Andromeda command enumeration script

1. #####
2. Andromeda Command Enumeration script
3. @tehsyntx
4. thembits.blogspot.com
5. #####
6.  
7. #!/usr/bin/env python
8.  
9. import urllib2
10. import base64
11. import struct
12. import sys
13. import re
14.  
15. def rc4_crypt( data , key ):
16.    #http://www.emoticode.net/python/python-implementation-of-rc4-algorithm.html  
17.     S = range(256)
18.     j = 0
19.     out = []
20.     for i in range(256):
21.         j = (j + S[i] + ord( key[i % len(key)] )) % 256
22.         S[i] , S[j] = S[j] , S[i]
23.  
24.     i = j = 0
25.     for char in data:
26.         i = ( i + 1 ) % 256
27.         j = ( j + S[i] ) % 256
28.         S[i] , S[j] = S[j] , S[i]
29.         out.append(chr(ord(char) ^ S[(S[i] + S[j]) % 256]))
30.          
31.     return ''.join(out)
32.  
33.  
34. if __name__ == '__main__':
35.  
36.     if len(sys.argv) < 3:
37.         print 'usage: ./andromeda.py <rc4 key> <url to gate>'
38.         print 'author: @tehsyntx'
39.         sys.exit()
40.  
41.     data = 'id:11111|bid:11111|os:FF|a:11111|rg:1111'
42.     key = sys.argv[1]
43.    
44.     if 'http://' in sys.argv[2]:
45.         url = sys.argv[2]
46.     else:
47.         url = 'http://' + sys.argv[2]
48.  
49.     pdata = base64.b64encode(rc4_crypt(data, key))
50.  
51.     try:
52.         response = urllib2.urlopen(url, pdata).read()
53.     except Exception, e:
54.         if '404' in str(e):
55.             print 'HTTP 404, this usually means that you\'ve got the wrong key'
56.         else:
57.             print 'Something went wrong, corrent key? Mistyped gate?'
58.         sys.exit()
59.  
60.     data = rc4_crypt(response[4:], struct.pack("<L", 11111))
61.     print 'Raw response:\n %s\n' % data
62.  
63.     if 'kl(' in data:
64.         procs = base64.b64decode(data[data.find('kl(') + 3:-2]).split('\0')
65.         print 'Keylog processes:'
66.         for proc in procs:
67.             if len(proc) > 0:
68.                 print ' %s' % proc
69.  
70.     if 'gn(' in data:
71.         cmdlist = base64.b64decode(data[3:data.find(')')]).split('\0')
72.     else:
73.         sys.exit()
74.  
75.     print 'Commands:'
76.     for i in range(len(cmdlist)):
77.         if len(cmdlist[i]) > 0:
78.             if '\x01' in cmdlist[i][0]:
79.                 print ' Download&Exec: %s' % cmdlist[i+3]
80.             if '\x02' in cmdlist[i][0]:
81.                 print ' Install plugin: %s' % cmdlist[i+3]
82.             if '\x03' in cmdlist[i][0]:
83.                 print ' Update bot: %s' % cmdlist[i+3]
84.             if '\x04' in cmdlist[i][0]:
85.                 print ' Delete all plugins'
86.             if '\x05' in cmdlist[i][0]:
87.                 print ' Uninstall bot'