Busybox provides a lightweight version of common command line utilities normally found on “big” Linux into a single binary, in order to bring them to embedded systems with limited memory and storage. As more and more embedded systems are now connected to the Internet, or as they are called nowadays the Internet of Things nodes, adding security tools, such as cryptographic utilities, could prove useful for administrators of such system, and so BusyBotNet project wsa born out of a fork of Busybox.
Some of the tools implemented include:
- fenc to encrypt stuff with salsa algo
- tsh. needs work, backdoor shell aes enc
- rathole backdoor shell, blowfish enc
- ssyn2 ddos tool
- sudp udp ddos tool
- jshon sh wrapper for json
- hydra
- prism userspace icmp triggered reverse shell backdoor
You can access the source code and instructions on busyboxnet github repo.
I’ve quickly tried it in my AMD x86 computer running Ubuntu 14.04 using BusyBotNet default settings:
1 2 3 |
git clone https://github.com/isdrupter/busybotnet cd busybotnet make -j8 |
You could run make menuconfig to add or remove the tools as needed.
The resulting binary was 3.1MB large, and compiled with the defined functions:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 |
./busybox BusyBox v1.24.1 (2016-06-20 10:45:31 ICT) multi-call binary. BusyBox is copyrighted by many authors between 1998-2015. Licensed under GPLv2. See source distribution for detailed copyright notices. Usage: busybox [function [arguments]...] or: busybox --list[-full] or: busybox --install [-s] [DIR] or: function [arguments]... BusyBox is a multi-call binary that combines many common Unix utilities into a single executable. Most people will create a link to busybox for each function they wish to use and BusyBox will act like whatever it was invoked as. Currently defined functions: [, [[, acpid, add-shell, addgroup, adduser, adjtimex, aescrypt, arp, arping, ash, awk, base64, basename, beep, beer, bindtty, blkid, blockdev, boink, bonk, bootchartd, brctl, bunzip2, bzcat, bzip2, cal, cat, catv, chat, chattr, chgrp, chmod, chown, chpasswd, chpst, chroot, chrt, chvt, cksum, clear, cmp, coke, comm, conseal, conspy, cp, cpio, crond, crontab, crypthash, cryptpw, cttyhack, cut, date, dc, dcd3c, dd, deallocvt, delgroup, deluser, depmod, devmem, df, dhclient, dhcprelay, dhgenprime, diff, dirname, dmesg, dnsamp, dnsd, dnsdomainname, dos2unix, dpsc, dpss, du, dumpkmap, dumpleases, ecdsa, echo, ed, egrep, eject, env, envdir, envuidgid, ether-wake, expand, expr, fakeidentd, false, fatattr, fbset, fbsplash, fdflush, fdformat, fdisk, fenc, fgconsole, fgrep, find, findfs, flock, fold, free, freeramdisk, fsck, fsck.minix, fstrim, fsync, ftpd, ftpget, ftpput, fuser, genericsum, genkey, getopt, getty, gewse, gewse5, grep, groups, gunzip, gzip, halt, hd, hdparm, head, hexdump, hole, hostid, hostname, httpd, hush, hwclock, hydra, i2cdetect, i2cdump, i2cget, i2cset, id, ifconfig, ifdown, ifenslave, ifplugd, ifup, inetd, init, insmod, install, ionice, iostat, ip, ipaddr, ipcalc, ipcrm, ipcs, iplink, iproute, iprule, iptunnel, jolt, jshon, kbd_mode, kill, killall, killall5, kissofdeath, kkill, klogd, knbot, land, last, latierra, less, linux32, linux64, linuxrc, lizbot, lizserv, ln, loadfont, loadkmap, logger, login, logname, logread, losetup, lpd, lpq, lpr, ls, lsattr, lsmod, lsof, lspci, lsusb, lzcat, lzma, lzop, lzopcat, makedevs, makemime, man, md5sum, mdev, mesg, microcom, mkdir, mkdosfs, mke2fs, mkfifo, mkfs.ext2, mkfs.minix, mkfs.vfat, mknod, mkpasswd, mkswap, mktemp, modinfo, modprobe, more, mount, mountpoint, mpstat, mqsh, mqtte, mt, mv, nameif, nanddump, nandwrite, nbd-client, nc, nestea, netscan, netstat, newtear, nice, nmeter, nohup, nslookup, ntpd, ntpdos, od, openvt, orgasm, ottf, passwd, patator, patch, pgrep, pidof, ping, ping6, pipe_progress, pivot_root, pkdecrypt, pkencrypt, pkill, pksign, pmap, pong, popmaildir, poweroff, powertop, printenv, printf, prism, proxcat, ps, pscan, pstree, pubclient, pud, pwd, pwdx, raidautorun, raped, rdate, rdev, readahead, readlink, readprofile, realpath, reboot, reformime, remove-shell, renice, reset, resize, rev, rfkill, rm, rmdir, rmmod, route, rpm, rpm2cpio, rsadecrypt, rsaencrypt, rsagenkey, rsasign, rsaverify, rtcwake, run-parts, runlevel, runsv, runsvdir, rx, script, scriptreplay, sed, sendmail, seq, setarch, setconsole, setfont, setkeycodes, setlogcons, setserial, setsid, setuidgid, sh, sha1sum, sha256sum, sha3sum, sha512sum, showkey, shuf, slattach, sleep, smemcap, snmpdos, sockstress, softlimit, sort, spiffit, sping, split, ssyn2, start-stop-daemon, stat, stream, strings, stty, su, subclient, sudp, sulogin, sum, sv, svlogd, swapoff, swapon, switch_root, sync, synk4, synscan, sysctl, syslogd, tac, tail, tar, tcpsvd, teardrop, tee, telnet, telnetd, test, tftp, tftpd, time, timeout, top, torloris, touch, tr, traceroute, traceroute6, true, truncate, tsh, tshd, tty, ttysize, tunctl, ubiattach, ubidetach, ubimkvol, ubirmvol, ubirsvol, ubiupdatevol, udhcpc, udhcpd, udpdata, udpspoof, udpsvd, uevent, umount, uname, unexpand, uniq, unix2dos, unlink, unlzma, unlzop, unxz, unzip, uptime, users, usleep, uudecode, uuencode, vconfig, vi, vlock, volname, wall, watch, watchdog, wc, wget, which, who, whoami, whois, wingatecrash, xargs, xersex, xersextcp, xz, xzcat, yes, zcat, zcip |
The promised tools are indeed installed:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 |
./busybox hydra Hydra v8.2-dev (c) 2016 by van Hauser/THC - Please do not use in military or secret service organizations, or for illegal purposes. ... ./busybox ssyn2 Invalid parameters! Spoofed SYN Flooder v1.6.1 FINAL by ohnoes1479 Usage: ssyn2 <target IP/hostname> <port to be flooded> <number threads to use> <time (optional)> ./busybox sudp Invalid parameters! Spoofed UDP Flooder v2.5.3 FINAL by ohnoes1479 Usage: sudp <target IP/hostname> <port to be flooded> <throttle (lower is faster)> <number threads to use> <time (optional)> |
Loading this version of busybox in shipping products could seriously backfire if your device is hacked, so I guess some of the tools would have to be disabled, or/and only be used for internal testing.
Via n0where
Jean-Luc started CNX Software in 2010 as a part-time endeavor, before quitting his job as a software engineering manager, and starting to write daily news, and reviews full time later in 2011.
Support CNX Software! Donate via cryptocurrencies, become a Patron on Patreon, or purchase goods on Amazon or Aliexpress
It would be handy to have this busybox as a static binary or package for all openwrt/lede supported arches.
Hello, I am one of the authors of busybotnet. We appreciate the publicity. We are looking for talented C coders, so please do work with us on github if you like our project and can code! You can reach us at [email protected] if you have questions. Thanks for covering us. zoobab : It would be handy to have this busybox as a static binary or package for all openwrt/lede supported arches. Busybotnet is compiled statically by default (I think), make sure you set the static build option in make menuconfig if not. There are a couple of binaries prebuilt in… Read more »