. I've added a fake ICBM launch program that is fun to run after you are in the nsa server. I'm still figuring out some timing stuff. For example, the suggestion that jbsnake made about a counter hack sounds like fun. The command he gave does indeed work, but it would be nice to time it. Like if you haven't finished your hack within 2 or 3 minutes, you get counter hacked. Anyways, here's the latest code. Feel free to play with it. Have fun!

Code:
#!/bin/bash
#lethal.sh
#a script by DeX to make anyone look like a real haxor! OMG!!1
############

#set starting variable for hostname
hozt=local

#emulate the prompt
clear;

read -p "root@"$hozt":~$ " command

while [[ $choice != 0 ]]
do
   
case $command in
    'nslookup nsa.gov') sleep 1;
    echo "Server:      204.14.141.218";
    echo "Address      204.14.141.218#53"
    echo
    echo "Non-authoritative answer:"
    echo "Name:      nsa.gov"
    echo "Address:   67.15.6.98"
    ;;
    'ping 67.15.6.98') sleep 1;
    echo "PING 67.15.6.98 (67.15.6.98) 56(84) bytes of data."
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=1 ttl=52 time=68 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=2 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=3 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=4 ttl=52 time=92 ms"
sleep 1;
    echo "--- 67.15.6.98 ping statistics ---"
    echo "4 packets transmitted, 4 received, 0% packet loss, time 334ms"
    ;;
    'nmap -sS 67.15.6.98') echo
    echo "Starting Nmap 4.53 ( http://insecure.org ) at" $(date)
sleep 4;
    echo "Interesting ports on 67.15.6.98:"
    echo "Not shown: 1712 closed ports"
    echo "PORT   STATE   SERVICE"
    echo "80/tcp   open   http"
    echo "443/tcp   open   https"
    echo "MAC Address: 00:11:25:99:17:22 (Fortress Networks)"
    echo
    echo "Nmap done: 1 IP address (1 host up) scanned in 4.399 seconds"
    ;;
    'dscan -fS 67.15.6.98:443') echo
    echo "dScan probing 1 host"
    sleep 4
    echo "https on port 443 is vulnerable!"
    echo "please run updates to correct this security problem!"
    ;;
    'metasploit -script https443.sh -i 67.15.6.98') echo
sleep 1
echo "        -module -export-dynamic   -o rlm_perl.la  "
echo "        -rpath /usr/local/lib rlm_perl.lo rlm_perl.c bradius.la"
echo "        `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv  -lpthread"
echo "metasploit framework searching for vulnerable port"
sleep 3
echo "metasploit script successfull!"
echo "run dump to view results"
    ;;
    'dump -script https443.sh -c pw -U root') echo
sleep 1
echo "root - 0xC23413A8A1E7665fAAD3B435B51404EE"
    ;;
    'hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE') echo
sleep 5
echo "password match found!"
echo "aRrf349J$"
    ;;
    'ssh -l root 67.15.6.98') echo ""
sleep 5
echo "         WARNING!"
echo "This is a Government computer system.  Any"
echo "attempts to access this system by unauthorized"
echo "persons is against the law and will be prosecuted."
echo
sleep 1;

#change the hostname to nsa.gov
hozt=nsa.gov
    ;;
    './defcon_launch.sh') echo
sleep 1
echo "#################################"
echo "#                               #"
echo "#    DEFCON LAUNCHER STARTED    #"
echo "#                               #"
echo "#################################"
read -p "How many ICBMs? " missles
read -p "Please Enter GPS Coords: " coords
echo "Defcon Launch Sequence Started"
echo "Estimated Time To Destruction: 5 Seconds"
sleep 3
echo "Target Destroyed"
sleep 1
echo "Exiting program"
;;
    'help')
echo "Commands"
echo "nslookup nsa.gov"
echo "ping 67.15.6.98"
echo "nmap -sS 67.15.6.98"
echo "dscan -fS 67.15.6.98:443"
echo "metasploit -script https443.sh -i 67.15.6.98"
echo "dump -script https443.sh -c pw -U root"
echo "hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE"
echo "ssh -l root 67.15.6.98"
echo "clear"
echo "exit"
echo "**FROM NSA.GOV SHELL FOR REALISM**"
echo "./defcon_launch.sh"
;;
    'clear')
clear;
;;
    'exit')
exit;
;;
    *)
echo "bash: command not found"
;;
esac

#term again

read -p "root@"$hozt":~$ " command

done


Top
 Profile  
 PostPosted: Thu Oct 30, 2008 7:42 pm   

Joined: Tue Oct 14, 2008 10:19 am
Posts: 2
Location: Chicago, USA
A really nice idea... 8)


Top
 Profile WWW  
 PostPosted: Mon Mar 02, 2009 11:11 pm   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
Here's the latest...I added a little more realism...What I'm trying to do next is add something that will interupt the script after a certain amount of time and say that the attack has been traced and that authorities have been notified....blah blah blah...anyone have any suggestions?

Code:
#!/bin/bash
#lethal-0.02
#a script by DeX to make anyone look like a real haxor! OMG!!1
############

#set starting variable for hostname
hozt=local

#emulate the prompt
clear;

read -p "root@"$hozt":~$ " command

while [[ $choice != 0 ]]
do
   
case $command in
    'nslookup nsa.gov') sleep 1;
    echo "Server:      204.14.141.218";
    echo "Address      204.14.141.218#53"
    echo
    echo "Non-authoritative answer:"
    echo "Name:      nsa.gov"
    echo "Address:   67.15.6.98"
    ;;
    'ping 67.15.6.98') sleep 1;
    echo "PING 67.15.6.98 (67.15.6.98) 56(84) bytes of data."
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=1 ttl=52 time=68 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=2 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=3 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=4 ttl=52 time=92 ms"
sleep 1;
    echo "--- 67.15.6.98 ping statistics ---"
    echo "4 packets transmitted, 4 received, 0% packet loss, time 334ms"
    ;;
    'nmap -sS 67.15.6.98') echo
    echo "Starting Nmap 4.53 ( http://insecure.org ) at" $(date)
sleep 4;
    echo "Interesting ports on 67.15.6.98:"
    echo "Not shown: 1712 closed ports"
    echo "PORT   STATE   SERVICE"
    echo "80/tcp   open   http"
    echo "443/tcp   open   https"
    echo "MAC Address: 00:11:25:99:17:22 (Fortress Networks)"
    echo
    echo "Nmap done: 1 IP address (1 host up) scanned in 4.399 seconds"
    ;;
    'dscan -fS 67.15.6.98:443') echo
    echo "dScan probing 1 host"
    sleep 4
    echo "https on port 443 is vulnerable!"
    echo "please run updates to correct this security problem!"
    ;;
    'metasploit -script https443.sh -i 67.15.6.98') echo
sleep 1
echo "        -module -export-dynamic   -o rlm_perl.la  "
echo "        -rpath /usr/local/lib rlm_perl.lo rlm_perl.c bradius.la"
echo "        `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv  -lpthread"
echo "metasploit framework searching for vulnerable port"
sleep 3
echo "metasploit script successfull!"
echo "run dump to view results"
    ;;
    'dump -script https443.sh -c pw -U root') echo
sleep 1
echo "root - 0xC23413A8A1E7665fAAD3B435B51404EE"
    ;;
    'hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE') echo
sleep 5

function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""


echo "password match found!"
echo "aRrf349J$"
    ;;
    'ssh -l root 67.15.6.98') echo ""
sleep 5
echo "         WARNING!"
echo "This is a Government computer system.  Any"
echo "attempts to access this system by unauthorized"
echo "persons is against the law and will be prosecuted."
echo
sleep 1;

hozt=nsa.gov
    ;;
    './defcon_launch.sh') echo
sleep 1
echo "#################################"
echo "#                               #"
echo "#    DEFCON LAUNCHER STARTED    #"
echo "#                               #"
echo "#################################"
echo ""
echo "Hello Mr. President..."
read -p "How many ICBMs? " missles
read -p "Please Enter GPS Coords: " coords
echo "Defcon Launch Sequence Started"
read -p $missles" ICBMs to strike $coords; Are you sure?(Y)or(n)" confirmationz

function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""

echo "ICBMs Launched"

function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""


sleep 4
echo ""
echo "Target Destroyed, Mr. President."
echo "Exiting program"
;;
    'help')
echo "Commands"
echo "nslookup nsa.gov"
echo "ping 67.15.6.98"
echo "nmap -sS 67.15.6.98"
echo "dscan -fS 67.15.6.98:443"
echo "metasploit -script https443.sh -i 67.15.6.98"
echo "dump -script https443.sh -c pw -U root"
echo "hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE"
echo "ssh -l root 67.15.6.98"
echo "clear"
echo "exit"
echo "**FROM NSA.GOV SHELL FOR REALISM**"
echo "./defcon_launch.sh"
;;
    'clear')
clear;
;;
    'exit')
exit;
;;
    *)
echo "attack failed; not enough data"
;;
esac

#term again

read -p "root@"$hozt":~$ " command

done


Top
 Profile  
 PostPosted: Mon Mar 02, 2009 11:14 pm   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
Should I wrap it all in an until loop to time it? Can time (as in stopwatch...not actual clock time) be used as a variable?


Top
 Profile  
 PostPosted: Thu Apr 02, 2009 1:35 am   

Joined: Wed May 30, 2007 9:22 pm
Posts: 39
Location: California
Here's the latest. I'm just adding little things here and there for some added realism. This little project is teaching me much about bash! I am still really needing some suggestions or ideas about how to setup a timer for the script so that 3 minutes after logging on to the nsa server, it kills the connection and says authorities have been notified. How do I even do that?

Code:
#!/bin/bash
#lethal-0.02
#a script by DeX to make anyone look like a real haxor! OMG!!1
############

#set starting variable for hostname
hozt='slax:~$'

#emulate the prompt
clear;

read -p "root@"$hozt" "  command
while [[ $choice != 0 ]]
do
   
case $command in

#nslookup
    'nslookup nsa.gov') sleep 1;
    echo "Server:      204.14.141.218";
    echo "Address      204.14.141.218#53"
    echo
    echo "Non-authoritative answer:"
    echo "Name:      nsa.gov"
    echo "Address:   67.15.6.98"
    ;;

#ping
    'ping 67.15.6.98') sleep 1;
    echo "PING 67.15.6.98 (67.15.6.98) 56(84) bytes of data."
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=1 ttl=52 time=68 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=2 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=3 ttl=52 time=87 ms"
sleep 1;
    echo "64 bytes from 67.15.6.98: icmp_seq=4 ttl=52 time=92 ms"
sleep 1;
    echo "--- 67.15.6.98 ping statistics ---"
    echo "4 packets transmitted, 4 received, 0% packet loss, time 334ms"
    ;;

#nmap
    'nmap -sS 67.15.6.98') echo
    echo "Starting Nmap 4.53 ( http://insecure.org ) at" $(date)
sleep 4;
    echo "Interesting ports on 67.15.6.98:"
    echo "Not shown: 1712 closed ports"
    echo "PORT   STATE   SERVICE"
    echo "80/tcp   open   http"
    echo "443/tcp   open   https"
    echo "MAC Address: 00:11:25:99:17:22 (Fortress Networks)"
    echo
    echo "Nmap done: 1 IP address (1 host up) scanned in 4.399 seconds"
    ;;

#dscan
    'dscan -fS 67.15.6.98:443') echo
    echo "dScan probing 1 host"
    sleep 4
    echo "https on port 443 is vulnerable!"
    echo "please run updates to correct this security problem!"
    ;;

#metasploit
    'metasploit -script https443.sh -i 67.15.6.98') echo
sleep 1
echo "        -module -export-dynamic   -o rlm_perl.la  "
echo "        -rpath /usr/local/lib rlm_perl.lo rlm_perl.c bradius.la"
echo "        `perl -MExtUtils::Embed -e ldopts` -lnsl -lresolv  -lpthread"
echo "metasploit framework searching for vulnerable port"
sleep 3
echo "metasploit script successfull!"
echo "run dump to view results"
    ;;

#dump
    'dump -script https443.sh -c pw -U root') echo
sleep 1
echo "root - 0xC23413A8A1E7665fAAD3B435B51404EE"
    ;;

#hydra
    'hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE') echo
sleep 5

#spinner
function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""


echo "password match found!"
echo "aRrf349J$"
    ;;

#ssh to nsa
    'ssh -l root 67.15.6.98') 
sleep 5

   read -s -p "Password for root: " pwf

sleep 4
clear
echo "         WARNING!"
echo "This is a Government computer system.  Any"
echo "attempts to access this system by unauthorized"
echo "persons is against the law and will be prosecuted."
echo
sleep 1;

#change the hostname
hozt='nsa.gov:~#'
    ;;

#ls -l
    'ls -l')
sleep 1
echo "total 12"
echo "drwxr-xr-x 2 root root 4096 $(date) bin"
echo "drwxr-xr-x 2 root root 4096 $(date) docs"
echo "drwxr-xr-x 2 root root 4096 $(date) logs"
    ;;

#cd bin
    'cd bin')
hozt='nsa.gov:~/bin#'
    ;;

#ls
    'ls')
echo "defcon_launch.sh"
    ;;

#defcon_launch.sh
    './defcon_launch.sh') echo
sleep 1
echo "#################################"
echo "#                               #"
echo "#    DEFCON LAUNCHER STARTED    #"
echo "#                               #"
echo "#################################"
echo ""
echo "Hello Mr. President..."
read -p "How many ICBMs? " missles
read -p "Please Enter GPS Coords: " coords
echo "Defcon Launch Sequence Started"
read -p $missles" ICBMs to strike $coords; Are you sure?(Y)or(n)" confirmationz

function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""

echo "ICBMs Launched"

function spin {
    echo -n '-'
    echo -ne '\b|'
    sleep .1
    echo -ne '\bx'
    sleep .1
    echo -ne '\b+'
}
for i in `seq 1 20` ; do spin; done
echo ""


sleep 4
echo ""
echo "Target Destroyed, Mr. President."
echo "Exiting program"
;;

#help
    'help')
echo "Commands"
echo "nslookup nsa.gov"
echo "ping 67.15.6.98"
echo "nmap -sS 67.15.6.98"
echo "dscan -fS 67.15.6.98:443"
echo "metasploit -script https443.sh -i 67.15.6.98"
echo "dump -script https443.sh -c pw -U root"
echo "hydra -b 0xC23413A8A1E7665fAAD3B435B51404EE"
echo "ssh -l root 67.15.6.98"
echo "clear"
echo "exit"
echo "**FROM NSA.GOV SHELL FOR REALISM**"
echo "ls -l"
echo "cd bin"
echo "ls"
echo "./defcon_launch.sh"
;;
    'clear')
clear;
;;
    'exit')
exit;
;;
    *)
echo "attack failed; not enough data"
;;
esac

#term again

read -p "root@"$hozt" " command

done


Top
 Profile  
 PostPosted: Thu Apr 02, 2009 3:30 am   
Moderator
User avatar

Joined: Thu Oct 11, 2007 7:12 am
Posts: 229
Location: London - UK
The time delay can be simulated with signals and traps.
I am unaware of any time delayed signal function in bash so that would need to be simulated, which could be done by starting another script from within the lethal script using '&' to put it into the background. That second script would sleep for 3m and then send a SIGALARM to lethal's pid. lethal would need a 'trap' function. Check the bash man page for how to use trap.

If I get a little time later I'll have a go at providing an example.

DW


Top
 Profile  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 10 posts ] 

All times are UTC - 6 hours


Who is online

Users browsing this forum: Google [Bot] and 8 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron


BashScripts | Promote Your Page Too
Powered by phpBB © 2011 phpBB Group
© 2003 - 2011 USA LINUX USERS GROUP