I knew that the source code of the malware Mirai was released, and I simply wanted to know how it was made, so I analyzed it while being an amateur. jgamblin/Mirai-Source-Code: Leaked Mirai Source Code for Research/IoC Development Purposes
It's not just specially malicious code, it's just a description of commonly used Unix commands I didn't know about. By the way, since it is a code for investigation, ** abuse is strictly prohibited **.
/scripts/cross-compile.sh
if [ "$(id -u)" != "0" ]; then
echo "This script must be run as root" 1>&2
exit 1
fi
#Normal users return numbers
$ id -u
501
#Returns 0 for root user
$ sudo id -u
0
Linux command [id] Display user ID and group ID --Introduction to Linux --Webkaru
echo
If you add -n to the option, it will be output on a new line.
$ echo -n "Install mysql-server and mysql-client (y/n)? "
Install mysql-server and mysql-client (y/n)?
stty
Ubuntu Manpage: stty --Change and display terminal row settings
/scripts/cross-compile.sh
old_stty_cfg=$(stty -g)
stty raw -echo
answer=$( while ! head -c 1 | grep -i '[ny]' ;do true ;done )
stty $old_stty_cfg
/scripts/cross-compile.sh
apt-get install -y gcc golang electric-fence
I know gcc is a C compiler and golang is a Go language compiler, What is ʻelectric-fence`? It became.
Memory corruption detection tool. A detection tool for buffer overflows.
It remembers the start position and end position of dynamic arrays (arrays secured by malloc etc.) in the program and stops them with a segfault when the pointer etc. steps over the area of these arrays. Therefore, if you check the core by this segfo with a debugger such as gdb, you will be able to instantly know where and which array was stopped due to area violation.
C language: How to use the memory corruption detection tool electric fence