{"id":21471806,"url":"https://github.com/brianredbeard/toorcon16","last_synced_at":"2025-07-15T08:31:31.394Z","repository":{"id":22454490,"uuid":"25792989","full_name":"brianredbeard/toorcon16","owner":"brianredbeard","description":"Assets related to the Toorcon 16 talk \"Linux containers as a rapid deployment attack mechanism\"","archived":false,"fork":false,"pushed_at":"2014-10-27T00:14:01.000Z","size":1016,"stargazers_count":7,"open_issues_count":0,"forks_count":4,"subscribers_count":1,"default_branch":"master","last_synced_at":"2025-04-09T00:41:30.726Z","etag":null,"topics":[],"latest_commit_sha":null,"homepage":null,"language":"C","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/brianredbeard.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2014-10-26T22:05:27.000Z","updated_at":"2019-10-29T06:47:19.000Z","dependencies_parsed_at":"2022-08-20T14:50:15.892Z","dependency_job_id":null,"html_url":"https://github.com/brianredbeard/toorcon16","commit_stats":null,"previous_names":[],"tags_count":0,"template":false,"template_full_name":null,"purl":"pkg:github/brianredbeard/toorcon16","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Ftoorcon16","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Ftoorcon16/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Ftoorcon16/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Ftoorcon16/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/brianredbeard","download_url":"https://codeload.github.com/brianredbeard/toorcon16/tar.gz/refs/heads/master","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/brianredbeard%2Ftoorcon16/sbom","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":265419694,"owners_count":23761858,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":[],"created_at":"2024-11-23T09:45:44.021Z","updated_at":"2025-07-15T08:31:31.005Z","avatar_url":"https://github.com/brianredbeard.png","language":"C","funding_links":[],"categories":[],"sub_categories":[],"readme":"# Linux containers as a rapid deployment attack mechanism\n\nThis repository contains assets related to the talk of the above name presented\nat Toorcon 16 on October 26th, 2014.\n\n## About\n\nLinux containers represent a self contained application which brings the \nuserland required for execution.  When utilized as an attack mechanism it\nrepresents a simple method for deploying a lightweight tool to a large number\nof machines.\n\nFor this demonstration we have two primary containers, an IRC daemon which acts\nas a command and control coordination point and a worker which will execute\ncommands as issued to the IRC server.\n\n**Note**: The files here are provided for educational purposes to demonstrate a\nproof of concept.  These tools should only be used with systems which you fully\ncontrol.\n\n## Directions\n\n### Setup the IRC daemon\n\nTo spawn the IRC daemon simply run the following command from a docker enabled\nhost:\n\n```\n$ docker run -p 6667:6667 -e NGIRCD_CONF_URL=http://fpaste.org/145254/14143107/raw/ \\\n  quay.io/brianredbeard/ngircd\n```\nThis will spawn a listener which reads the configuration from the listed file\nhosting service.  This file is also located in the `ngircd` directory as\n`ngircd.conf`.\n\n### Setup the listeners\n\nTo spawn the listeners you will need to supply the environment variable\n`KAITEN_SERVER` to the process when it runs.  This could be done at the command\nline by exporting a variable, prefixing the command with the variable (i.e.\n`$ KAITEN_SERVER=127.0.0.1 ./kaiten`), and the third option (in the case of\ndocker) is to pass the flag `-e KAITEN_SERVER=127.0.0.1` option to your `docker\nrun` command.\n\n```\n$ docker run -e KAITEN_SERVER=127.0.0.1 quay.io/brianredbeard/kaiten\n```\n\nBy default, the Kaiten binary included here will attempt to connect to the IRC\nchannel \"#gopherjams\".  \n\n## Building from scratch\n\n### IRCD\n\nThis container was built using [buildroot](http://www.buildroot.org). Buildroot\nis designed for building lightweight Linux distributions. In this case we use\nit to build a base image from which we base the rest of our IRC daemon.\n\nFirst, download the latest version of buildroot from\n[http://www.buildroot.org/downloads/](http://www.buildroot.org/downloads/)\nUntar this to a working directory and copy the configuration file\n`br-ircd.config` into the buildroot directory as the name `.config`.  After this\nhas been completed run the command:\n\n```bash\n$ make\n```\n\nThis will download and compile all components needed to build a base image from\nwhich our IRC server will be run.\n\nWhen the compile is complete, the resulting file will be at the following\nlocation within the buildroot directory: `output/images/rootfs.tar`.\n\nCopy this file to a temporary location with the name `ircd.tar`.\n\nNow, if we're using docker we can load this file into our repository via the\ncommand:\n\n```bash\n$ cat ircd.tar | docker import - -t ircd:base\n```\n\nNow we can use this with the `Dockerfile` provided to build into a quickly\ndeployable tool.\n\nTo do this change into the directory `ngircd` within this repository and run\nthe command:\n\n```bash\n$ docker build -t ircd:1.0 .\n```\n\nThe resulting image will be tagged as `ircd:1.0` and can be spawned with the\nfollowing command:\n\n```bash\n$ docker run -t -i -p 6667:6667 ircd:1.0\n```\n\nFurther modification of this image can be assertained by analyzing the \n`Dockerfile` and related assets as well as by referencing the upstream docker\ndocumentation.\n\n### Kaiten\n\nThe build of a Kaiten container happens in two parts, first we have to build\nthe Kaiten binary then we will need to add it a base container.\n\n#### Kaiten binary build\n\nThe build of Kaiten is very simple.  It should be possible using any modern C\ncompiler.  For our purposes we will use GCC.\n\nChange into the `kaiten` subdirectory of this repository and run the command:\n\n```bash\n$ gcc -o kaiten -lm kaiten.c\n```\n\n#### Kaiten container build\n\nThis container was built using [buildroot](http://www.buildroot.org). Buildroot\nis designed for building lightweight Linux distributions. In this case we use\nit to build a base image from which we base the rest of our IRC daemon.\n\nFirst, download the latest version of buildroot from\n[http://www.buildroot.org/downloads/](http://www.buildroot.org/downloads/)\nUntar this to a working directory and copy the configuration file\n`br-kaiten.config` into the buildroot directory as the name `.config`.  After this\nhas been completed run the command:\n\n```bash\n$ make\n```\n\nThis will download and compile all components needed to build a base image from\nwhich we can further modify.\n\nWhen the compile is complete, the resulting file will be at the following\nlocation within the buildroot directory: `output/images/rootfs.tar`.\n\nCopy this file to a temporary location with the name `base.tar`.\n\nNow, if we're using docker we can load this file into our repository via the\ncommand:\n\n```bash\n$ cat ircd.tar | docker import - -t base:base\n```\n\nNow we can use this with the `Dockerfile` provided to build into a quickly\ndeployable tool.\n\nTo do this change into the directory `kaiten` within this repository and run\nthe command:\n\n```bash\n$ docker build -t kaiten:1.0 .\n```\n\nThe resulting image will be tagged as `kaiten:1.0` and can be spawned with the\nfollowing command:\n\n```bash\n$ docker run -t -i -e KAITEN_SERVER kaiten:1.0\n```\n\nFurther modification of this image can be assertained by analyzing the \n`Dockerfile` and related assets as well as by referencing the upstream docker\ndocumentation.\n","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianredbeard%2Ftoorcon16","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fbrianredbeard%2Ftoorcon16","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fbrianredbeard%2Ftoorcon16/lists"}