METASPLOIT BASICSVirus Chest

A Simple Virus Written…in Bash!

14

Fugu – a simple virus in bash.

I once told a friend of mine I’d written a virus in bash and he scoffed – “You can’t write a virus in bash!” – he sniggered, like an ignorant idiot.

Take my script, read and run it I told him. He declined.

I still have that script so thought I’d share it.

What is a virus?

I think the term is used out of context nowadays. By definition a virus is something that infects a host, and reproduces. A computer virus behaves very much like a biological one which is where the term comes from.

Before you run the code…

The script is called fugu. I suggest that anyone who tries to run the script create a suitable environment to do so. This is ust for fun and experimentation, not about being malicious and I discourage such behaviour.

Nothing malicious is taking place, we’re simply copying code from script to script so no real damage is done and any alterations can be reversed. – but I would still recommend you create a suitable environment for testing/execution.

The script will only infect it’s current directory and any sub-directories therein, so begin by creating a directory to contain the test…create some sub-directories within. A simple heirarchy of directories something like this should suffice:

test/
test/a/
test/a/b/
test/a/b/c/

Copy the fugu code (at the bottom of the page) into a text editor and save it
to the test/ directory as fugu. So you should have a bash script named:

test/fugu

Now…since fugu finds and infects other bash scripts, we should create some to that we can verify the script worls properly. Here’s a simple example script you can copy and paste:

#!/bin/bash

echo “This is a test script”
echo

exit 0

Make a few copies of it, save it to the following files:

test/z
test/a/y
test/a/b/x
test/a/b/c/w

How it words.

Before you run it, it’s best to understand how it works. I have two versions of the script, one tht gives some output (probbaly more confusing than anything) and has lot’s of comments. Any one with no comments and gives no output.

But they both do exactly the same thing…

  1. First, fugu will list the contents of the current directory and

cycle through them one at a time.

  1. If a directory is found, fugu will cd to that directory and begin

to search that directory.

  1. If any file is found it must meet specific criteria – first, it must

begin with a #!/bin/bash shebag, second it must NOT contain a very
specific pattern that should be unique to fugu infected scripts.

  1. If the file meets the criteria fugu copies itself to the script so

that when the script is next run, it will execute the fugu code first,
then its own original code second.

  1. If no infected files are found fugu will continue to search subsequent

sub-directories looking for a host file to infect, if none are found,
fugu exits and does nothing.

since we use commands like ls we get alphabetical results, if you think of our structure:

test/z
test/a/y
test/a/b/x
test/a/b/c/w

Since a comes before z fugu will find a first, find that it is a directory and cd to there where it will begin to search the a directory for files and folders.

Since b will be found before y we cd to b…c will be found before x so we cd to c…and w is all there is in the c directory so w should be the first file that fugu finds and infects. You might wants to chuck some regular files around just to verify that fugu isn’t affecting regular text files.

Execute fugu:

cd test
chmod 0755 fugu
./fugu
cat a/b/c/w

Next time we run fugu, it will again find directories a, b, c…this time it will find that the w file within the c directory is already infected…since there’s nothing else in the c directory, fugu will backtrack and end up back in the b directory – and this time will find and infect the x file.

Next time it will infect, y, then lastly z.

Fugu will not infect itself!

I won’t spend too much time going into detail, it’s probably more interesting to just read the script. Hope someone learns something from it, criticisms or even improvements encouraged and welcomed.

Much obliged!

##########################################################################

I deleted the scripts here – commented script had a few changes made andis on pastebin @ http://pastebin.com/JtHEz6UW

Still a few alterations I’d like to make. Cheers

Lovepreet Singh
CEO & FOUNDER OF" FIVE RIVERS INCORPORATION - LEADING SOFTWARE & CYBER SECURITY DEVELOPMENT COMPANY" || CERTIFIED ETHICAL HACKER || FUTURE TRILLIONAIRE || FUTURISTIC || "DULL SCHOOL STUDENT" || (Follow this link to message me on WhatsApp: https://wa.me/13018426470)

Hacking the Heartbleed Vulnerability

Previous article

The Girl in the Spider’s Web Explained Logically

Next article

14 Comments

  1. Amoxicillin Sudafed Amoxil Dogs Buy Tamoxifen Citrate In Australia [url=http://cialtadalaf.com]cialis overnight shipping from usa[/url] What Is Priligy 30mg Cialis Non Prescription Buy Cipro Xr Online

  2. Great blog! Do you have any tips and hints for aspiring writers?
    I’m planning to start my own website soon but I’m a little lost on everything.
    Would you recommend starting with a free platform like WordPress or go
    for a paid option? There are so many choices out there that I’m totally
    overwhelmed .. Any tips? Kudos!

  3. Acheter Cialis Sur Internet France [url=http://banzell.net]viagra online pharmacy[/url] Cialis E Varicocele

  4. Someone necessarily help to make severely articles I would state.

    This is the first time I frequented your web page and up to
    now? I amazed with the analysis you made to make this
    actual publish extraordinary. Excellent job!

  5. When I initially commented I clicked the “Notify me when new comments are added” checkbox and now each time a
    comment is added I get several emails with the same comment.
    Is there any way you can remove me from that service?
    Thank you!

  6. Undeniably believe that which you said. Your favorite justification appeared to be on the internet the simplest thing to be aware of.
    I say to you, I certainly get irked while people consider worries that they just do not know about.
    You managed to hit the nail upon the top as well
    as defined out the whole thing without having side effect , people can take a signal.

    Will likely be back to get more. Thanks

  7. Wonderful site. Plenty of helpful information here.
    I am sending it to several friends ans also sharing in delicious.

    And obviously, thank you for your effort!

  8. Viagra Tabletten [url=http://uscagsa.com]generic 5mg cialis best price[/url] buy cheap accutane online

  9. Hi there, You have done a fantastic job.
    I’ll certainly digg it and personally recommend to my friends.
    I’m sure they will be benefited from this website.

  10. Do you mind if I quote a couple of your posts as long as
    I provide credit and sources back to your webpage? My blog is in the very same area of interest as yours and
    my visitors would genuinely benefit from a lot of the information you present
    here. Please let me know if this alright with you.

    Thanks!

  11. Great beat ! I would like to apprentice while you amend your
    site, how could i subscribe for a blog website?
    The account helped me a acceptable deal. I
    had been a little bit acquainted of this your broadcast provided bright clear idea

  12. You’re so interesting! I don’t think I’ve read something like
    this before. So wonderful to find another person with genuine
    thoughts on this subject matter. Seriously.. thank you for starting this up.

    This site is one thing that is required on the internet, someone with a little originality!

  13. You should take part in a contest for one of the finest blogs online.
    I most certainly will recommend this web site!

Leave a reply

Your email address will not be published. Required fields are marked *

Login/Sign up