Let's talk Logic Bombs

[TheKrimlin]

Just a little background on me, I've been into computers for many years tinkering and toying around with them as a kid, got more serious with them getting into gaming and modding games, started programming (python, C++, etc). I've worked as a network admin, and now I'm stuck back in college so I can score a degree and get a good paying job making bank.

Now to the point, I have basic knowledge and usage of windows batch files for basic admin stuff to make my job easy. My instructor in my intro to info sec class told us that batch files don't have the flexibility of other scripts when it comes to viruses, furthermore said that batch files can never be logic bombs.

My mission is to create a kickass virus in batch file format and drop it on our demo computer to get my point across. Now I've got 2 weeks to do this and I want to get it done so I can shoot for honors credit for the course.

My idea is to write a batch file that takes data like log files (or some other kind of computer generated reports that build up rather quick) store these in a place to overload the ram causing a crash. The kicker is I want it to also take the crash dump files and store them back on ram after recovery to keep the process in a constant crash loop.

My questions are:
Is this even possible?
What kinda delivery methods are available for batch files?
How to get them in there stealthy and where to store them?
How to make a batch file auto exec at a certain point?

Computer is a old Dell Optiplex 755 on Windows XP

[centip3de]

Now to the point, I have basic knowledge and usage of windows batch files for basic admin stuff to make my job easy.

Wait, so, you guys don't use Linux? That's odd. Most servers run Linux and beyond that, most information security classes use Linux. Although I suppose it's possible to use Windows for both, it's just fairly rare.

My instructor in my intro to info sec class told us that batch files don't have the flexibility of other scripts when it comes to viruses

Eh? Batch is a pretty shitty language, it's just odd to hear them compared in terms of virii making.

furthermore ... that batch files can never be logic bombs.

Once again, eh? If you're defining a logic bomb by the Wikipedia definition, then your professor would be right, unless of course your making software out in Batch (then you'd have to define what 'software' is, and it gets all kinds of meta).

My mission is to create a kickass virus in batch file format and drop it on our demo computer to get my point across. Now I've got 2 weeks to do this and I want to get it done so I can shoot for honors credit for the course.

Something tells me that you won't be getting more credit for destroying a computer...

My idea is to write a batch file that takes data like log files (or some other kind of computer generated reports that build up rather quick) store these in a place to overload the ram causing a crash. The kicker is I want it to also take the crash dump files and store them back on ram after recovery to keep the process in a constant crash loop.

Uh, why not just write a fork bomb that puts itself in the startup folder? Seems much simpler. If you still want to keep the fork bomb aspect of it (i.e. it goes off when someone launches a program/deletes a file, etc.), then why not just monitor a certain file and then launch the fork bomb if it changes?

My questions are:
Is this even possible?

Well seeing as batch is turing complete, technically anything is possible... but practically, yes, it should be.

What kinda delivery methods are available for batch files?

What kind of delivery methods are available? Do you mean, how to get a batch file onto a system? In theory, it's the same way you'd get any other virii onto a persons computer, with the added benefit that an AV most likely won't pick you up.

How to get them in there stealthy and where to store them?

If you have physical access, why not just a USB? As to where to store them, you could always just make a massive folder tree, or just store it in a usually inconspicuous place like in the files for a random program.

How to make a batch file auto exec at a certain point?

Depends on what you want to do. If you just want to check for changes in/on something, you can setup a simple conditional in the batch file and then put it in the task scheduler to run every 30 seconds or so.

[Goatboy]

In addition to what centip3de said (99% of which I agree with), it seems like you're biting off more than you can chew. You've got some misused terminology going on and I think the cause of that is some serious misunderstanding. RAM doesn't really get expended by having a lot of files on the disk; you'd have to open them all at once and that's about as inelegant as it gets. You are also not only not going to get points for this, but if your school is like many of the others you will get in trouble. Even if it is a demo computer.

My suggestion? Read some papers about actual virii in C and ASM. Batch is simply not the tool for the job here.

[TheKrimlin]

Wait, so, you guys don't use Linux? That's odd. Most servers run Linux and beyond that, most information security classes use Linux. Although I suppose it's possible to use Windows for both, it's just fairly rare.

At my former workplace it was the fantastic Windows Server 2008 R2... I was super excited to have that there /sarcasm...

Eh? Batch is a pretty shitty language, it's just odd to hear them compared in terms of virii making.

I asked the question, I have an odd fascination with batch dunno why, but it's like a foot fetish, no one likes feet but there always that one guy lol

Once again, eh? If you're defining a logic bomb by the Wikipedia definition, then your professor would be right, unless of course your making software out in Batch (then you'd have to define what 'software' is, and it gets all kinds of meta).

That sound like an over complication that I'd rather not dive into because I don't have the time, thanks for clearing that up!

Something tells me that you won't be getting more credit for destroying a computer...

We have a computer in the class room that is dedicated for this purposeve already confirmed that if I do it I'd get that cute little "H" next to the course GPA. I'm also working in the IT department at the college part time, so whenever this computer get bombed we ghost in and re-image it

Uh, why not just write a fork bomb that puts itself in the startup folder? Seems much simpler. If you still want to keep the fork bomb aspect of it (i.e. it goes off when someone launches a program/deletes a file, etc.), then why not just monitor a certain file and then launch the fork bomb if it changes?

I like that idea, since this is fresh on my mind I never considered a fork bomb, I'll throw you in a creditor for the idea lol "that guy centip3de from HTS"

Well seeing as batch is turing complete, technically anything is possible... but practically, yes, it should be.

Fantastic

What kind of delivery methods are available? Do you mean, how to get a batch file onto a system? In theory, it's the same way you'd get any other virii onto a persons computer, with the added benefit that an AV most likely won't pick you up.

I'm not "virii" savvy, I know the functions and how they are delivered, but do not know the inner workings, which I'm trying to learn.

If you have physical access, why not just a USB? As to where to store them, you could always just make a massive folder tree, or just store it in a usually inconspicuous place like in the files for a random program.

I do have physical access but I wanted to be semi creative. In our class room we have a local network where all the computers are connected (minus the instructor's lol), but USB would be one way, that would still require logging into the computer, While I do have BT5 and HBCD on USB I was thinking of doing something over the network.

Depends on what you want to do. If you just want to check for changes in/on something, you can setup a simple conditional in the batch file and then put it in the task scheduler to run every 30 seconds or so.

I was thinking the same but didn't know if there was something I was missing.

In addition to what centip3de said (99% of which I agree with), it seems like you're biting off more than you can chew. You've got some misused terminology going on and I think the cause of that is some serious misunderstanding. RAM doesn't really get expended by having a lot of files on the disk; you'd have to open them all at once and that's about as inelegant as it gets. You are also not only not going to get points for this, but if your school is like many of the others you will get in trouble. Even if it is a demo computer.<br><br>My suggestion? Read some papers about actual virii in C and ASM. Batch is simply not the tool for the job here.

Misused terms, I would probably agree, my teaching has been passed down information from people and manuals, which is why I'm in school lol.

I guess I should expound more on this "demo computer". It's a computer we have in the classroom that's there for the sole purpose for demonstrating the effects of virii and other security threats also to show what it looks like when someone has "illegally" gained access and shows us to look for (log files, traffic, etc), also students to pen test on and infect. This is no virii writing class but it is an intro to information security class.



Much appreciated guys!

[Goatboy]

I like this guy. He gets the Goat Seal of Approval. Welcome him with open ports arms.

[TheKrimlin]

I'm down for ummm open ports females only though

Glad to make a good first impression, I like this site, lots of good info, good people too (with the typical doucebaggery thrown in for spice) but nonetheless good!

I'm sure you'll be hearing more outlandish ideas form me in the future, when my teachers in elementary school told me think outside the box I took it too far (i.e. wanting to write a logic bomb in batch lol)

[WallShadow]

back in high school i wasted every boring lecture i could on toying around with batch stuff, and especially various malicious usages of those.

Here's a few tips on how to go about a batch logic bomb;

as cent stated, fork bomb really is the simplest method with something like this; (assuming the batch file is called 'mystupidbatchfile.bat')

Code: Select all

:start
cmd /k mystupidbatchfile.bat
goto start


that will kill the system by simply overusing resources but everything will be back to normal

although a truely destructive batch file would need to do something like deleting System32 or better yet, the entire C:/ drive.

also as stated previously, you might want to have it auto start on boot by placing the script (or a perliminary launching script) into the Startup folder (note there are serveral, not just 1) or use reg to add the batch to the run path.

if you add a method of automatic start up, you may also want to make the batch file invisible with ATTRIB +HS mystupidbatchfile.bat

timing stuff is pretty easy with the use of DATE and TIME and some careful variables.

another thing that you may want to do is to hide the window that pops up when a batch script is running. this can be done with any specially built program that could launch it, but i find it simpler to use visual basic by building a simple .vbs file which launches the batch file, and then running the .vbs file via vscript (or it may be wscript, i forget). this will make it so that the batch file is launched without a command window which the user could kill.

but note that batch is a TERRIBLE language for anything even slightly complicated, so if you're going to be spending any more than an hour developing this stuff, i recommend switching to some other language like C.

if there is anything else you wanna know, just ask. <3