Header Banner
Null Byte Logo
Null Byte
WonderHowTo Gadget Hacks Next Reality Null Byte
wonderhowto.mark.png
Cyber Weapons Lab Forum Metasploit Basics Facebook Hacks Password Cracking Top Wi-Fi Adapters Wi-Fi Hacking Linux Basics Mr. Robot Hacks Hack Like a Pro Forensics Recon Social Engineering Networking Basics Antivirus Evasion Spy Tactics MitM Advice from a Hacker
how to

Security-Oriented C Tutorial 0xFD - Software on Steroids - Upgrading Our Malware

Jan 10, 2016 01:07 PM
May 5, 2016 03:05 AM
ANSI C programming language logo.

Welcome back to a tutorial on malware. We'll be discovering a method to beef up our little trooper. Without further ado, let's jump right in!

Recap

In the previous tutorial, we learned how to write a program which opened itself for reading to write to a host file, overwriting each value one by one until it eventually duplicated itself inside. A successful prototype, but it's not really equipped with enough fireworks to go off with a BANG! So let's do that, shall we?

Adding Functionality

Now that we've got a basic working malware, we can aim higher and give it some flavor, some spice, some turbo jet engines, whatever you want to call it. But what do we want to add?

Let's try to keep things simple... think simple yet disastrous. We can only attack one file at the moment so how about we attack multiple files? But we don't know the file names in advanced. Is there something which can help us retrieve the file names on demand? Why of course there is!

Integration

We have our base specimen and it's time to integrate it with its newly made (found) power suit.

We need to remove some of the exit calls because if our virus were to encounter a file or directory without proper permissions, it would halt our program and we do not want that. We want it to just skip over it and continue its rampage.

CAUTION

Before proceeding beyond this point, you must understand the risk of creating malware. The program that we will be making is not to be tampered with in any uncontrolled environment so I would highly advise you to set up a controlled environment due to its nature. In the event that this program is executed in a successful manner, all compromised files may not be recoverable and any damage will be on you. Ignorance is not an excuse.

During the testing of this, an unedited parameter in a function had me unintentionally infect core files in my system which caused it to hang. Luckily, I had created snapshots in my virtual machine so that I was able to recover it.

Backing Up

Make sure that you are able to recover your machine after running the virus, that is, if you're daring enough to run it.

Security-Oriented C Tutorial 0xFD - Software on Steroids - Upgrading Our Malware

I'm set. Are you?

Don't forget the epic background music: YouTube

Compiling and Running

Forgive me Lord, for I am about to sin. Here we go!

Slight freeze...

Terminal window displaying code related to file infections and system cache.

I think this was a Sublime Text error...

Error message displayed on a dark background: "SOME ERROR POPPED UP HERE."

Something...?

Security-Oriented C Tutorial 0xFD - Software on Steroids - Upgrading Our Malware

Returned back to "normal". Looks like it's still running or something, not sure.

Terminal command output showing permission denied errors and infection messages related to directory operations.

System threw a some errors back at me. Terminal also crashed.

Error message on Ubuntu system indicating an internal error occurred, with a code snippet displayed in the background.

Did what it suggested to do, a restart. Now it keeps kicking me back out to the login screen when I'm trying to log in. Nice! I'm also pretty sure that all of my files have been completely overwritten.

Login screen for Null-Byte with options for user login and guest session.

What fun! I've completely destroyed my data and account, all without touching root. If you've run this as root, boy, would you have a problem!

Countermeasures

As you can see, the operating system still functions properly. I am actually able to log into the Guest Session which is nice. Luckily, I was not root when running this otherwise it would have absolutely overrun the entire system and I probably wouldn't even be able to boot properly. Yep, confirmed as I am typing this sentence, it screwed over and had boot issues.

Computer terminal displaying a message to press any key to continue.
Filesystem check error message on black screen.
Computer terminal displaying a message to press any key to continue.
Filesystem check error message on black screen.

Linux organizes file permissions into users and groups and because of this, it had prevented the virus from infecting core files in the root partition, or any root-level files. In one of the screenshots above, we can see that it kept denying access to files from our virus. This is a good reason why we should never ever use any operating system with the root account in case something like this happens. If I can't convince you by showing you this demonstration, I don't know what will...

Conclusion

That's it for our first malware! If you wish to experiment with it a bit more, add some more power to it, make it infect connected drives like USBs, be my guest! Try porting it over to a Windows machine, it should still work as well. Don't give it to any of your friends as a prank, please, unless they're not your friend - no, just don't give it to anyone, don't be that guy. It's for experimentation and analysis only!

What shall we cover next? I don't know yet! Stay tuned!

dtm.

The next big software update for iPhone is coming sometime in April and will include a Food section in Apple News+, an easy-to-miss new Ambient Music app, Priority Notifications thanks to Apple Intelligence, and updates to apps like Mail, Photos, Podcasts, and Safari. See what else is coming to your iPhone with the iOS 18.4 update.

Related Articles

Comments

No Comments Exist

Be the first, drop a comment!