Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- __author__ = 'Guy'
- import socket
- from sys import *
- import re
- import subprocess
- import os
- import sys
- from SocketServer import ThreadingMixIn
- import thread
- #from timeit import default_timer as timer
- import time
- import random
- import platform
- import urllib2
- from PIL import ImageGrab
- import shutil
- import glob
- import fnmatch
- import win32com.shell.shell as shell
- '''
- [+] - for tcp server activations (bind, listen, accept)
- [$] - for client activations(send, recieve)
- [!] - errors
- [&] - computer did an action (move cd, remove file, etc.)
- [?] - ask client for permission (remove file, remove directory)
- '''
- PORT = 8880
- IP = '127.0.0.1'
- BUFFER_SIZE = 1024
- start_time = 0
- request_types = ["ECHO_1","GIVEIP_1","UPTIME_1","WHOAMI_1","MOVETO_1","RUN_1","PRINTF_1","GOAWAYF_1","GOAWAYD_1","MAKEF_1","MAKED_1","COPYF_1","EXEC_1","DL_1","PING_1","GET_1","SCREENSHOT_1", "ERROR_1", "CONNECT_1"]
- respond_types = ["ECHO_0","GIVEIP_0","UPTIME_0","WHOAMI_0","MOVETO_0","RUN_0","PRINTF_0","GOAWAYF_0","GOAWAYD_0","MAKEF_0","MAKED_0","COPYF_0","EXEC_0","DL_0","PING_0","GET_0","SCREENSHOT_0", "ERROR_0", "CONNECT_0"]
- names = ["Moses", "Abraham", "Jacob", "Joseph", "Aaron", "Abel", "Ahab", "Benjamin", "Daniel", "Ethan", "Jonah", "Joshua", "Matthew", "Nathan", "Samuel", "Simon"]
- names_dict= {}
- def main():
- '''server = socket.socket()
- server.bind((IP, PORT))'''
- start_time = time.time()
- if not os.path.isdir("ScreenShots"):
- os.mkdir("ScreenShots")
- if not os.path.isfile("passwords.txt"):
- with open("passwords.txt", 'w') as pass_file:
- #print "enter username:"
- username = raw_input("enter username:")
- password = raw_input("enter password:")
- data = username + "," + password
- pass_file.write(data)
- admin = False
- if admin:
- respond = shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe')
- #print urllib2.urlopen("http://www.google.com").read()
- tcp_server = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
- tcp_server.setsockopt(socket.SOL_SOCKET, socket.SO_REUSEADDR, 1)
- tcp_server.bind((IP, PORT))
- threads = []
- print "[+]binding successful"
- while True:
- tcp_server.listen(4)
- print "[+]listening..."
- client_soc, client_address = tcp_server.accept()
- thread.start_new_thread(handle_client, (client_soc, client_address))
- #new_thread.start()
- #threads.append(new_thread)
- for t in threads:
- t.join()
- def handle_client(client_soc,client_address):
- print "[+]new connection, socket:", client_soc, ",ip:", client_address[0], \
- ",port:", client_address[1]
- #names_dict[client_soc] = client_name #add client to names dictionary by his socket
- connected = False
- while not connected:
- client_data = recieve_input(client_soc, BUFFER_SIZE)
- msg_type, args = parse_request(client_data)
- connected = connect(client_soc, args)
- respond = ""
- if (connected == True):
- respond = "yes"
- else:
- respond = "no"
- send_to_client(client_soc, "CONNECT_0", respond)
- names_dict[client_soc] = args[0]
- #send_to_client(client_soc, respond)
- while True:
- client_data = recieve_input(client_soc, BUFFER_SIZE)
- msg_type, args = parse_request(client_data)
- handle_request(client_soc, msg_type, args)
- def connect(client_soc, args):
- if(len(args) == 2):
- with open("passwords.txt", 'r') as pass_file:
- lines = pass_file.read().split("\n")
- connect_dict = {}
- for line in lines:
- username, password = line.split(",")
- if username == args[0] and password == args[1]:
- return True
- return False
- else:
- return False
- def recieve_input(client_soc, buffer_size):
- client_data = client_soc.recv(buffer_size)
- #client_data = raw_input()
- print "[$]msg from socket:", client_soc, ", msg:", client_data
- return client_data
- def parse_request(requset_str): #type, num of args, args, data
- param_list = requset_str.split(r"\x")
- MIN_NUM_OF_PARAMETERS = 2
- if len(param_list) < MIN_NUM_OF_PARAMETERS:
- print "[!]not enough parameters"
- return "",0,[]
- msg_type = param_list[0]
- if msg_type not in request_types:
- print "[!]unknown msg type"
- return "",0,[]
- num_of_args = int(param_list[1])
- args_list = []
- if num_of_args > 0:
- args_list = param_list[2:]
- print"[$]type:", msg_type, ", args:", args_list
- return msg_type, args_list
- def handle_request(client_soc, msg_type, args):
- '''
- "ECHO_1"
- "GIVEIP_1"
- "UPTIME_1"
- "WHOAMI_1"
- "MOVETO_1"
- "RUN_1"
- "PRINTF_1"
- "GOAWAYF_1"
- "GOAWAYD_1"
- "MAKEF_1"
- "MAKED_1"
- "COPYF_1"
- "EXEC_1"
- "DL_1"
- "PING_1"
- "GET_1"
- "SCREENSHOT_1"
- "ERROR_1"
- '''
- if(msg_type == "ECHO_1" and len(args) > 0):
- msg_echo(client_soc, args)
- elif (msg_type == "GIVEIP_1" and len(args) == 0):
- msg_give_ip(client_soc, args)
- elif (msg_type == "UPTIME_1" and len(args) == 0):
- msg_up_time(client_soc, args)
- elif (msg_type == "WHOAMI_1" and len(args) == 0):
- msg_who_am_i(client_soc, args)
- elif (msg_type == "MOVETO_1" and len(args) == 1):
- msg_move_to(client_soc, args)
- elif (msg_type == "RUN_1" and len(args) == 1):
- msg_run(client_soc, args)
- elif (msg_type == "PRINTF_1" and len(args) == 1):
- msg_printf(client_soc, args)
- elif (msg_type == "GOAWAYF_1" and len(args) == 1):
- msg_go_away_f(client_soc, args)
- elif (msg_type == "GOAWAYD_1" and len(args) == 1):
- msg_go_away_d(client_soc, args)
- elif (msg_type == "MAKEF_1" and len(args) == 1):
- msg_make_f(client_soc, args)
- elif (msg_type == "MAKED_1" and len(args) == 1):
- msg_make_d(client_soc, args)
- elif (msg_type == "COPYF_1" and len(args) == 2):
- msg_copyf(client_soc, args)
- elif (msg_type == "EXEC_1"and len(args) == 1):
- msg_exec(client_soc, args)
- elif (msg_type == "DL_1" and len(args) == 1):
- msg_dl(client_soc, args)
- elif (msg_type == "PING_1" and len(args) == 1):
- msg_ping(client_soc, args)
- elif (msg_type == "GET_1" and len(args) == 1):
- msg_get(client_soc, args)
- elif (msg_type == "SCREENSHOT_1" and len(args) == 0):
- msg_screenshot(client_soc, args)
- elif (msg_type == "ERROR_1"):
- if(len(args) == 0):
- args += "" # args[0] = ""
- print"[!]client from socket:", client_soc, "sent error -", args[0]
- else:
- error_type = ""
- if(msg_type == ""):
- error_type = "unknown msg type"
- else:
- print "[!]incorrect arguments for", msg_type, "request"
- error_type = "incorrect arguments for msg type"
- msg_error(client_soc,error_type)
- def send_to_client(client_soc, msg_type, data):
- data_to_client = msg_type + r"\x"
- print "[$]send to socket:", client_soc, "msg. type:", msg_type, "data:", data[:100]
- data_to_client += str(data)
- client_soc.send(data_to_client)
- #print "data to client:", data_to_client
- def msg_error(client_soc, error_type):
- send_to_client(client_soc, "ERROR_0", error_type)
- def msg_echo(client_soc, args):
- send_to_client(client_soc, "ECHO_0", args[0])
- def msg_give_ip(client_soc, args):
- ip = socket.gethostbyname(socket.gethostname())
- send_to_client(client_soc, "GIVEIP_0", ip)
- def msg_up_time(client_soc, args): #sends the time since it's started running in seconds
- end_time = time.time()
- time_elapsed = end_time - start_time
- send_to_client(client_soc, "UPTIME_0", time_elapsed)
- def msg_who_am_i(client_soc, args): #TD
- client_name = names_dict[client_soc]
- os_info = platform.system() + " " + platform.release() + " " + platform.version() #td
- os_path = os.pathsep #TD
- str_msg = "You are the username \"" + client_name + "\", Running \"" + os_info + \
- "\" installed in \"" + os_path + "\""
- send_to_client(client_soc, "WHOAMI_0", str_msg)
- def msg_move_to(client_soc, args):
- cd_path = args[0]
- respond = "moved cd"
- try:
- os.chdir(cd_path)
- except:
- respond = "not " + respond
- print "[&]" + respond + " to", cd_path
- send_to_client(client_soc, "MOVETO_0", respond)
- def msg_run(client_soc, args):
- output = ""
- command = args[0]
- try:
- output = help_run_cmd(command)
- print output
- except:
- output = "command doesn't exist"
- send_to_client(client_soc, "RUN_0", output)
- def msg_printf(client_soc, args):
- file_name = args[0]
- file_data = ""
- with open(file_name, 'r') as myfile:
- file_data = myfile.read()
- print "[&]printing text of", file_name, ":"
- print file_data
- help_send_file(client_soc, file_name, "PRINTF_0")
- def msg_go_away_f(client_soc, args):
- file_name = args[0]
- respond = help_remove_file_or_dir(client_soc ,file_name, "d_file")
- send_to_client(client_soc, "GOAWAYF_0", respond)
- def msg_go_away_d(client_soc, args):
- dir_name = args[0]
- respond = help_remove_file_or_dir(client_soc ,dir_name, "d_directory")
- send_to_client(client_soc, "GOAWAYD_0", respond)
- def msg_make_f(client_soc, args):
- file_name = args[0]
- respond = ""
- #if os.path.isfile(file_name):
- respond = help_remove_file_or_dir(client_soc ,file_name, "m_file")
- if(respond == "not exist" or respond == "deleted"):
- open(file_name, 'w')
- respond = "created"
- elif respond == "not deleted":
- respond = "not created"
- send_to_client(client_soc, "MAKEF_0", respond)
- def msg_make_d(client_soc, args):
- dir_name = args[0]
- respond = ""
- #if os.path.isdir(dir_name):
- respond = help_remove_file_or_dir(client_soc ,dir_name, "m_directory")
- if(respond == "not exist" or respond == "deleted"):
- os.mkdir(dir_name)
- respond = "created"
- elif respond == "not deleted":
- respond = "not created"
- send_to_client(client_soc, "MAKED_0", respond)
- def msg_copyf(client_soc, args):
- copied_file_name = args[0]
- deleted_file_name = args[1]
- #respond = remove_file_or_dir(client_soc ,dir_name, "d_directory")
- file_data = ""
- respond = ""
- try:
- if(not os.path.isfile(copied_file_name)):
- respond = "file 1 not exist"
- else:
- with open(copied_file_name, 'r') as copied_file:
- file_data = copied_file.read()
- deleted_file = open(deleted_file_name, 'w')
- deleted_file.write(file_data)
- respond = "copied"
- except:
- respond = "not copied"
- send_to_client(client_soc, "COPYF_0", respond)
- def msg_exec(client_soc, args):
- file_name = args[0]
- #str(file_name).replace("\\", "\\\\")
- respond = ""
- if(help_is_exe(file_name)):
- try:
- output = help_run_cmd(file_name)
- except:
- respond = "couldn't run file"
- else:
- respond = "file is not exe"
- send_to_client(client_soc, "EXEC_0", respond)
- def msg_dl(client_soc, args):
- file_name = args[0]
- help_send_file(client_soc, file_name, "DL_0")
- def msg_ping(client_soc, args):
- destination = args[0]
- response = help_run_cmd("ping " + destination)
- send_to_client(client_soc, "PING_0", response)
- def msg_get(client_soc, args):
- destination = args[0]
- if not r"http://" in str(destination):
- destination = r"http://" + destination
- response = urllib2.urlopen(destination).read()
- send_to_client(client_soc, "GET_0", response)
- def msg_screenshot(client_soc, args):
- file_path = "ScreenShots\\" + time.strftime("%Y%m%d-%H%M%S") + ".png"
- ImageGrab.grab().save(file_path, "JPEG")
- help_send_file(client_soc, file_path, "SCREENSHOT_0")
- #send_to_client(client_soc, "SCREENSHOT_0", response)
- #########################################################################################
- #################### ####################
- #################### ####################
- #################### Help ####################
- #################### Functions ####################
- #################### ####################
- #################### ####################
- #########################################################################################
- def help_remove_file_or_dir(client_soc, _path, _type):
- respond = ""
- answer = "no"
- msg_type = ""
- if(_type == "m_file"):
- msg_type = "MAKEF_0"
- elif(_type == "m_directory"):
- msg_type = "MAKED_0"
- if(((_type == "d_file" or _type == "m_file") and os.path.isfile(_path)) or \
- ((_type == "d_directory" or _type == "m_directory")and os.path.isdir(_path))):
- if _type == "m_file"or _type == "m_directory":
- print "[?] wait for agreement of client..."
- send_to_client(client_soc, msg_type, "exist")
- msg_type, args = parse_request(recieve_input(client_soc, BUFFER_SIZE))
- answer = ""
- if (len(args) > 0 and ((_type == "m_file" and msg_type == "MAKEF_1") or\
- (_type == "m_directory" and msg_type == "MAKED_1"))):
- answer = args[0]
- print"[?]client returned:", answer
- else:
- answer = "yes"
- else:
- send_to_client(client_soc, msg_type, "not exist")
- return "not exist"
- if(answer == "yes"):
- respond = help_delete_os(_type, _path)
- else:
- respond = "not deleted"
- return respond
- def help_delete_os(_type, _path):
- try:
- if(_type[2:] == "file"):
- os.remove(_path)
- else:
- help_delete_files_in_directory(_path)
- os.rmdir(_path)
- print "[&]", _type[2:], "deleted"
- respond = "deleted"
- except OSError as detail:
- print "[!]", _type[2:], "not deleted"
- print"[!]Error details - ", detail.errno
- respond = "not deleted"
- pass
- return respond
- def help_delete_files_in_directory(_path):
- if(os.path.isdir(_path)):
- file_list = os.listdir(_path)
- os.chdir(_path)
- for file in file_list:
- if(os.path.isdir(file)):
- help_delete_files_in_directory(file)
- os.rmdir(file)
- else:
- os.remove(file)
- os.chdir("..")
- def help_is_exe(file_path):
- return os.path.exists(file_path) and \
- ((file_path.split('.')[-1]) == "exe" or not '.' in file_path)
- def help_send_file(client_soc, file_name, msg_type):
- read = 'r'
- if(msg_type == "SCREENSHOT_0"):
- read = 'rb'
- with open(file_name, read) as file:
- file_data = file.read() + r"\y\y\y"
- file_len = len(file_data)
- start = 0
- if(file_len < 1024):
- end = file_len
- else:
- end = 1024
- while start < end:
- msg = file_data[start : end]
- start = end
- if(end + 1024 > file_len):
- end = file_len
- else:
- end += 1024
- send_to_client(client_soc, msg_type, msg)
- def help_run_cmd(command):
- respond = ""
- try:
- respond = subprocess.check_output(command, shell = True)
- #respond = subprocess.call(['runas', '/user:Administrator', command])
- '''respond = shell.ShellExecuteEx(lpVerb='runas', lpFile='cmd.exe', lpParameters='/c '+command)'''
- except:
- respond = ""
- return respond
- def help_int_to_str(num, length):
- return str(num).zfill(length - 1)
- if __name__ == "__main__":
- main()
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement