Malware

Minegrief : Unpacking A Crafty Minecraft Malware

Self-spreading to other Minecraft servers using an extendable, module-based lateral movement system.

  • Crafty Controller Auth’d RCE – undisclosed, unpatched, intentional(?) Auth’d RCE in Crafty Controller, a panel for Minecraft server management. Check for default creds of admin:crafty or brute force.
  • SSH brute forcing – Classic SSH brute forcing, Minegrief will copy itself over SCP and execute itself if a login is successful

Persistence/stealth by “infecting” the Minecraft server jar file via manifest entry point modification

Notes

Lateral movement modules require minegriefagent to be built as a jar file, as modules will copy itself over in a jar to spread.

To Build The Agent Jarfile

Download jsch to the root directory of the repository

wget https://repo1.maven.org/maven2/com/github/mwiede/jsch/0.2.17/jsch-0.2.17.jar
unzip jsch-0.2.17.jar

Run this from the root of the repository

rm -rf build-manual
mkdir build-manual
find agent -name '*.java' > sources.txt
<JAVA 1.8 DIR>/bin/javac -d build-manual @sources.txt
cp -r com/jcraft build-manual/com
echo 'Manifest-Version: 1.0\nMain-Class: net.minecraft.bundler.Backdoor\nBundler-Format: 1.0' > manifest.txt
<JAVA 1.8 DIR>/bin/jar cvfm malware.jar manifest.txt -C build-manual .

Run it

<JAVA 1.8 DIR>/bin/java -jar malware.jar

To Build The Server Jarfile

Run this from the root of the repository

rm -rf build-manual
mkdir build-manual
find server -name '*.java' > sources.txt
<JAVA 1.8 DIR>/bin/javac -d build-manual @sources.txt
echo 'Manifest-Version: 1.0\nMain-Class: com.chebuya.minegriefserver.Main\nBundler-Format: 1.0' > manifest.txt
<JAVA 1.8 DIR>/bin/jar cvfm c2-server.jar manifest.txt -C build-manual .
Varshini

Varshini is a Cyber Security expert in Threat Analysis, Vulnerability Assessment, and Research. Passionate about staying ahead of emerging Threats and Technologies.

Leave a Comment
Share
Published by
Varshini
Tags: cybersecurityinformationsecuritykalilinuxkalilinuxtoolsMinegrief
1 year ago

Recent Posts

Check Ubuntu Version Using Simple Linux Commands

Knowing how to Check Ubuntu Version details is essential for system administration, troubleshooting, and software…

3 hours ago

Create Sudo User on Ubuntu for Secure Admin Access

Managing a Linux server becomes much safer when you Create Sudo User accounts instead of…

6 hours ago

List Installed Packages on Ubuntu Like a Pro

Managing software on Linux becomes much easier when you know how to List Installed Packages…

7 hours ago

How To Use Variables In Bash Scripts

Introduction Variables are one of the most important basics of Bash scripting. A variable is…

1 day ago

How To Run A Bash Script In Linux Step By Step

Introduction Running a Bash script in Linux is a basic but important skill for anyone…

1 day ago

How To Write Your First Bash Script In Linux Step By Step

Introduction Writing your first Bash script in Linux is one of the best ways to…

1 day ago