Facebook

Untitled safest cryptocurrency exchange

From Diminutive Hummingbird, 3 Years ago, written in Plain Text.
URL https://pastebin.pl/view/d37427af
Embed
Download Paste or View Raw
Hits: 73
  1. #!/bin/bash
  2.  
  3. # CuckooAutoInstall
  4.  
  5. # Copyright (C) 2014-2015 David Reguera García - [email protected]
  6. # Copyright (C) 2015 David Francos Cuartero - [email protected]
  7. # Copyright (C) 2017-2018 Erik Van Buggenhout & Didier Stevens - NVISO
  8.  
  9. # This program is free software: you can redistribute it and/or modify
  10. # it under the terms of the GNU General Public License as published by
  11. # the Free Software Foundation, either version 3 of the License, or
  12. # any later version.
  13.  
  14. # This program is distributed in the hope that it will be useful,
  15. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  16. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  17. # GNU General Public License for more details.
  18.  
  19. # You should have received a copy of the GNU General Public License
  20. # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  21.  
  22. source /etc/os-release
  23.  
  24. # Configuration variables. Tailor to your environment
  25. CUCKOO_GUEST_IMAGE="/tmp/W7-01.ova"
  26. CUCKOO_GUEST_NAME="vm"
  27. CUCKOO_GUEST_IP="192.168.87.15"
  28. INTERNET_INT_NAME="eth0"
  29.  
  30. # Base variables. Only change these if you know what you are doing...
  31. SUDO="sudo"
  32. TMPDIR=$(mktemp -d)
  33. RELEASE=$(lsb_release -cs)
  34. CUCKOO_USER="cuckoo"
  35. CUCKOO_PASSWD="cuckoo"
  36. CUSTOM_PKGS=""
  37. ORIG_DIR=$( cd "$( dirname "${BASH_SOURCE[0]}"  )" && pwd  )
  38. VOLATILITY_URL="http://downloads.volatilityfoundation.org/releases/2.4/volatility-2.4.tar.gz"
  39. YARA_REPO="https://github.com/plusvic/yara"
  40.  
  41. VIRTUALBOX_REP="deb http://download.virtualbox.org/virtualbox/debian $RELEASE contrib"
  42.  
  43. VIRTUALBOX_INT_NAME="vboxnet0"
  44. VIRTUALBOX_INT_NETWORK="192.168.87.0/24"
  45. VIRTUALBOX_INT_ADDR="192.168.87.1"
  46. VIRTUALBOX_INT_SUBNET="255.255.255.0"
  47.  
  48. LOG=$(mktemp)
  49. UPGRADE=true
  50.  
  51. declare -a packages
  52. declare -a python_packages
  53.  
  54. packages="git python python-pip libffi-dev libssl-dev python-virtualenv python-setuptools libjpeg-dev zlib1g-dev swig postgresql libpq-dev tcpdump apparmor-utils libtiff5-dev libjpeg8-dev zlib1g-dev libfreetype6-dev liblcms2-dev libwebp-dev tcl8.6-dev tk8.6-dev python-tk build-essential libssl-dev libffi-dev python-dev libssl-dev libjansson-dev virtualbox mongodb"
  55. #python_packages="pip setuptools cuckoo distorm3 yara-python"
  56. python_packages="pip setuptools cuckoo distorm3 yara-python==3.6.3 pycrypto"
  57.  
  58. # Pretty icons
  59. log_icon="\e[31m✓\e[0m"
  60. log_icon_ok="\e[32m✓\e[0m"
  61. log_icon_nok="\e[31m✗\e[0m"
  62.  
  63. # -
  64.  
  65. print_copy(){
  66. cat <<EO
  67. ┌─────────────────────────────────────────────────────────┐
  68. │                CuckooAutoInstall 0.2 - NVISO Mod        │
  69. │ David Reguera García - Dreg <[email protected]>      │
  70. │ David Francos Cuartero - XayOn <[email protected]>   │
  71. │ Erik Van Buggenhout - <[email protected]>         |
  72. │ Didier Stevens - <[email protected]                     |
  73. │            Buguroo Offensive Security - 2015            │
  74. │            NVISO - 2017-2018                            │
  75. └─────────────────────────────────────────────────────────┘
  76. EO
  77. }
  78.  
  79. check_viability(){
  80.     [[ $UID != 0 ]] && {
  81.         type -f $SUDO || {
  82.             echo "You're not root and you don't have $SUDO, please become root or install $SUDO before executing $0"
  83.             exit
  84.         }
  85.     } || {
  86.         SUDO=""
  87.     }
  88.  
  89.     [[ ! -e /etc/debian_version ]] && {
  90.         echo  "This script currently works only on debian-based (debian, ubuntu...) distros"
  91.         exit 1
  92.     }
  93. }
  94.  
  95. print_help(){
  96.     cat <<EOH
  97. Usage: $0 [--verbose|-v] [--help|-h] [--upgrade|-u]
  98.  
  99.     --verbose   Print output to stdout instead of temp logfile
  100.     --help      This help menu
  101.     --upgrade   Use newer volatility, yara and jansson versions (install from source)
  102.  
  103. EOH
  104.     exit 1
  105. }
  106.  
  107. setopts(){
  108.     optspec=":hvu-:"
  109.     while getopts "$optspec" optchar; do
  110.         case "${optchar}" in
  111.             -)
  112.                 case "${OPTARG}" in
  113.                     help) print_help ;;
  114.                     upgrade) UPGRADE=true ;;
  115.                     verbose) LOG=/dev/stdout ;;
  116.                 esac;;
  117.             h) print_help ;;
  118.             v) LOG=/dev/stdout;;
  119.             u) UPGRADE=true;;
  120.         esac
  121.     done
  122. }
  123.  
  124. run_and_log(){
  125.     $1 &> ${LOG} && {
  126.         _log_icon=$log_icon_ok
  127.     } || {
  128.         _log_icon=$log_icon_nok
  129.         exit_=1
  130.     }
  131.     echo -e "${_log_icon} ${2}"
  132.     [[ $exit_ ]] && { echo -e "\t -> ${_log_icon} $3";  exit; }
  133. }
  134.  
  135. clone_repos(){
  136.     git clone ${YARA_REPO}
  137.     return 0
  138. }
  139.  
  140. cdcuckoo(){
  141.     eval cd ~${CUCKOO_USER}
  142.     return 0
  143. }
  144.  
  145. create_cuckoo_user(){
  146. #    $SUDO adduser  -gecos "" ${CUCKOO_USER}
  147. #    $SUDO echo ${CUCKOO_PASSWD} | passwd ${CUCKOO_USER} --stdin
  148.     $SUDO adduser --disabled-login -gecos "" ${CUCKOO_USER}
  149.     echo -e "${CUCKOO_PASSWD}\n${CUCKOO_PASSWD}" | $SUDO passwd ${CUCKOO_USER}
  150.     $SUDO usermod -G vboxusers ${CUCKOO_USER}
  151.     return 0
  152. }
  153.  
  154. create_hostonly_iface(){
  155.     FOUND=`grep "vboxnet0" /proc/net/dev`
  156.  
  157.     if  [ -n "$FOUND" ] ; then
  158.     echo "vboxnet0 already exists"
  159.     else
  160.     echo "vboxnet0 doesn't exist, creating it..."
  161.     $SUDO vboxmanage hostonlyif create
  162.     fi
  163.     $SUDO vboxmanage dhcpserver modify --ifname $VIRTUALBOX_INT_NAME --disable
  164.     $SUDO vboxmanage hostonlyif ipconfig $VIRTUALBOX_INT_NAME --ip $VIRTUALBOX_INT_ADDR --netmask $VIRTUALBOX_INT_SUBNET
  165.     $SUDO iptables -A FORWARD -o $INTERNET_INT_NAME -i $VIRTUALBOX_INT_NAME -s $VIRTUALBOX_INT_NETWORK -m conntrack --ctstate NEW -j ACCEPT
  166.     $SUDO iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
  167.     $SUDO iptables -A POSTROUTING -t nat -j MASQUERADE
  168.  
  169.     $SUDO sysctl -w net.ipv4.ip_forward=1
  170.   return 0
  171. }
  172.  
  173. allow_tcpdump(){
  174.     $SUDO /bin/bash -c 'setcap cap_net_raw,cap_net_admin=eip /usr/sbin/tcpdump' 2 &> /dev/null
  175.     $SUDO aa-disable /usr/sbin/tcpdump
  176.     return 0
  177. }
  178.  
  179. build_yara(){
  180.     cd ${TMPDIR}/yara
  181.     ./bootstrap.sh
  182.     $SUDO autoreconf -vi --force
  183.     ./configure --enable-cuckoo --enable-magic
  184.     make
  185.     $SUDO make install
  186.     cd yara-python/
  187.     $SUDO python setup.py install
  188.     cd ${TMPDIR}
  189.     return 0
  190. }
  191.  
  192. build_volatility(){
  193.     wget $VOLATILITY_URL
  194.     tar xvf volatility-2.4.tar.gz
  195.     cd volatility-2.4/
  196.     $SUDO python setup.py build
  197.     $SUDO python setup.py install
  198.     return 0
  199. }
  200.  
  201. prepare_virtualbox(){
  202.     cd ${TMPDIR}
  203.     echo ${VIRTUALBOX_REP} |$SUDO tee /etc/apt/sources.list.d/virtualbox.list
  204.     wget -O - https://www.virtualbox.org/download/oracle_vbox.asc | $SUDO apt-key add -
  205.     pgrep virtualbox && return 1
  206.     pgrep VBox && return 1
  207.     return 0
  208. }
  209.  
  210. install_packages(){
  211.     $SUDO apt-get update
  212.     $SUDO apt-get install -y ${packages["${RELEASE}"]}
  213.     $SUDO apt-get install -y $CUSTOM_PKGS
  214.     $SUDO apt-get -y install
  215.     return 0
  216. }
  217.  
  218. install_python_packages(){
  219.     pip install $python_packages --upgrade
  220.     return 0
  221. }
  222.  
  223. run_cuckoo_community(){
  224.     runuser -l $CUCKOO_USER -c 'cuckoo'
  225.     runuser -l $CUCKOO_USER -c 'cuckoo community'
  226.     return 0
  227. }
  228.  
  229. # The imported virtualbox VM should have the following config:
  230. # - Installed Python 2.7
  231. # - Installed Cuckoo Agent
  232. # - Disabled UAC, AV, Updates, Firewall
  233. # - Any other software that is to be installed
  234. # - IP settings: 192.168.87.15 - 255.255.255.0 - GW:192.168.87.1 DNS:192.168.87.1
  235.  
  236. import_virtualbox_vm(){
  237.     runuser -l $CUCKOO_USER -c "vboxmanage import ${CUCKOO_GUEST_IMAGE}"
  238.     runuser -l $CUCKOO_USER -c "vboxmanage modifyvm ${CUCKOO_GUEST_NAME} --nic1 hostonly --hostonlyadapter1 ${VIRTUALBOX_INT_NAME}"
  239.     return 0
  240. }
  241.  
  242. launch_virtualbox_vm(){
  243.     runuser -l $CUCKOO_USER -c "vboxmanage startvm ${CUCKOO_GUEST_NAME} --type headless"
  244.     return 0
  245. }
  246.  
  247. create_virtualbox_vm_snapshot(){
  248.     runuser -l $CUCKOO_USER -c "vboxmanage snapshot ${CUCKOO_GUEST_NAME} take clean"
  249.     return 0
  250. }
  251.  
  252. poweroff_virtualbox_vm(){
  253.     runuser -l $CUCKOO_USER -c "vboxmanage controlvm ${CUCKOO_GUEST_NAME} poweroff"
  254.     sleep 30
  255.     runuser -l $CUCKOO_USER -c "vboxmanage snapshot ${CUCKOO_GUEST_NAME} restorecurrent"
  256. }
  257.  
  258. update_cuckoo_config(){
  259.     # Update IP address of result server
  260.     sed -i "s/192.168.56.1/${VIRTUALBOX_INT_ADDR}/g" /home/$CUCKOO_USER/.cuckoo/conf/cuckoo.conf
  261.     sed -i "s/192.168.56.1/${VIRTUALBOX_INT_ADDR}/g" /home/$CUCKOO_USER/.cuckoo/conf/routing.conf
  262.  
  263.     # Update VM settings
  264.     sed -i "s/label = cuckoo1/label = ${CUCKOO_GUEST_NAME}/g" /home/$CUCKOO_USER/.cuckoo/conf/virtualbox.conf
  265.     sed -i "s/ip = 192.168.56.101/ip = ${CUCKOO_GUEST_IP}/g" /home/$CUCKOO_USER/.cuckoo/conf/virtualbox.conf
  266.     sed -i "/\[mongodb\]/{ N; s/.*/\[mongodb\]\nenabled = yes/; }" /home/$CUCKOO_USER/.cuckoo/conf/reporting.conf
  267.     sed -i 's/"192.168.56.1"/"${VIRTUALBOX_INT_ADDR}"/g' /home/$CUCKOO_USER/.config/VirtualBox/VirtualBox.xml
  268.     sed -i '/DHCPServer/d' /home/$CUCKOO_USER/.config/VirtualBox/VirtualBox.xml
  269. }
  270.  
  271. create_cuckoo_startup_scripts(){
  272.     $SUDO rm /root/cuckoo-start.sh
  273.     $SUDO rm /root/cuckoo-kill.sh
  274.     $SUDO echo "#!/bin/bash" >> /root/cuckoo-start.sh
  275.     $SUDO echo "# Cuckoo run script" >> /root/cuckoo-start.sh
  276.     $SUDO echo "#!/bin/bash" >> /root/cuckoo-kill.sh
  277.     $SUDO echo "# Cuckoo run script" >> /root/cuckoo-kill.sh
  278.     $SUDO echo "killall cuckoo" >> /root/cuckoo-start.sh
  279.     $SUDO echo "pkill -f 'cuckoo web runserver'" >> /root/cuckoo-start.sh
  280.  
  281.     $SUDO echo "vboxmanage dhcpserver modify --ifname $VIRTUALBOX_INT_NAME --disable" >> /root/cuckoo-start.sh
  282.     $SUDO echo "vboxmanage hostonlyif ipconfig $VIRTUALBOX_INT_NAME --ip $VIRTUALBOX_INT_ADDR --netmask $VIRTUALBOX_INT_SUBNET" >> /root/cuckoo-start.sh
  283.     $SUDO echo "iptables -A FORWARD -o $INTERNET_INT_NAME -i $VIRTUALBOX_INT_NAME -s $VIRTUALBOX_INT_NETWORK -m conntrack --ctstate NEW -j ACCEPT" >> /root/cuckoo-start.sh
  284.     $SUDO echo "iptables -A FORWARD -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT" >> /root/cuckoo-start.sh
  285.     $SUDO echo "iptables -A POSTROUTING -t nat -j MASQUERADE" >> /root/cuckoo-start.sh
  286.     $SUDO echo "sysctl -w net.ipv4.ip_forward=1" >> /root/cuckoo-start.sh
  287.  
  288.     $SUDO echo "killall cuckoo" >> /root/cuckoo-kill.sh
  289.     $SUDO echo "pkill -f 'cuckoo web runserver'" >> /root/cuckoo-kill.sh
  290.     $SUDO echo "runuser -l cuckoo -c 'cuckoo' &" >> /root/cuckoo-start.sh
  291.     $SUDO echo "runuser -l cuckoo -c 'cuckoo web runserver 0.0.0.0:8000' &" >> /root/cuckoo-start.sh
  292.     $SUDO echo "runuser -l cuckoo -c 'cuckoo api --host 0.0.0.0 --port 8090' &" >> /root/cuckoo-start.sh
  293.     $SUDO sed -i "/# By default this script does nothing./ { N; s/# By default this script does nothing./&\n\/root\/cuckoo-start.sh\n/ }" /etc/rc.local
  294.  
  295.     $SUDO chmod +x /root/cuckoo-start.sh
  296.     $SUDO chmod +x /root/cuckoo-kill.sh
  297. }
  298.  
  299. # Init.
  300.  
  301. print_copy
  302. check_viability
  303. setopts ${@}
  304.  
  305. # Load config
  306.  
  307. source config &>/dev/null
  308.  
  309. echo "Logging enabled on ${LOG}"
  310.  
  311. # Install packages
  312. run_and_log prepare_virtualbox "Getting virtualbox repo ready" "Virtualbox is running, please close it"
  313. run_and_log install_packages "Installing packages ${CUSTOM_PKGS} and ${packages[$RELEASE]}" "Something failed installing packages, please look at the log file"
  314.  
  315. # Create user and clone repos
  316. run_and_log create_cuckoo_user "Creating cuckoo user" "Could not create cuckoo user"
  317. run_and_log clone_repos "Cloning repositories" "Could not clone repos"
  318.  
  319. # Install python packages
  320. run_and_log install_python_packages "Installing python packages: ${python_packages}" "Something failed install python packages, please look at the log file"
  321.  
  322. # Install volatility
  323. run_and_log build_volatility "Installing volatility"
  324.  
  325. # Networking (latest, because sometimes it crashes...)
  326. run_and_log create_hostonly_iface "Creating hostonly interface for cuckoo"
  327. run_and_log allow_tcpdump "Allowing tcpdump for normal users"
  328.  
  329. # Preparing VirtualBox VM
  330. run_and_log import_virtualbox_vm "Importing specified VirtualBoxVM"
  331. run_and_log launch_virtualbox_vm "Launching imported VM"
  332. sleep 60
  333. run_and_log create_virtualbox_vm_snapshot "Creating snapshot 'Clean'"
  334. run_and_log poweroff_virtualbox_vm
  335.  
  336. # Configuring Cuckoo
  337. run_and_log run_cuckoo_community "Downloading community rules"
  338. run_and_log update_cuckoo_config "Updating Cuckoo config files"
  339. run_and_log create_cuckoo_startup_scripts "Creating Cuckoo startup scripts"
  340.  

Reply to "Untitled"