Skip to content

Painful IT bot

TwitcHack

  • Boss / party system into this game

    • where the streamer is the boss with set hit points
    • viewers attack and also have hit points
    • Chat rolling ~d20 to land an attack
    • it chat rolls fail, they take damage.
    • if chat rolls succeed, you take damage
    • When I roll then a random viewer is selected for damage
    • ticker that heals both chat and the streamer over time
    • chat rolls
      • over 12
      • 19+ rolls land a critical blow
      • hp scale

  • Points System

    • Players earn points/items for successful attacks
      • Successful attacks with be determined randomly
      • points are tiered random amount
      • and/or random item
    • Players lose points for failed attempts or getting caught.
  • Leveling Up:
    • Players can level up
    • Unlocking more advanced commands and abilities.
    • fix leveling, losing points then leveling again
  • Leaderboards:
    • Display top players based on points.

  • Random Events:

    • Introduce random events that can help or hinder players
    • Windows and/or Linux updates
      • all firewalls deactivate
    • (e.g., security updates, user errors).

  • Movement to location

      • System command once at location
  • !hack - shows location
  • !hack email
  • !hack /etc/shadow
  • !hack website
  • !hack database
  • !hack server
  • !hack network
  • !hack evilcorp

Locations & Attacks

  • Locations
    • *Attacks
  • Email - Target email accounts and perform phishing attacks.
    • !phish: Perform a phishing attack.
    • !spoof: Send an email from a spoofed address.
    • !dump: Dump all emails from a compromised account.
  • /etc/shadow - Access and crack hashed passwords.
    • !crack: Crack hashed passwords.
    • !stealth: Hide your tracks by modifying log files.
    • !bruteforce: Perform a brute force attack on password hashes.
  • Website - Target websites to find vulnerabilities.
    • !burp: Scan for vulnerabilities using Burp Suite techniques.
    • !sqliw: Perform an SQL injection attack.
    • !xss: Execute a cross-site scripting attack.
  • Database - Access and manipulate databases.
    • !dumpdb: Dump all data from the database.
    • !sqlidb: Perform an SQL injection.
    • !admin: Try to escalate privileges to gain admin access.
  • Server - Gain control over servers to execute commands.
    • !revshell: Gain a reverse shell on the server.
    • !root: Attempt to escalate privileges to root.
    • !ransom: Encrypt files and demand a ransom.
  • Network - Monitor and intercept network traffic.
    • !sniff: Capture and analyze network traffic.
    • !mitm: Perform a man-in-the-middle attack.
    • !ddos: Launch a distributed denial-of-service attack.
  • EvilCorp - Physical engagement
    • !drop: USB drop attack in the breakroom, parking lot and l
    • !tailgate: Hold 2 boxes of donuts, pretend you are on the phone and hope someone holds the door open for you.
    • !socialengineer: Wear a fake badge and act like you own the place

Defense and Countermeasures

  • !firewall [location]: Set up a firewall to protect a location.
  • !patch [location]: Apply security patches to a location, slows down next attack
  • !monitor [location]: Monitor a location for suspicious activity.
  • !encrypt [location]: Encrypt sensitive data at a location.

Easter Eggs

  • Successful !phish against brad.theodore@gmail.com drops rare item
  • Random items drop