馬的做到有點肚爛,
通常是自己招惹自己的。
八十多台機器,慢慢 RDP 點進去也是會死人的,過去一直不理,
但機器越來越多,實在是點到有點肚爛。
突然想起 botnet,這不是我要做的事嗎?
A botnet is a collection of internet-connected computers whose security defenses have been breached and control ceded to a 3rd party. Each such compromised device, known as a "bot", is created when a computer is penetrated by software from a malware distribution; otherwise known as malicious software. The controller of a botnet is able to direct the activities of these compromised computers through communication channels formed by standards-based network protocols such as IRC (Internet Relay Chat) and HTTP (Hypertext Transfer Protocol).
所以就簡單寫 ServerDaemon 以及 ClientDaemon,ServerDaemon 就是對下面殭屍發號司令的黨政軍高層,ClientDaemon 負責執行命令就好了。至於溝通管道,用現成的 message queue service 就好了。
目前設計幾個指令:
- EXEC -- 執行程式
- FTP -- 下載檔案
- QUERY -- 查詢電腦狀態
光這樣就很多可以玩的。
例如我要更新設定檔,首先
- FTP -- 下載砍 process 的程式
- EXEC -- 執行砍 process 的程式,把正在跑的程式關掉,這樣才能重啟重新吃新的設定檔
- FTP -- 下載新的設定檔
- EXEC -- 執行剛剛正在跑的程式
((FTP 就是 downloader,這是基本 malware 技能))
((QUERY 是寫方便的))
接下來只要爽爽下指令操作殭屍就行了!!!
幹!!!
肚爛!!!
是可以解決的!!!
沒有留言:
張貼留言