봇넷 만들기.
Build a botnet
Overall architecture
P2P style botnet (hybrid-style)
Each bot can be a client or a server
create 37 different processes (each process will be a bot)
there are 4 super bots, and they will handle 8 child bots
one bot-master
1 bot-master, 4 super bots, 32 child bots = 37 processes
Communications
all are TCP channels
You can use any random network ports
each super bot should connect to a bot-master
each super bot should connect to a neighbour super-bot
each super bot should connect to child bots
more requirements
each child bot and each super bot has its own unique ID
need to support the following functions (should implemented in each child bot)
read: system date, host name
create: create a specified file (e.g., create“test.txt”)
send: send # of dummy packets packet to a specific IP address and a port
e.g., send 10 143.248.111.14 80
Operations
command delivery
a bot-master will send a command to any super-bot in a network, and the super- bot received the command from a botmaster will deliver to their child bots
join
each child bot should report their ID to super bot
super bot needs to report collected IDs to a bot-mater
search
a bot-master can find a specific child bot with its ID
action
a bot-master can execute some functions with a set of child bots
Operations in detail
boot up
1 bot-master process
14 super bot processes
32 child bot processes
initialization
child should connect to its super node (you can define as you want)
super node connects to a bot-master and reports node information
report {super bot ID}:[child bot 1 ID, child bot 2 ID, ….]
action
a bot-master searches specific child bot with its ID to know whether it s alive or not
search child bot ID
(return message) alive with super bot ID or none with super bot ID
a bot-master executes specific functions with some child bots
action read -date child bot ID1, child bot ID2
(return message) system date of two bot hosts
Test
check whether 37 processes are running
check whether a bot-master can collect all ID information of child bots
check whether a bot-master can search a specific ID of a child bot
in this case, a bot-master is able to ask any of super bots
a super bot needs to relay the search request if it does not manage a child bot having the queried ID check whether a bot-master can execute each action
read
create
search
send
send is special… a set of bots (e.g., 10 child bots) the determined packets to a target at the same time
========================================================================================
The purpose of this notice is to describe detail interface when we are under the test your Botnet.
1. Interface
You don`t need to make a interface (user interface), when a process running as spuer-bot or child bot.
However, as you know, bot-master MUST provide proper interface described below.
/****************Menu*****************/
1) Show bot hieracy
2) Read
3) Create
4) Send packet
5) Search
/**************************************/
Bot-master(Prompt)# 1
Supoer Bot #10 : [ Child Bot #4 : Child Bot #2 : ,...]
Supoer Bot #30 : [ Child Bot #1 : Child Bot #5 : ,...]
Bot-master(Prompt)# 2 [1:4, 3:1] host
Child Bot 10:4 -> rwin MacBook-Pro.local 14.3.0 Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 x86_64 i386 MacBookPro11,3 Darwin
Child Bot 10:4 -> rwin MacBook-Pro.local 14.3.0 Darwin Kernel Version 14.3.0: Mon Mar 23 11:59:05 PDT 2015; root:xnu-2782.20.48~5/RELEASE_X86_64 x86_64 i386 MacBookPro11,3 Darwin
Bot-master(Prompt)# 2 [1:4] date
Child Bot 10:4 -> Wed Apr 29 09:02:37 KST 2015
Bot-master(Prompt)# 3 [10:2, 30:5] /home/tt/test.txt
Child Bot 10:2 -> Create file
Child Bot 30:5 -> File is existed, append data
(Cf, when a child bot make a file, it just write their unique ID. In this case, for example, contents of "test.txt" contains
/***test.txt***/
Child Bot 10:2
Child Bot 30:5 )
Bot-master(Prompt)# 4 100 143.248.0.23 80
(Cf, the total number of sent packet to the destination (143.248.0.23:80) is 100. We don`t care about which a child bot sends how many packets. We just check the total number of sent packets)
Bot-master(Prompt)# 5 [5, 2, 4]
Child Bot 30:5 -> Alived
Child Bot 10:2 -> Alived
Child Bot 30:4 -> Not respond
(Cf, We will check this functon through killing a specific process in your Botnet. Please carefully considering the case of killed Super-bot. If the Supoer-bot is killded, child bots connected with killed super-bot will be dis-connected)
2. ETC
Whenever the condition of botnet is changed, bot-master can see what happended.
The asynchronous events are
Added child-bot
Child Bot # is now connected with Super-bot #.
Removed child-bot
Child Bot # is now dis-connected with Super-bot #.
Added Super-bot
Super-bot # is connected.
Removed Super-bot
Super-bot # is dis-connected and child bots connected with Super-bot are dis-disconnected